You write:
On Mon, Nov 07, 2011 at 03:06:38PM -, Charles Bryant wrote:
(Someone wrote):
How did you find that
bn_mul_comba4 is broken?
I fed various random inputs into both the C and assembler versions and
compared them. I think bntest also fails because of this bug
I see no failures in
On Mon, Nov 07, 2011 at 03:06:38PM -, Charles Bryant wrote:
You write:
The ppc version of bn_mul_comba4 produces an incorrect result because
one of the products added into r[5] is wrong.
...
Isn't it amazing for how long can a bug go unnoticed? This one was
present in original
You write:
The ppc version of bn_mul_comba4 produces an incorrect result because
one of the products added into r[5] is wrong.
...
Isn't it amazing for how long can a bug go unnoticed? This one was
present in original submission from 2004.
Presumably nobody has used the assmbler code for 32-bit
The ppc version of bn_mul_comba4 produces an incorrect result because
one of the products added into r[5] is wrong. Instead of adding a[3]*b[2],
a[3]*a[2] is added because r4 is used instead of r5:
diff -N -ru bad/crypto/bn/asm/ppc.pl good/crypto/bn/asm/ppc.pl
--- bad/crypto/bn/asm/ppc.pl