From 3d2e469cfab1ea3a0515bfe006319210da3ff4fb Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 28 Feb 2001 00:51:48 +0000 Subject: [PATCH] Fix a bug which caused BN_div to produce the wrong result if rm==num and num < 0. --- CHANGES | 6 ++++++ crypto/bn/bn_div.c | 6 +++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 6a2480b24c..753853c8fa 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,12 @@ Changes between 0.9.6 and 0.9.7 [xx XXX 2000] + *) In BN_div() keep a copy of the sign of 'num' before writing the + result to 'rm' because if rm==num the value will be overwritten + and produce the wrong result if 'num' is negative: this caused + problems with BN_mod() and BN_nnmod(). + [Steve Henson] + *) Function OCSP_request_verify(). This checks the signature on an OCSP request and verifies the signer certificate. The signer certificate is just checked for a generic purpose and OCSP request diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c index 7bee1dcc72..bbd0994008 100644 --- a/crypto/bn/bn_div.c +++ b/crypto/bn/bn_div.c @@ -342,9 +342,13 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, } if (rm != NULL) { + /* Keep a copy of the neg flag in num because if rm==num + * BN_rshift() will overwrite it. + */ + int neg = num->neg; BN_rshift(rm,snum,norm_shift); if (!BN_is_zero(rm)) - rm->neg = num->neg; + rm->neg = neg; } BN_CTX_end(ctx); return(1); -- 2.34.1