From 3f1904bee1f1a119e48b4827579955cc11733e39 Mon Sep 17 00:00:00 2001
From: Brian Smith <brian@briansmith.org>
Date: Thu, 10 Mar 2016 17:16:02 -1000
Subject: [PATCH] Set |bn->neg| to zero in |bn_set_words|.

If the values of any of the coordinates in the output point |r| were
negative during nistz256 multiplication, then the calls to
|bn_set_word| would result in the wrong coordinates being returned
(the negatives of the correct coordinates would be returned instead).
Fix that.

Change-Id: I6048e62f76dca18f625650d11ef5a051c9e672a4
Reviewed-on: https://boringssl-review.googlesource.com/7442
Reviewed-by: David Benjamin <davidben@google.com>
---
 crypto/bn/bn.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crypto/bn/bn.c b/crypto/bn/bn.c
index d960f121..0ecaf825 100644
--- a/crypto/bn/bn.c
+++ b/crypto/bn/bn.c
@@ -274,6 +274,7 @@ int bn_set_words(BIGNUM *bn, const BN_ULONG *words, size_t num) {
   /* |bn_wexpand| verified that |num| isn't too large. */
   bn->top = (int)num;
   bn_correct_top(bn);
+  bn->neg = 0;
   return 1;
 }