From c837375615c4fb3a4d293ba2da1f5799a33105f5 Mon Sep 17 00:00:00 2001 From: deraadt <> Date: Sun, 13 Sep 2015 15:59:29 +0000 Subject: BN does support negative-zero -- BN_print() sets the standard here. BN_bn2hex() had a 1-byte overflow when creating "-0\0". Reported to me a while back by unknown person -- did not have enough experience to push this through then. advice from jsing, ok miod --- src/lib/libcrypto/bn/bn_print.c | 6 +++--- src/lib/libssl/src/crypto/bn/bn_print.c | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/lib/libcrypto/bn/bn_print.c b/src/lib/libcrypto/bn/bn_print.c index 4920705a5b..6b9f82caaf 100644 --- a/src/lib/libcrypto/bn/bn_print.c +++ b/src/lib/libcrypto/bn/bn_print.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_print.c,v 1.23 2014/07/12 16:03:36 miod Exp $ */ +/* $OpenBSD: bn_print.c,v 1.24 2015/09/13 15:59:29 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -77,13 +77,13 @@ BN_bn2hex(const BIGNUM *a) char *buf; char *p; - buf = malloc(a->top * BN_BYTES * 2 + 2); + buf = malloc(BN_is_negative(a) + a->top * BN_BYTES * 2 + 2); if (buf == NULL) { BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE); goto err; } p = buf; - if (a->neg) + if (BN_is_negative(a)) *(p++) = '-'; if (BN_is_zero(a)) *(p++) = '0'; diff --git a/src/lib/libssl/src/crypto/bn/bn_print.c b/src/lib/libssl/src/crypto/bn/bn_print.c index 4920705a5b..6b9f82caaf 100644 --- a/src/lib/libssl/src/crypto/bn/bn_print.c +++ b/src/lib/libssl/src/crypto/bn/bn_print.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_print.c,v 1.23 2014/07/12 16:03:36 miod Exp $ */ +/* $OpenBSD: bn_print.c,v 1.24 2015/09/13 15:59:29 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -77,13 +77,13 @@ BN_bn2hex(const BIGNUM *a) char *buf; char *p; - buf = malloc(a->top * BN_BYTES * 2 + 2); + buf = malloc(BN_is_negative(a) + a->top * BN_BYTES * 2 + 2); if (buf == NULL) { BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE); goto err; } p = buf; - if (a->neg) + if (BN_is_negative(a)) *(p++) = '-'; if (BN_is_zero(a)) *(p++) = '0'; -- cgit v1.2.3-55-g6feb