crypto/bn/bn_nist.c: bring original failing code back for reference.
authorAndy Polyakov <appro@openssl.org>
Tue, 30 Sep 2014 19:00:44 +0000 (21:00 +0200)
committerAndy Polyakov <appro@openssl.org>
Tue, 30 Sep 2014 19:00:44 +0000 (21:00 +0200)
RT: 3541
Reviewed-by: Emilia Kasper <emilia@openssl.org>
crypto/bn/bn_nist.c

index edd06a9a0e51df72f69c229039ee744605aab3c8..a5e07acd851a8d77b35f7af5418117bcbd1b6093 100644 (file)
@@ -1108,9 +1108,20 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
        /* ... and right shift */
        for (val=t_d[0],i=0; i<BN_NIST_521_TOP-1; i++)
                {
+#if 0
+               /*
+                * MSC ARM compiler [version 2013, presumably even earlier,
+                * much earlier] miscompiles this code, but not one in
+                * #else section. See RT#3541.
+                */
+               tmp = val>>BN_NIST_521_RSHIFT;
+               val = t_d[i+1];
+               t_d[i] = (tmp | val<<BN_NIST_521_LSHIFT) & BN_MASK2;
+#else
                t_d[i] = ( val>>BN_NIST_521_RSHIFT |
                          (tmp=t_d[i+1])<<BN_NIST_521_LSHIFT ) & BN_MASK2;
                val=tmp;
+#endif
                }
        t_d[i] = val>>BN_NIST_521_RSHIFT;
        /* lower 521 bits */