Commit 8228fd89 authored by Bodo Möller's avatar Bodo Möller
Browse files

avoid potential infinite loop in final reduction round of BN_GF2m_mod_arr() 

Submitted by: Huang Ying
Reviewed by: Douglas Stebila
parent 869eb9e7

CHANGES

+5 −1
Original line number Diff line number Diff line
@@ -702,12 +702,16 @@ 


 Changes between 0.9.8h and 0.9.8i  [xx XXX xxxx]



  *) Fix BN_GF2m_mod_arr() top-bit cleanup code.

     [Huang Ying]



  *) Expand ENGINE to support engine supplied SSL client certificate functions.



     This work was sponsored by Logica.

     [Steve Henson]



  *) Add CryptoAPI ENGINE to support use of RSA and DSA keys held in Windows         keystores. Support for SSL/TLS client authentication too.

  *) Add CryptoAPI ENGINE to support use of RSA and DSA keys held in Windows

     keystores. Support for SSL/TLS client authentication too.

     Not compiled unless enable-capieng specified to Configure.



     This work was sponsored by Logica.

crypto/bn/bn_gf2m.c

+5 −1
Original line number Diff line number Diff line
@@ -322,7 +322,11 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]) 
		if (zz == 0) break;

		d1 = BN_BITS2 - d0;

		

		if (d0) z[dN] = (z[dN] << d1) >> d1; /* clear up the top d1 bits */

		/* clear up the top d1 bits */

		if (d0)

			z[dN] = (z[dN] << d1) >> d1;

		else

			z[dN] = 0;

		z[0] ^= zz; /* reduction t^0 component */



		for (k = 1; p[k] != 0; k++)