montgomery: Use a distinct error for length checks.

src/arithmetic/bigint.rs

@@ -404,7 +404,7 @@ pub fn elem_exp_consttime<M>(
     base: Elem<M, R>,
     exponent: &PrivateExponent,
     m: &Modulus<M>,
-) -> Result<Elem<M, Unencoded>, error::Unspecified> {
+) -> Result<Elem<M, Unencoded>, ImpossibleLengthError> {
     use crate::{bssl, limb::Window};
 
     const WINDOW_BITS: usize = 5;
@@ -490,7 +490,7 @@ pub fn elem_exp_consttime<M>(
     base: Elem<M, R>,
     exponent: &PrivateExponent,
     m: &Modulus<M>,
-) -> Result<Elem<M, Unencoded>, error::Unspecified> {
+) -> Result<Elem<M, Unencoded>, ImpossibleLengthError> {
     use crate::{cpu, limb::LIMB_BYTES};
 
     // Pretty much all the math here requires CPU feature detection to have
@@ -629,7 +629,7 @@ pub fn elem_exp_consttime<M>(
         mut i: Window,
         num_limbs: usize,
         cpu_features: cpu::Features,
-    ) -> Result<(), error::Unspecified> {
+    ) -> Result<(), ImpossibleLengthError> {
         loop {
             scatter(table, acc, i, num_limbs);
             i *= 2;

src/arithmetic/montgomery.rs

@@ -133,9 +133,9 @@ unsafe fn mul_mont(
     m: &[Limb],
     n0: &N0,
     _: cpu::Features,
-) -> Result<(), error::Unspecified> {
+) -> Result<(), ImpossibleLengthError> {
     if m.len() < MIN_LIMBS || m.len() > MAX_LIMBS {
-        return Err(error::Unspecified);
+        return Err(ImpossibleLengthError::new());
     }
     bn_mul_mont(r, a, b, m.as_ptr(), n0, m.len());
     Ok(())
@@ -273,9 +273,9 @@ pub(super) fn limbs_mont_mul(
     m: &[Limb],
     n0: &N0,
     cpu_features: cpu::Features,
-) -> Result<(), error::Unspecified> {
+) -> Result<(), ImpossibleLengthError> {
     if r.len() != m.len() || a.len() != m.len() {
-        return Err(error::Unspecified);
+        return Err(ImpossibleLengthError::new());
     }
     unsafe { mul_mont(r.as_mut_ptr(), r.as_ptr(), a.as_ptr(), m, n0, cpu_features) }
 }
@@ -289,9 +289,9 @@ pub(super) fn limbs_mont_product(
     m: &[Limb],
     n0: &N0,
     cpu_features: cpu::Features,
-) -> Result<(), error::Unspecified> {
+) -> Result<(), ImpossibleLengthError> {
     if r.len() != m.len() || a.len() != m.len() || b.len() != m.len() {
-        return Err(error::Unspecified);
+        return Err(ImpossibleLengthError::new());
     }
     unsafe { mul_mont(r.as_mut_ptr(), a.as_ptr(), b.as_ptr(), m, n0, cpu_features) }
 }
@@ -302,13 +302,30 @@ pub(super) fn limbs_mont_square(
     m: &[Limb],
     n0: &N0,
     cpu_features: cpu::Features,
-) -> Result<(), error::Unspecified> {
+) -> Result<(), ImpossibleLengthError> {
     if r.len() != m.len() {
-        return Err(error::Unspecified);
+        return Err(ImpossibleLengthError::new());
     }
     unsafe { mul_mont(r.as_mut_ptr(), r.as_ptr(), r.as_ptr(), m, n0, cpu_features) }
 }
 
+/// `ImpossibleLengthError` should never occur.
+#[derive(Debug)]
+pub struct ImpossibleLengthError(());
+
+impl ImpossibleLengthError {
+    fn new() -> Self {
+        // unreachable!();
+        Self(())
+    }
+}
+
+impl From<ImpossibleLengthError> for error::Unspecified {
+    fn from(_: ImpossibleLengthError) -> Self {
+        Self
+    }
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;

src/rsa/keypair.rs

@@ -20,7 +20,7 @@ use super::{
 use crate::{
     arithmetic::{
         bigint,
-        montgomery::{R, RR, RRR},
+        montgomery::{ImpossibleLengthError, R, RR, RRR},
     },
     bits::BitLength,
     cpu, digest,
@@ -482,7 +482,7 @@ fn elem_exp_consttime<M>(
     c: &bigint::Elem<N>,
     p: &PrivateCrtPrime<M>,
     other_prime_len_bits: BitLength,
-) -> Result<bigint::Elem<M>, error::Unspecified> {
+) -> Result<bigint::Elem<M>, ImpossibleLengthError> {
     let m = &p.modulus.modulus();
     let c_mod_m = bigint::elem_reduced(c, m, other_prime_len_bits);
     let c_mod_m = bigint::elem_mul(p.oneRRR.as_ref(), c_mod_m, m);