Merge remote-tracking branch 'origin/released'

Conflicts:
	openssl/Makefile
	openssl/crypto/opensslconf.h

3 files changed, 11 insertions, 1 deletions

diff --git a/openssl/crypto/bn/bn_exp.c b/openssl/crypto/bn/bn_exp.c
index 2abf6fd67..5e7eb3373 100644
--- a/openssl/crypto/bn/bn_exp.c
+++ b/openssl/crypto/bn/bn_exp.c
@@ -680,7 +680,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
 
     /* Dedicated window==4 case improves 512-bit RSA sign by ~15%, but as
      * 512-bit RSA is hardly relevant, we omit it to spare size... */ 
-    if (window==5)
+    if (window==5 && top>1)
 	{
 	void bn_mul_mont_gather5(BN_ULONG *rp,const BN_ULONG *ap,
 			const void *table,const BN_ULONG *np,
diff --git a/openssl/crypto/bn/bn_lib.c b/openssl/crypto/bn/bn_lib.c
index 5461e6ee7..d5a211e28 100644
--- a/openssl/crypto/bn/bn_lib.c
+++ b/openssl/crypto/bn/bn_lib.c
@@ -320,6 +320,15 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
 		BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE);
 		return(NULL);
 		}
+#ifdef PURIFY
+	/* Valgrind complains in BN_consttime_swap because we process the whole
+	 * array even if it's not initialised yet. This doesn't matter in that
+	 * function - what's important is constant time operation (we're not
+	 * actually going to use the data)
+	*/
+	memset(a, 0, sizeof(BN_ULONG)*words);
+#endif
+
 #if 1
 	B=b->d;
 	/* Check if the previous number needs to be copied */
diff --git a/openssl/crypto/bn/bn_sqr.c b/openssl/crypto/bn/bn_sqr.c
index 270d0cd34..65bbf165d 100644
--- a/openssl/crypto/bn/bn_sqr.c
+++ b/openssl/crypto/bn/bn_sqr.c
@@ -77,6 +77,7 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
 	if (al <= 0)
 		{
 		r->top=0;
+		r->neg = 0;
 		return 1;
 		}