Fix a bug which caused BN_div to produce the

wrong result if rm==num and num < 0.
author: Dr. Stephen Henson <steve@openssl.org> 2001-02-28 00:51:48 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2001-02-28 00:51:48 +0000
commit: 3d2e469cfab1ea3a0515bfe006319210da3ff4fb (patch)
tree: c83a1504d4bbf8e1450e2965abb967cd6cbde6c0
parent: bf401a2aef5a130ef21de4575f3a7c3d7a6f5e2a (diff)
2 files changed, 11 insertions, 1 deletions
diff --git a/CHANGES b/CHANGES
index 6a2480b24c..753853c8fa 100644
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,12 @@
 
  Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
 
+  *) In BN_div() keep a copy of the sign of 'num' before writing the
+     result to 'rm' because if rm==num the value will be overwritten
+     and produce the wrong result if 'num' is negative: this caused
+     problems with BN_mod() and BN_nnmod().
+     [Steve Henson]
+
   *) Function OCSP_request_verify(). This checks the signature on an
      OCSP request and verifies the signer certificate. The signer
      certificate is just checked for a generic purpose and OCSP request
diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c
index 7bee1dcc72..bbd0994008 100644
--- a/crypto/bn/bn_div.c
+++ b/crypto/bn/bn_div.c
@@ -342,9 +342,13 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 		}
 	if (rm != NULL)
 		{
+		/* Keep a copy of the neg flag in num because if rm==num
+		 * BN_rshift() will overwrite it.
+		 */
+		int neg = num->neg;
 		BN_rshift(rm,snum,norm_shift);
 		if (!BN_is_zero(rm))
-			rm->neg = num->neg;
+			rm->neg = neg;
 		}
 	BN_CTX_end(ctx);
 	return(1);
author	Dr. Stephen Henson <steve@openssl.org>	2001-02-28 00:51:48 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2001-02-28 00:51:48 +0000
commit	3d2e469cfab1ea3a0515bfe006319210da3ff4fb (patch)
tree	c83a1504d4bbf8e1450e2965abb967cd6cbde6c0
parent	bf401a2aef5a130ef21de4575f3a7c3d7a6f5e2a (diff)