bn/bn_mont.c: improve readability of post-condition code.

Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: David Benjamin <davidben@google.com> (Merged from https://github.com/openssl/openssl/pull/6662)
author: Andy Polyakov <appro@openssl.org> 2018-07-06 14:54:34 +0200
committer: Andy Polyakov <appro@openssl.org> 2018-07-12 14:52:01 +0200
commit: 6c90182a5f87af1a1e462536e7123ad2afb84c43 (patch)
tree: f2903da541a9c028e36ebb50f17007c2c14904b5 /crypto/bn/bn_mont.c
parent: 3c97e4121ecec20cfac433883cd4709580a05620 (diff)
1 files changed, 5 insertions, 6 deletions
diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
index 8e0d43642f..3c47351962 100644
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -130,15 +130,14 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
      */
     ap = &(r->d[nl]);
 
+    carry -= bn_sub_words(rp, ap, np, nl);
     /*
-     * |v| is one if |ap| - |np| underflowed or zero if it did not. Note |v|
-     * cannot be -1. That would imply the subtraction did not fit in |nl| words,
-     * and we know at most one subtraction is needed.
+     * |carry| is -1 if |ap| - |np| underflowed or zero if it did not. Note
+     * |carry| cannot be 1. That would imply the subtraction did not fit in
+     * |nl| words, and we know at most one subtraction is needed.
      */
-    v = bn_sub_words(rp, ap, np, nl) - carry;
-    v = 0 - v;
     for (i = 0; i < nl; i++) {
-        rp[i] = (v & ap[i]) | (~v & rp[i]);
+        rp[i] = (carry & ap[i]) | (~carry & rp[i]);
         ap[i] = 0;
     }
     bn_correct_top(r);
author	Andy Polyakov <appro@openssl.org>	2018-07-06 14:54:34 +0200
committer	Andy Polyakov <appro@openssl.org>	2018-07-12 14:52:01 +0200
commit	6c90182a5f87af1a1e462536e7123ad2afb84c43 (patch)
tree	f2903da541a9c028e36ebb50f17007c2c14904b5 /crypto/bn/bn_mont.c
parent	3c97e4121ecec20cfac433883cd4709580a05620 (diff)