diff options
author | Geoff Thorpe <geoff@openssl.org> | 2016-10-06 17:04:56 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2017-02-01 02:06:39 +0100 |
commit | 38d1b3cc0271008b8bd130a2c4b442775b028a08 (patch) | |
tree | ae79d0c8dd2fc51bda4f13da0f9d77f0da581b5d /crypto/bn/bn_mul.c | |
parent | bn: catch negative zero as an error (diff) | |
download | openssl-38d1b3cc0271008b8bd130a2c4b442775b028a08.tar.xz openssl-38d1b3cc0271008b8bd130a2c4b442775b028a08.zip |
bn: fix occurances of negative zero
The BIGNUM behaviour is supposed to be "consistent" when going into and
out of APIs, where "consistent" means 'top' is set minimally and that
'neg' (negative) is not set if the BIGNUM is zero (which is iff 'top' is
zero, due to the previous point).
The BN_DEBUG testing (make test) caught the cases that this patch
corrects.
Note, bn_correct_top() could have been used instead, but that is intended
for where 'top' is expected to (sometimes) require adjustment after direct
word-array manipulation, and so is heavier-weight. Here, we are just
catching the negative-zero case, so we test and correct for that
explicitly, in-place.
Change-Id: Iddefbd3c28a13d935648932beebcc765d5b85ae7
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1672)
Diffstat (limited to 'crypto/bn/bn_mul.c')
-rw-r--r-- | crypto/bn/bn_mul.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c index 4c39d404b5..4a0a9505b7 100644 --- a/crypto/bn/bn_mul.c +++ b/crypto/bn/bn_mul.c @@ -857,7 +857,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) goto err; } else rr = r; - rr->neg = a->neg ^ b->neg; #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) i = al - bl; @@ -969,6 +968,7 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) end: #endif + rr->neg = a->neg ^ b->neg; bn_correct_top(rr); if (r != rr && BN_copy(r, rr) == NULL) goto err; |