Fix BN_kronecker so that it works correctly if 'a' is negative

(we need the two's complement of BN_lsw then).

diff --git a/crypto/bn/bn_kron.c b/crypto/bn/bn_kron.c
index 20b593e6796f30ea29016474905cb107139e9eeb..0dd8a194cbe3cb11ed939e734a60475d3274e950 100644 (file)
--- a/crypto/bn/bn_kron.c
+++ b/crypto/bn/bn_kron.c
@@ -65,7 +65,7 @@
 int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
        {
        int i;
-       int ret;
+       int ret = -2; /* avoid 'uninitialized' warning */
        int err = 0;
        BIGNUM *A, *B, *tmp;
        /* In 'tab', only odd-indexed entries are relevant:
@@ -165,7 +165,7 @@ int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
        
                /* Cohen's step 4: */
                /* multiply 'ret' by  $(-1)^{(A-1)(B-1)/4}$ */
-               if (BN_lsw(A) & BN_lsw(B) & 2)
+               if ((A->neg ? ~BN_lsw(A) : BN_lsw(A)) & BN_lsw(B) & 2)
                        ret = -ret;
                
                /* (A, B) := (B mod |A|, |A|) */

diff --git a/crypto/bn/bntest.c b/crypto/bn/bntest.c
index 9e478dfe24b8ba1448ee86346edc3a44280ee12c..a664f3b91a296b12597fc2f4d215de4fa9f27ce9 100644 (file)
--- a/crypto/bn/bntest.c
+++ b/crypto/bn/bntest.c
@@ -949,8 +949,8 @@ int test_kron(BIO *bp, BN_CTX *ctx)
        for (i = 0; i < num0; i++)
                {
                if (!BN_rand(a, 512, 0, 0)) goto err;
-               if (!BN_nnmod(a, a, b, ctx)) goto err;
-               
+               a->neg = rand_neg();
+
                /* r := (b-1)/2  (note that b is odd) */
                if (!BN_copy(r, b)) goto err;
                if (!BN_sub_word(r, 1)) goto err;