Bodo Moeller wrote: > On Mon, Oct 14, 2002 at 12:52:30PM +0200, Richard Levitte - VMS Whacker wrote: > > >>>>>The problem seems to be manifested in BN_dec2bn() because of >>>>>the BN_mul_words and BN_add_words (e.g. line b). Since the >>>>>upper parts of d aren't cleared out, those routines end up >>>>>adding to whatever junk happened to be left in d from the >>>>>previous iteration. >>>> > >>Thanks, I found the bug. It seems like BN_add_word() (and >>BN_mul_word()) advances top without zeroing the next word. The result >>is that the value of that next word gets added to whatever is given as >>the next word to add. The simplest (and fastest, I believe) way to >>handle that is to have those functions zero the next word if top >>advances. > > > Another theory is that any words in the array between 'top' and 'max' > are supposed to be zero -- there's much code with the sole purpose to > achieve this. The problem is that this does not *always* happen > (otherwise this would not haven been a bug, and I believe there are > other cases); so maybe we can say that these words are zero for > aesthetical reasons, but technically are 'don't care'.
Hmmm ... wouldn't them being non-zero imply information leak? Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]