BN_mul(r,x,y,ctx) in openssl-0.9.{4,5a}/crypto/bn/ does not track sign
correctly if r==x or r==y. (In SSLeay, I believe r!=x and r!=y was
required, but this was removed in later versions.)
The context-diff below shows the necessary change. The sign
should be calculated and saved after the test for repeated
arguments.
--
--Darrel Hankerson [EMAIL PROTECTED]
*** bn_mul.c.orig Mon Mar 13 18:54:21 2000
--- bn_mul.c Tue Jul 25 19:30:44 2000
***************
*** 631,637 ****
al=a->top;
bl=b->top;
- r->neg=a->neg^b->neg;
if ((al == 0) || (bl == 0))
{
--- 631,636 ----
***************
*** 647,652 ****
--- 646,652 ----
}
else
rr = r;
+ rr->neg=a->neg^b->neg;
#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
i = al-bl;
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
