Reject negative shifts for BN_rshift and BN_lshift
authorMatt Caswell <matt@openssl.org>
Tue, 19 May 2015 14:19:30 +0000 (15:19 +0100)
committerMatt Caswell <matt@openssl.org>
Fri, 22 May 2015 22:21:55 +0000 (23:21 +0100)
commit726b5e71329865d14e46e1eb96c986e3e373bbfd
tree895d0aa010f5b3f7a60472f54f788e5828794285
parent0a9f8e0621ba03d6cbd5691f997eedba2d8536f7
Reject negative shifts for BN_rshift and BN_lshift

The functions BN_rshift and BN_lshift shift their arguments to the right or
left by a specified number of bits. Unpredicatable results (including
crashes) can occur if a negative number is supplied for the shift value.

Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and Filip Palian
for discovering and reporting this issue.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 7cc18d8158b5fc2676393d99b51c30c135502107)

Conflicts:
crypto/bn/bn.h
crypto/bn/bn_err.c
crypto/bn/bn.h
crypto/bn/bn_err.c
crypto/bn/bn_shift.c
doc/crypto/BN_set_bit.pod