crypto/bn/bn_nist.c: bring original failing code back for reference.

RT: 3541 Reviewed-by: Emilia Kasper <emilia@openssl.org>
author: Andy Polyakov <appro@openssl.org> 2014-09-30 21:00:44 +0200
committer: Andy Polyakov <appro@openssl.org> 2014-09-30 21:00:44 +0200
commit: 323154be3326a329f768958e9229585a84985747 (patch)
tree: fe88a917443c12846d542274821184d4537ccea8 /crypto/bn/bn_nist.c
parent: 7c4776251e283db7bdaeb416f1d99b78cd622e7a (diff)
download: openssl-323154be3326a329f768958e9229585a84985747.zip
openssl-323154be3326a329f768958e9229585a84985747.tar.gz
openssl-323154be3326a329f768958e9229585a84985747.tar.bz2
1 files changed, 11 insertions, 0 deletions
diff --git a/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c
index edd06a9..a5e07ac 100644
--- a/crypto/bn/bn_nist.c
+++ b/crypto/bn/bn_nist.c
@@ -1108,9 +1108,20 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	/* ... and right shift */
 	for (val=t_d[0],i=0; i<BN_NIST_521_TOP-1; i++)
 		{
+#if 0
+		/*
+		 * MSC ARM compiler [version 2013, presumably even earlier,
+		 * much earlier] miscompiles this code, but not one in
+		 * #else section. See RT#3541.
+		 */
+		tmp = val>>BN_NIST_521_RSHIFT;
+		val = t_d[i+1];
+		t_d[i] = (tmp | val<<BN_NIST_521_LSHIFT) & BN_MASK2;
+#else
 		t_d[i] = ( val>>BN_NIST_521_RSHIFT |
 			  (tmp=t_d[i+1])<<BN_NIST_521_LSHIFT ) & BN_MASK2;
 		val=tmp;
+#endif
 		}
 	t_d[i] = val>>BN_NIST_521_RSHIFT;
 	/* lower 521 bits */
author	Andy Polyakov <appro@openssl.org>	2014-09-30 21:00:44 +0200
committer	Andy Polyakov <appro@openssl.org>	2014-09-30 21:00:44 +0200
commit	323154be3326a329f768958e9229585a84985747 (patch)
tree	fe88a917443c12846d542274821184d4537ccea8 /crypto/bn/bn_nist.c
parent	7c4776251e283db7bdaeb416f1d99b78cd622e7a (diff)
download	openssl-323154be3326a329f768958e9229585a84985747.zip openssl-323154be3326a329f768958e9229585a84985747.tar.gz openssl-323154be3326a329f768958e9229585a84985747.tar.bz2