Deprecate |BN_mod_exp2_mont| and simplify its implementation.
This function is only really useful for DSA signature verification,
which is something that isn't performance-sensitive. Replace its
optimized implementation with a naïve implementation that's much
simpler.
Note that it would be simpler to use |BN_mod_mul| in the new
implementation; |BN_mod_mul_montgomery| is used instead only to be
consistent with other work being done to replace uses of non-Montgomery
modular reduction with Montgomery modular reduction.
Change-Id: If587d463b73dd997acfc5b7ada955398c99cc342
Reviewed-on: https://boringssl-review.googlesource.com/7732
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/include/openssl/bn.h b/include/openssl/bn.h
index 8e57965..e9be0f5 100644
--- a/include/openssl/bn.h
+++ b/include/openssl/bn.h
@@ -802,11 +802,6 @@
BN_CTX *ctx,
const BN_MONT_CTX *mont);
-OPENSSL_EXPORT int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1,
- const BIGNUM *p1, const BIGNUM *a2,
- const BIGNUM *p2, const BIGNUM *m,
- BN_CTX *ctx, const BN_MONT_CTX *mont);
-
/* Deprecated functions */
@@ -833,6 +828,13 @@
const BIGNUM *m, BN_CTX *ctx,
const BN_MONT_CTX *mont);
+/* BN_mod_exp2_mont calculates (a1^p1) * (a2^p2) mod m. It returns 1 on success
+ * or zero otherwise. */
+OPENSSL_EXPORT int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1,
+ const BIGNUM *p1, const BIGNUM *a2,
+ const BIGNUM *p2, const BIGNUM *m,
+ BN_CTX *ctx, const BN_MONT_CTX *mont);
+
/* Private functions */