> The function BN_nist_mod_384 (in crypto/bn/bn_nist.c) Other fast reduction functions are apparently affected too.
> gives wrong results > for some inputs. For example, on input: > 0xffffffff00000000ffffffffffffffffffffffff000000000000000000000000fffffffffffffffffffffffffffffffe00000002ffffffffffffffffffffffff00000000ffffffffffffffffffffffff > it yields > 0x100000000ffffffffffffffff00000000 > but the correct result is > 0x200000001fffffffffffffffe00000001. > > As a consequence the function EC_POINT_add gives sometimes wrong results > for the NIST standard curve P-384. For example, if it computes the sum of > the points > (0x56fce068ab4eacbcbdca2a8cf5608e74d89ad30925bedac917aee82799eab18cd22e09a64bdcc2e03fd6f51a7c23bce6, > > 0x259b376c88fc35a48e25dc20da307cf2ca30cda69f14584020a75061b0a300f04c6acd9c8890a9653625bdaed2d2e4ce) > and > (0xa9031f9754b153444235d5730a9f718b27652cf6da412536e85117d866154e722dd1f658b4233d1fc0290ae683dc431a, > > 0x9ac68504a9cb1565ea7b9ccf45d53bbbcc06c39cb102a3ef5d3b7f02111489e7dde3bb954e8a10bf4b9c6f852dd2c46a) > which lie on that curve the result is a point which does not lie on the > curve. To see this compile the following code: Please verify http://cvs.openssl.org/chngview?cn=16985. A. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
