bn_mul_recursive doesn't handle all cases correctly, which results in

BN_mul failures at certain key-length mixes [from HEAD].
PR: 1427

diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c
index aec1eafc65fbb25a8fbeda30f8f6025129a3c716..312b467645e8bb20d13375ca3ceebc04bc5ed963 100644 (file)
--- a/crypto/bn/bn_mul.c
+++ b/crypto/bn/bn_mul.c
@@ -655,16 +655,16 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
                                for (;;)
                                        {
                                        i/=2;
-                                       if (i < tna && i < tnb)
+                                       if (i <= tna && tna == tnb)
                                                {
-                                               bn_mul_part_recursive(&(r[n2]),
+                                               bn_mul_recursive(&(r[n2]),
                                                        &(a[n]),&(b[n]),
                                                        i,tna-i,tnb-i,p);
                                                break;
                                                }
-                                       else if (i <= tna && i <= tnb)
+                                       else if (i < tna || i < tnb)
                                                {
-                                               bn_mul_recursive(&(r[n2]),
+                                               bn_mul_part_recursive(&(r[n2]),
                                                        &(a[n]),&(b[n]),
                                                        i,tna-i,tnb-i,p);
                                                break;