Update comments to provide a better approximation of reality.

diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h
index 456d34f59b47865d73b6136ba2d401f6e370bf37..9c92d76b4121c97ce7576818df045f19a9a9fc64 100644 (file)
--- a/crypto/bn/bn.h
+++ b/crypto/bn/bn.h
@@ -262,8 +262,9 @@ typedef struct bn_mont_ctx_st
        int ri;        /* number of bits in R */
        BIGNUM RR;     /* used to convert to montgomery form */
        BIGNUM N;      /* The modulus */
-       BIGNUM Ni;     /* The inverse of N (bignum form) */
-       BN_ULONG n0;   /* The inverse of N in word form */
+       BIGNUM Ni;     /* R*(1/R mod N) - N*Ni = 1
+                       * (Ni is only stored for bignum algorithm) */
+       BN_ULONG n0;   /* least significant word of Ni */
        int flags;
        } BN_MONT_CTX;
 

diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
index 5ef08d9157247ba70a2f024f6c56b52f6b16426f..cdf7ca191af2609475fa2fa59d8f12c50616cb0b 100644 (file)
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -304,7 +304,8 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
                        BN_sub_word(&Ri,1);
                else /* if N mod word size == 1 */
                        BN_set_word(&Ri,BN_MASK2);  /* Ri-- (mod word size) */
-               BN_div(&Ri,NULL,&Ri,&tmod,ctx);          /* Ni = (R*Ri-1)/N */
+               BN_div(&Ri,NULL,&Ri,&tmod,ctx); /* Ni = (R*Ri-1)/N,
+                                                * keep only list significant word: */
                mont->n0=Ri.d[0];
                BN_free(&Ri);
                }