Fix BN_kronecker so that it works correctly if 'a' is negative

(we need the two's complement of BN_lsw then).

Fix BN_kronecker so that it works correctly if 'a' is negative
(we need the two's complement of BN_lsw then).
eb1f1b0a · Bodo Möller · a9376dbf · eb1f1b0a · eb1f1b0a
显示空白变更内容
内联并排

Showing with 4 addition and 4 deletion

crypto/bn/bn_kron.c crypto/bn/bn_kron.c +2 -2

crypto/bn/bntest.c crypto/bn/bntest.c +2 -2

未找到文件。
--- a/crypto/bn/bn_kron.c
+++ b/crypto/bn/bn_kron.c
@@ -65,7 +65,7 @@
 int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 	{
 	int i;
-	int ret;
+	int ret = -2; /* avoid 'uninitialized' warning */
 	int err = 0;
 	BIGNUM *A, *B, *tmp;
 	/* In 'tab', only odd-indexed entries are relevant:
@@ -165,7 +165,7 @@ int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 		/* Cohen's step 4: */
 		/* multiply 'ret' by  $(-1)^{(A-1)(B-1)/4}$ */
-		if (BN_lsw(A) & BN_lsw(B) & 2)
+		if ((A->neg ? ~BN_lsw(A) : BN_lsw(A)) & BN_lsw(B) & 2)
 			ret = -ret;
 		/* (A, B) := (B mod |A|, |A|) */

--- a/crypto/bn/bntest.c
+++ b/crypto/bn/bntest.c
@@ -949,7 +949,7 @@ int test_kron(BIO *bp, BN_CTX *ctx)
 	for (i = 0; i < num0; i++)
 		{
 		if (!BN_rand(a, 512, 0, 0)) goto err;
-		if (!BN_nnmod(a, a, b, ctx)) goto err;
+		a->neg = rand_neg();
 		/* r := (b-1)/2  (note that b is odd) */
 		if (!BN_copy(r, b)) goto err;