Clarifying comment.

author: Andy Polyakov <appro@openssl.org> 2008-04-09 12:06:42 +0000
committer: Andy Polyakov <appro@openssl.org> 2008-04-09 12:06:42 +0000
commit: d4122504a2025c90eb9ffc028c4792c4b8e8e748 (patch)
tree: 0c721a840d87426a9b77ba2e5f2d40d4ae4b0031
parent: 2c4226c42b2606a43a41ebc5c97a96b24de4216a (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c
index 6b88c5fa13..0eabb0332b 100644
--- a/crypto/bn/bn_nist.c
+++ b/crypto/bn/bn_nist.c
@@ -593,7 +593,15 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 		}
 	carry = bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2), 
 		t_d, BN_NIST_256_TOP);
-	/* this is equivalent to if (result >= module) */
+	/*
+	 * we need if (result>=modulus) subtract(result,modulus);
+	 * in n-bit space this can be expressed as
+	 * if (carry || result>=modulus) subtract(result,modulus);
+	 * the catch is that comparison implies subtraction and
+	 * therefore one can write tmp=subtract(result,modulus);
+	 * and then if(carry || !borrow) result=tmp; this's what
+	 * happens below, but without explicit if:-) a.
+	 */
 	mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
 	mask = ~mask | (0-(size_t)carry);
 	res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
author	Andy Polyakov <appro@openssl.org>	2008-04-09 12:06:42 +0000
committer	Andy Polyakov <appro@openssl.org>	2008-04-09 12:06:42 +0000
commit	d4122504a2025c90eb9ffc028c4792c4b8e8e748 (patch)
tree	0c721a840d87426a9b77ba2e5f2d40d4ae4b0031
parent	2c4226c42b2606a43a41ebc5c97a96b24de4216a (diff)