On Mon, Oct 19, 2015 at 08:10:01PM +0200, Kurt Roeckx wrote: > The manpage says that for BN_add(), BN_mul(), BN_sqr(), BN_mod_mul() > and BN_gcd() r can be one of the other BIGNUMs that got passed, but > it doesn't say so for BN_sub(). So one could also argue that > probable_prime_dh_safe() shouldn't have called BN_sub() like that. > But we have various other callers internally that call BN_sub() > like that. So we should probably either fix all the callers not > to do that, or really make sure that it works properly when they > alias and document that they can. And I'm currently in favor of > making it safe for them to alias. (It should probably only be > allowed to alias a, not b.)
I think that only allow a to alias and not b doesn't make sense anymore, and clearly would be a problem since BN_sub() can call BN_usub() with a and b switched. Kurt _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
