bignum: fix boundary condition in montgomery logic
It's not clear whether this inconsistency could lead to an actual computation error, but it involved a BIGNUM being passed around the montgomery logic in an inconsistent state. This was found using flags -DBN_DEBUG -DBN_DEBUG_RAND, and working backwards from this assertion in 'ectest'; ectest: bn_mul.c:960: BN_mul: Assertion `(_bnum2->top == 0) || (_bnum2->d[_bnum2->top - 1] != 0)' failed Signed-off-by: Geoff Thorpe <geoff@openssl.org>
This commit is contained in:
Geoff Thorpe
parent
9cabf6bb80
commit
a529261891
@ -494,6 +494,9 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
|||||||
r->d[0] = (0-m->d[0])&BN_MASK2;
|
r->d[0] = (0-m->d[0])&BN_MASK2;
|
||||||
for(i=1;i<j;i++) r->d[i] = (~m->d[i])&BN_MASK2;
|
for(i=1;i<j;i++) r->d[i] = (~m->d[i])&BN_MASK2;
|
||||||
r->top = j;
|
r->top = j;
|
||||||
|
/* Upper words will be zero if the corresponding words of 'm'
|
||||||
|
* were 0xfff[...], so decrement r->top accordingly. */
|
||||||
|
bn_correct_top(r);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user