From 1c861df95c465d9b8fe4f9bed9de8dd494416157 Mon Sep 17 00:00:00 2001
From: Brian Smith <brian@briansmith.org>
Date: Tue, 10 Dec 2024 17:25:04 -0800
Subject: [PATCH] bigint: Remove redundant ">= 3" check for Modulus.

As we require the modulus to be multiple limbs long, its value cannot
be less than 3.
---
 build.rs                              |  1 -
 crypto/limbs/limbs.c                  |  9 -----
 src/arithmetic/bigint/modulusvalue.rs |  5 ++-
 src/limb.rs                           | 51 ---------------------------
 4 files changed, 2 insertions(+), 64 deletions(-)

diff --git a/build.rs b/build.rs
index e87e53dff..740bc27fa 100644
--- a/build.rs
+++ b/build.rs
@@ -855,7 +855,6 @@ fn prefix_all_symbols(pp: char, prefix_prefix: &str, prefix: &str) -> String {
         "LIMBS_equal",
         "LIMBS_equal_limb",
         "LIMBS_less_than",
-        "LIMBS_less_than_limb",
         "LIMBS_reduce_once",
         "LIMBS_select_512_32",
         "LIMBS_shl_mod",
diff --git a/crypto/limbs/limbs.c b/crypto/limbs/limbs.c
index df84f0767..c6715e233 100644
--- a/crypto/limbs/limbs.c
+++ b/crypto/limbs/limbs.c
@@ -80,15 +80,6 @@ Limb LIMBS_less_than(const Limb a[], const Limb b[], size_t num_limbs) {
   return constant_time_is_nonzero_w(borrow);
 }
 
-Limb LIMBS_less_than_limb(const Limb a[], Limb b, size_t num_limbs) {
-  debug_assert_nonsecret(num_limbs >= 1);
-
-  Limb dummy;
-  Limb lo = constant_time_is_nonzero_w(limb_sub(&dummy, a[0], b));
-  Limb hi = LIMBS_are_zero(&a[1], num_limbs - 1);
-  return constant_time_select_w(lo, hi, lo);
-}
-
 /* if (r >= m) { r -= m; } */
 void LIMBS_reduce_once(Limb r[], const Limb m[], size_t num_limbs) {
   debug_assert_nonsecret(num_limbs >= 1);
diff --git a/src/arithmetic/bigint/modulusvalue.rs b/src/arithmetic/bigint/modulusvalue.rs
index 3bf18868f..678f563f7 100644
--- a/src/arithmetic/bigint/modulusvalue.rs
+++ b/src/arithmetic/bigint/modulusvalue.rs
@@ -44,15 +44,14 @@ impl<M> OwnedModulusValue<M> {
         if n.len() > MODULUS_MAX_LIMBS {
             return Err(error::KeyRejected::too_large());
         }
+        const _MODULUS_MIN_LIMBS_AT_LEAST_2: () = assert!(MODULUS_MIN_LIMBS >= 2);
         if n.len() < MODULUS_MIN_LIMBS {
             return Err(error::KeyRejected::unexpected_error());
         }
+        // The above implies n >= 3, so we don't need to check it.
         if limb::limbs_are_even_constant_time(&n).leak() {
             return Err(error::KeyRejected::invalid_component());
         }
-        if limb::limbs_less_than_limb_constant_time(&n, 3).leak() {
-            return Err(error::KeyRejected::unexpected_error());
-        }
 
         let len_bits = limb::limbs_minimal_bits(&n);
 
diff --git a/src/limb.rs b/src/limb.rs
index 36df152a0..cda13c04b 100644
--- a/src/limb.rs
+++ b/src/limb.rs
@@ -58,12 +58,6 @@ pub fn limbs_less_than_limbs_vartime(a: &[Limb], b: &[Limb]) -> bool {
     limbs_less_than_limbs_consttime(a, b).leak()
 }
 
-#[inline]
-#[cfg(feature = "alloc")]
-pub fn limbs_less_than_limb_constant_time(a: &[Limb], b: Limb) -> LimbMask {
-    unsafe { LIMBS_less_than_limb(a.as_ptr(), b, a.len()) }
-}
-
 #[inline]
 pub fn limbs_are_zero_constant_time(limbs: &[Limb]) -> LimbMask {
     unsafe { LIMBS_are_zero(limbs.as_ptr(), limbs.len()) }
@@ -345,11 +339,6 @@ prefixed_extern! {
     fn LIMBS_equal_limb(a: *const Limb, b: Limb, num_limbs: c::size_t) -> LimbMask;
 }
 
-#[cfg(feature = "alloc")]
-prefixed_extern! {
-    fn LIMBS_less_than_limb(a: *const Limb, b: Limb, num_limbs: c::size_t) -> LimbMask;
-}
-
 #[cfg(test)]
 mod tests {
     use super::*;
@@ -478,46 +467,6 @@ mod tests {
         }
     }
 
-    #[test]
-    #[cfg(feature = "alloc")]
-    fn test_limbs_less_than_limb_constant_time() {
-        static LESSER: &[(&[LeakyLimb], LeakyLimb)] = &[
-            (&[0], 1),
-            (&[0, 0], 1),
-            (&[1, 0], 2),
-            (&[2, 0], 3),
-            (&[2, 0], 3),
-            (&[MAX - 1], MAX),
-            (&[MAX - 1, 0], MAX),
-        ];
-        for &(a, b) in LESSER {
-            let a = &Vec::from_iter(a.iter().copied().map(Limb::from));
-            let b = Limb::from(b);
-            assert!(leak_in_test(limbs_less_than_limb_constant_time(a, b)));
-        }
-        static EQUAL: &[(&[LeakyLimb], LeakyLimb)] = &[
-            (&[0], 0),
-            (&[0, 0, 0, 0], 0),
-            (&[1], 1),
-            (&[1, 0, 0, 0, 0, 0, 0], 1),
-            (&[MAX], MAX),
-        ];
-        static GREATER: &[(&[LeakyLimb], LeakyLimb)] = &[
-            (&[1], 0),
-            (&[2, 0], 1),
-            (&[3, 0, 0, 0], 1),
-            (&[0, 1, 0, 0], 1),
-            (&[0, 0, 1, 0], 1),
-            (&[0, 0, 1, 1], 1),
-            (&[MAX], MAX - 1),
-        ];
-        for &(a, b) in EQUAL.iter().chain(GREATER.iter()) {
-            let a = &Vec::from_iter(a.iter().copied().map(Limb::from));
-            let b = Limb::from(b);
-            assert!(!leak_in_test(limbs_less_than_limb_constant_time(a, b)));
-        }
-    }
-
     #[test]
     fn test_parse_big_endian_and_pad_consttime() {
         const LIMBS: usize = 4;