BN_to_montgomery expects its inputs to be in the interval 0 .. modulus-1,

so we have to reduce the random numbers used in test_mont. Before this change, test_mont failed in [debug-]solaris-sparcv9-gcc configurations ("Montgomery multiplication test failed!" because the multiplication result obtained with Montgomery multiplication differed from the result obtained by BN_mod_mul). Substituing the old version of bn_gcd.c (BN_mod_inverse) did not avoid the problem. The strange thing is that it I did not observe any problems when using debug-solaris-sparcv8-gcc and solaris-sparcv9-cc, as well as when compiling OpenSSL 0.9.6 in the solaric-sparcv9-gcc configuration on the same system.

BN_to_montgomery expects its inputs to be in the interval 0 .. modulus-1,
so we have to reduce the random numbers used in test_mont. Before this change, test_mont failed in [debug-]solaris-sparcv9-gcc configurations ("Montgomery multiplication test failed!" because the multiplication result obtained with Montgomery multiplication differed from the result obtained by BN_mod_mul). Substituing the old version of bn_gcd.c (BN_mod_inverse) did not avoid the problem. The strange thing is that it I did not observe any problems when using debug-solaris-sparcv8-gcc and solaris-sparcv9-cc, as well as when compiling OpenSSL 0.9.6 in the solaric-sparcv9-gcc configuration on the same system.
14697d9d · Bodo Möller · c6a926d9 · 14697d9d
隐藏空白更改
内联并排

Showing with 3 addition and 0 deletion

crypto/bn/bntest.c crypto/bn/bntest.c +3 -0

未找到文件。
--- a/crypto/bn/bntest.c
+++ b/crypto/bn/bntest.c
@@ -629,6 +629,9 @@ int test_mont(BIO *bp, BN_CTX *ctx)
 		BN_rand(&n,bits,0,1);
 		BN_MONT_CTX_set(mont,&n,ctx);

+		BN_nnmod(&a,&a,&n,ctx);
+		BN_nnmod(&b,&b,&n,ctx);
+
 		BN_to_montgomery(&A,&a,mont,ctx);
 		BN_to_montgomery(&B,&b,mont,ctx);