1. BN_add_word(a,w) does not handle the sign correctly in the case
that a<0. It should do a+w == -(-a-w), but instead assumes that the
result is always negative.
2. BN_sub_word(a,w) does not handle the case a==0 properly. The
following patch assumes that a->d has been malloc'd (and then w is
inserted).
It appears that (a->d==0, a->top==0, a->neg==0) should be a valid
representative for zero, although the following patch does not attempt
to make the more significant changes required for such a representative.
Patches appear below.
--
Michael Kenneth Brown [EMAIL PROTECTED]
Darrel Hankerson [EMAIL PROTECTED], [EMAIL PROTECTED]
*** bn_word.c.orig Wed Feb 2 20:26:04 2000
--- bn_word.c Wed Jul 26 15:49:13 2000
***************
*** 115,121 ****
a->neg=0;
i=BN_sub_word(a,w);
if (!BN_is_zero(a))
! a->neg=1;
return(i);
}
w&=BN_MASK2;
--- 115,121 ----
a->neg=0;
i=BN_sub_word(a,w);
if (!BN_is_zero(a))
! a->neg = (a->neg == 1 ? 0 : 1);
return(i);
}
w&=BN_MASK2;
***************
*** 149,154 ****
--- 149,163 ----
}
w&=BN_MASK2;
+ if (a->top == 0) {
+ if (w) {
+ a->d[0] = w;
+ a->top = 1;
+ a->neg = 1;
+ }
+ return(a->top);
+ }
+
if ((a->top == 1) && (a->d[0] < w))
{
a->d[0]=w-a->d[0];
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
