Hi, Yair Elharrar! For me it looks bad. :-/ Because, BN_sub doesn't handle this situation (r = b): 1) BN_sub call BN_uadd(r,a,b), but r = b, then 2) BN_sub change r->neg, but r = b, then 3) BN_sub call BN_expand(r), then 4) BN_sub call BN_ucmp(a,b), but b here is not that b that was at the begin of BN_sub, then 5) BN_sub call BN_usub(r,a,b) or BN_usub(r,b,a), but ...
May be I've used wrong words, but my thought was that calling BN_sub(Y,n,Y) from BN_mod_inverse leads to unpredictable behavior. And this is not subject of standard of C rather using it. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
