From: Andy Polyakov <appro@openssl.org>
Date: Tue, 30 Sep 2014 19:00:44 +0000 (+0200)
Subject: crypto/bn/bn_nist.c: bring original failing code back for reference.
X-Git-Tag: master-pre-reformat~303
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=323154be3326a329f768958e9229585a84985747;p=openssl

crypto/bn/bn_nist.c: bring original failing code back for reference.

RT: 3541
Reviewed-by: Emilia Kasper <emilia@openssl.org>
---

diff --git a/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c
index edd06a9a0e..a5e07acd85 100644
--- a/crypto/bn/bn_nist.c
+++ b/crypto/bn/bn_nist.c
@@ -1108,9 +1108,20 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	/* ... and right shift */
 	for (val=t_d[0],i=0; i<BN_NIST_521_TOP-1; i++)
 		{
+#if 0
+		/*
+		 * MSC ARM compiler [version 2013, presumably even earlier,
+		 * much earlier] miscompiles this code, but not one in
+		 * #else section. See RT#3541.
+		 */
+		tmp = val>>BN_NIST_521_RSHIFT;
+		val = t_d[i+1];
+		t_d[i] = (tmp | val<<BN_NIST_521_LSHIFT) & BN_MASK2;
+#else
 		t_d[i] = ( val>>BN_NIST_521_RSHIFT |
 			  (tmp=t_d[i+1])<<BN_NIST_521_LSHIFT ) & BN_MASK2;
 		val=tmp;
+#endif
 		}
 	t_d[i] = val>>BN_NIST_521_RSHIFT;
 	/* lower 521 bits */