If one wants to assert that the caller didn't provide arguments that
overflowed, wouldn't the assertion be
assert (h < d);
If one is just going to assert that the initial normalizing shift doesn't
overflow, then shouldn't the assertion be
assert((i == BN_BITS2) || (h < (BN_ULONG)1<<i));
Consider the test case of "0x0200 0000 0000 0000 / 0x01.. ...." (where BN_BITS2
is 32). BN_num_bits_word will return 25 and the normalization shift will be 7
bits. The normalization shift will be OK for all values of h less than or
equal to "0x01FF FFFF"; so, assertion should be "h < 0x2000 0000". The
equality case will, in fact, overflow the shift.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
