commit 06fa67c8d3b2e68df45b34b315dd26193f45645a
author Adam Langley <agl@google.com> Tue Sep 08 16:31:33 2015 -0700
committer Adam Langley <agl@google.com> Tue Sep 08 23:32:48 2015 +0000
tree 07ef64d0a29459db89b6a7a0b63e53e4144b5c27
parent 8f1c268692d39995245898676ec4fc72e385806f

Stop using |ERR_peek_last_error| in RSA blinding.

History has shown there are bugs in not setting the error code
appropriately, which makes any decision making based on
|ERR_peek_last_error|, etc. suspect. Also, this call was interfering
with the link-time optimizer's ability to discard the implementations of
many functions in crypto/err during dead code elimination.

Change-Id: Iba9e553bf0a72a1370ceb17ff275f5a20fca31ec
Reviewed-on: https://boringssl-review.googlesource.com/5748
Reviewed-by: Adam Langley <agl@google.com>

include/openssl/bn.h

diff --git a/include/openssl/bn.h b/include/openssl/bn.h
index 7edb778..0a1f5e5 100644
--- a/include/openssl/bn.h
+++ b/include/openssl/bn.h
@@ -706,6 +706,14 @@
 OPENSSL_EXPORT BIGNUM *BN_mod_inverse(BIGNUM *out, const BIGNUM *a,
                                       const BIGNUM *n, BN_CTX *ctx);
 
+/* BN_mod_inverse_ex acts like |BN_mod_inverse| except that, when it returns
+ * zero, it will set |*out_no_inverse| to one if the failure was caused because
+ * |a| has no inverse mod |n|. Otherwise it will set |*out_no_inverse| to
+ * zero. */
+OPENSSL_EXPORT BIGNUM *BN_mod_inverse_ex(BIGNUM *out, int *out_no_inverse,
+                                         const BIGNUM *a, const BIGNUM *n,
+                                         BN_CTX *ctx);
+
 /* BN_kronecker returns the Kronecker symbol of |a| and |b| (which is -1, 0 or
  * 1), or -2 on error. */
 OPENSSL_EXPORT int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);