diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 456d34f59b47865d73b6136ba2d401f6e370bf37..9c92d76b4121c97ce7576818df045f19a9a9fc64 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -262,8 +262,9 @@ typedef struct bn_mont_ctx_st int ri; /* number of bits in R */ BIGNUM RR; /* used to convert to montgomery form */ BIGNUM N; /* The modulus */ - BIGNUM Ni; /* The inverse of N (bignum form) */ - BN_ULONG n0; /* The inverse of N in word form */ + BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 + * (Ni is only stored for bignum algorithm) */ + BN_ULONG n0; /* least significant word of Ni */ int flags; } BN_MONT_CTX; diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index 5ef08d9157247ba70a2f024f6c56b52f6b16426f..cdf7ca191af2609475fa2fa59d8f12c50616cb0b 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -304,7 +304,8 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) BN_sub_word(&Ri,1); else /* if N mod word size == 1 */ BN_set_word(&Ri,BN_MASK2); /* Ri-- (mod word size) */ - BN_div(&Ri,NULL,&Ri,&tmod,ctx); /* Ni = (R*Ri-1)/N */ + BN_div(&Ri,NULL,&Ri,&tmod,ctx); /* Ni = (R*Ri-1)/N, + * keep only list significant word: */ mont->n0=Ri.d[0]; BN_free(&Ri); }