avoid potential infinite loop in final reduction round of BN_GF2m_mod_arr()

Submitted by: Huang Ying Reviewed by: Douglas Stebila

avoid potential infinite loop in final reduction round of BN_GF2m_mod_arr()
Submitted by: Huang Ying Reviewed by: Douglas Stebila
8228fd89 · Bodo Möller · 869eb9e7 · 8228fd89 · 8228fd89
隐藏空白更改
内联并排

Showing with 10 addition and 2 deletion

CHANGES CHANGES +5 -1

crypto/bn/bn_gf2m.c crypto/bn/bn_gf2m.c +5 -1

未找到文件。
--- a/CHANGES
+++ b/CHANGES
@@ -702,12 +702,16 @@

 Changes between 0.9.8h and 0.9.8i  [xx XXX xxxx]

+  *) Fix BN_GF2m_mod_arr() top-bit cleanup code.
+     [Huang Ying]
+
  *) Expand ENGINE to support engine supplied SSL client certificate functions.

     This work was sponsored by Logica.
     [Steve Henson]

-  *) Add CryptoAPI ENGINE to support use of RSA and DSA keys held in Windows         keystores. Support for SSL/TLS client authentication too.
+  *) Add CryptoAPI ENGINE to support use of RSA and DSA keys held in Windows
+     keystores. Support for SSL/TLS client authentication too.
     Not compiled unless enable-capieng specified to Configure.

     This work was sponsored by Logica.

--- a/crypto/bn/bn_gf2m.c
+++ b/crypto/bn/bn_gf2m.c
@@ -322,7 +322,11 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[])
 		if (zz == 0) break;
 		d1 = BN_BITS2 - d0;
 		
-		if (d0) z[dN] = (z[dN] << d1) >> d1; /* clear up the top d1 bits */
+		/* clear up the top d1 bits */
+		if (d0)
+			z[dN] = (z[dN] << d1) >> d1;
+		else
+			z[dN] = 0;
 		z[0] ^= zz; /* reduction t^0 component */

 		for (k = 1; p[k] != 0; k++)