Vitaly Obernikhin wrote:
> I'm quite new to openssl and this mailing list, so, I might be wrong, but I think there is a small issue in
>
> crypto\ecdsa\ecs_ossl.c (openssl-0.9.8d and earlier versions, say, openssl-0.9.8b), function
>
> static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
> const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
>
> "do {...} while (BN_is_zero(s))" loop.
>
> If in_kinv and in_r were passed as non-NULL parameters to ecdsa_do_sign() and BN_is_zero(s) is true, then the do/while loop will be endless, won't it?
>
> I understand that the probability of (BN_is_zero(s) is true) is very small and usually the in_kinv and in_r parameters are NULL, so they will be generated again in the next pass of the loop and the loop won't be endless. However, the bug still exists and in the described above conditions can reveal itself.
>
> Did I miss something? If so, sorry for taking your time.


no. This should be fixed in the cvs.

Cheers,
Nils
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org