In OpenSSL 0.9.6h, there are a couple of identical BN_init() bugs in crypto/dsa/dsa_ossl.c. The BN_init() calls in question are in the functions: dsa_do_sign() (lines 113-114) dsa_sign_setup() (line 187) dsa_do_verify() (lines 239-241)
In all cases, the BN_init() calls need to be moved before the first if statement (so that they are the first functions executed). The same bugs (these and the original bn_prime.c bug) exist in 0.9.7 but on slightly different line numbers. -Ivan Nestlerode ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
