From 893dbf4e24a37a4ac3cf521b4c386df31e6edf21 Mon Sep 17 00:00:00 2001
From: bcook <>
Date: Tue, 5 Jul 2016 02:54:35 +0000
Subject: On systems where we do not have BN_ULLONG defined (most 64-bit
 systems), BN_mod_word() can return incorrect results if the supplied modulus
 is too big, so we need to fall back to BN_div_word.

Now that BN_mod_word may fail, handle errors properly update the man page.

Thanks to Brian Smith for pointing out these fixes from BoringSSL:

https://boringssl.googlesource.com/boringssl/+/67cb49d045f04973ddba0f92fe8a8ad483c7da89
https://boringssl.googlesource.com/boringssl/+/44bedc348d9491e63c7ed1438db100a4b8a830be

ok beck@
---
 src/regress/lib/libcrypto/bn/general/bntest.c | 28 +++++++++++++++++++++++----
 1 file changed, 24 insertions(+), 4 deletions(-)

(limited to 'src/regress/lib/libcrypto')

diff --git a/src/regress/lib/libcrypto/bn/general/bntest.c b/src/regress/lib/libcrypto/bn/general/bntest.c
index c6bd788b54..1d541778e3 100644
--- a/src/regress/lib/libcrypto/bn/general/bntest.c
+++ b/src/regress/lib/libcrypto/bn/general/bntest.c
@@ -514,7 +514,7 @@ int
 test_div_word(BIO *bp)
 {
 	BIGNUM   a, b;
-	BN_ULONG r, s;
+	BN_ULONG r, rmod, s;
 	int i;
 	int rc = 1;
 
@@ -523,14 +523,34 @@ test_div_word(BIO *bp)
 
 	for (i = 0; i < num0; i++) {
 		do {
-			BN_bntest_rand(&a, 512, -1, 0);
-			BN_bntest_rand(&b, BN_BITS2, -1, 0);
+			if (!BN_bntest_rand(&a, 512, -1, 0) ||
+			    !BN_bntest_rand(&b, BN_BITS2, -1, 0)) {
+				rc = 0;
+				break;
+			}
 			s = b.d[0];
 		} while (!s);
 
-		BN_copy(&b, &a);
+		if (!BN_copy(&b, &a)) {
+			rc = 0;
+			break;
+		}
+
+		s = b.d[0];
+		rmod = BN_mod_word(&b, s);
 		r = BN_div_word(&b, s);
 
+		if (r == (BN_ULONG)-1 || rmod == (BN_ULONG)-1) {
+			rc = 0;
+			break;
+		}
+
+		if (rmod != r) {
+			fprintf(stderr, "Mod (word) test failed!\n");
+			rc = 0;
+			break;
+		}
+
 		if (bp != NULL) {
 			if (!results) {
 				BN_print(bp, &a);
-- 
cgit v1.2.3-55-g6feb