Commit #16325 fixed one thing but broke DH with certain moduli.

author Andy Polyakov <appro@openssl.org>

Sat, 3 Nov 2007 20:09:04 +0000 (20:09 +0000)

committer Andy Polyakov <appro@openssl.org>

Sat, 3 Nov 2007 20:09:04 +0000 (20:09 +0000)
author Andy Polyakov <appro@openssl.org>
Sat, 3 Nov 2007 20:09:04 +0000 (20:09 +0000)
committer Andy Polyakov <appro@openssl.org>
Sat, 3 Nov 2007 20:09:04 +0000 (20:09 +0000)
diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c

index 312b467645e8bb20d13375ca3ceebc04bc5ed963..b848c8cc60f4d69ab60468c3090385318930a40a 100644 (file)
--- a/crypto/bn/bn_mul.c
+++ b/crypto/bn/bn_mul.c
@@ -389,6 +389,7 @@ BN_ULONG bn_add_part_words(BN_ULONG *r,
   * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
   * a[1]*b[1]
   */
   * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
   * a[1]*b[1]
   */
+/* dnX may not be positive, but n2/2+dnX has to be */
  void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
         int dna, int dnb, BN_ULONG *t)
         {
  void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
         int dna, int dnb, BN_ULONG *t)
         {
@@ -398,7 +399,7 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
         BN_ULONG ln,lo,*p;
  
  # ifdef BN_COUNT
         BN_ULONG ln,lo,*p;
  
  # ifdef BN_COUNT
-       fprintf(stderr," bn_mul_recursive %d * %d\n",n2,n2);
+       fprintf(stderr," bn_mul_recursive %d%+d * %d%+d\n",n2,dna,n2,dnb);
  # endif
  # ifdef BN_MUL_COMBA
  #  if 0
  # endif
  # ifdef BN_MUL_COMBA
  #  if 0
@@ -545,6 +546,7 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
  
  /* n+tn is the word length
   * t needs to be n*4 is size, as does r */
  
  /* n+tn is the word length
   * t needs to be n*4 is size, as does r */
+/* tnX may not be negative but less than n */
  void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
              int tna, int tnb, BN_ULONG *t)
         {
  void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
              int tna, int tnb, BN_ULONG *t)
         {
@@ -553,8 +555,8 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
         BN_ULONG ln,lo,*p;
  
  # ifdef BN_COUNT
         BN_ULONG ln,lo,*p;
  
  # ifdef BN_COUNT
-       fprintf(stderr," bn_mul_part_recursive (%d+%d) * (%d+%d)\n",
-               tna, n, tnb, n);
+       fprintf(stderr," bn_mul_part_recursive (%d%+d) * (%d%+d)\n",
+               n, tna, n, tnb);
  # endif
         if (n < 8)
                 {
  # endif
         if (n < 8)
                 {
@@ -655,16 +657,19 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
                                 for (;;)
                                         {
                                         i/=2;
                                 for (;;)
                                         {
                                         i/=2;
-                                       if (i <= tna && tna == tnb)
+                                       /* these simplified conditions work
+                                        * exclusively because difference
+                                        * between tna and tnb is 1 or 0 */
+                                       if (i < tna || i < tnb)
                                                 {
                                                 {
-                                               bn_mul_recursive(&(r[n2]),
+                                               bn_mul_part_recursive(&(r[n2]),
                                                         &(a[n]),&(b[n]),
                                                         i,tna-i,tnb-i,p);
                                                 break;
                                                 }
                                                         &(a[n]),&(b[n]),
                                                         i,tna-i,tnb-i,p);
                                                 break;
                                                 }
-                                       else if (i < tna || i < tnb)
+                                       else if (i == tna || i == tnb)
                                                 {
                                                 {
-                                               bn_mul_part_recursive(&(r[n2]),
+                                               bn_mul_recursive(&(r[n2]),
                                                         &(a[n]),&(b[n]),
                                                         i,tna-i,tnb-i,p);
                                                 break;
                                                         &(a[n]),&(b[n]),
                                                         i,tna-i,tnb-i,p);
                                                 break;
author	Andy Polyakov <appro@openssl.org>
	Sat, 3 Nov 2007 20:09:04 +0000 (20:09 +0000)
committer	Andy Polyakov <appro@openssl.org>
	Sat, 3 Nov 2007 20:09:04 +0000 (20:09 +0000)