First Bug :
The function ASN1_INTEGER_to_BNi(ai,bn) will coredump if its argument ai
is
negative and bn is NULL.
"a_int.c"
BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn)
The following change is needed :
< if(ai->type == V_ASN1_NEG_INTEGER) bn->neg = 1;
> if(ai->type == V_ASN1_NEG_INTEGER) ret->neg = 1;
Second Bug :
I'm sorry I don't have time to check exactly how to reproduce this bug,
but maybe it's not too difficult to do ? If it can't be done, I'll try
to find the way to reproduce later.
Under some circumstances, it seems that calling BN_mul_word(bn, w); with
w set to zero will generate an invalid value in bn.
I have the feeling bn takes a value of zero, but with a larger than
necessary internal representation.
As a result on the next call of BN_num_bits(bn), the assertion "if (l ==
0)" is verified.
In that case, OpenSSL prints "BAD TOP VALUE" and calls abort().
I don't like the fact OpenSSL calls abort() even if there is no good way
to report an error in that function.
Any thought about a way to change that behaviour ?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
