diff options
author | Andy Polyakov <appro@openssl.org> | 2014-09-30 21:00:44 +0200 |
---|---|---|
committer | Andy Polyakov <appro@openssl.org> | 2014-09-30 21:00:44 +0200 |
commit | 323154be3326a329f768958e9229585a84985747 (patch) | |
tree | fe88a917443c12846d542274821184d4537ccea8 /crypto/bn/bn_nist.c | |
parent | 7c4776251e283db7bdaeb416f1d99b78cd622e7a (diff) | |
download | openssl-323154be3326a329f768958e9229585a84985747.zip openssl-323154be3326a329f768958e9229585a84985747.tar.gz openssl-323154be3326a329f768958e9229585a84985747.tar.bz2 |
crypto/bn/bn_nist.c: bring original failing code back for reference.
RT: 3541
Reviewed-by: Emilia Kasper <emilia@openssl.org>
Diffstat (limited to 'crypto/bn/bn_nist.c')
-rw-r--r-- | crypto/bn/bn_nist.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c index edd06a9..a5e07ac 100644 --- a/crypto/bn/bn_nist.c +++ b/crypto/bn/bn_nist.c @@ -1108,9 +1108,20 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, /* ... and right shift */ for (val=t_d[0],i=0; i<BN_NIST_521_TOP-1; i++) { +#if 0 + /* + * MSC ARM compiler [version 2013, presumably even earlier, + * much earlier] miscompiles this code, but not one in + * #else section. See RT#3541. + */ + tmp = val>>BN_NIST_521_RSHIFT; + val = t_d[i+1]; + t_d[i] = (tmp | val<<BN_NIST_521_LSHIFT) & BN_MASK2; +#else t_d[i] = ( val>>BN_NIST_521_RSHIFT | (tmp=t_d[i+1])<<BN_NIST_521_LSHIFT ) & BN_MASK2; val=tmp; +#endif } t_d[i] = val>>BN_NIST_521_RSHIFT; /* lower 521 bits */ |