From b5c6728d03d2d12fc64dfa3ceebc8296184e7781 Mon Sep 17 00:00:00 2001 From: jsing Date: Sat, 11 Mar 2023 14:14:54 +0000 Subject: [PATCH] Avoid -0 in BN_div_word(). Currently, the use of BN_div_word() can result in -0 - avoid this by setting negative again, at the end of the computation. Should fix oss-fuzz 56667. ok tb@ --- lib/libcrypto/bn/bn_word.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/libcrypto/bn/bn_word.c b/lib/libcrypto/bn/bn_word.c index c900f9ee2ea..68d5c2a4b46 100644 --- a/lib/libcrypto/bn/bn_word.c +++ b/lib/libcrypto/bn/bn_word.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_word.c,v 1.19 2023/03/11 14:13:11 jsing Exp $ */ +/* $OpenBSD: bn_word.c,v 1.20 2023/03/11 14:14:54 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -131,6 +131,10 @@ BN_div_word(BIGNUM *a, BN_ULONG w) if ((a->top > 0) && (a->d[a->top - 1] == 0)) a->top--; ret >>= j; + + /* Set negative again, to handle -0 case. */ + BN_set_negative(a, a->neg); + return (ret); } -- 2.20.1