From 32356acc4f54d17564a35915997258d88f3dedba Mon Sep 17 00:00:00 2001
From: Paul Bakker <p.j.bakker@polarssl.org>
Date: Fri, 20 Apr 2012 13:34:52 +0000
Subject: [PATCH]  - Fixed handling error in mpi_cmp_mpi() on longer B values
 (found by Hui Dong)

---
 ChangeLog        | 4 ++++
 library/bignum.c | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 474b4feac..5c1a022a4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,10 @@
 PolarSSL ChangeLog
 
 = Version 1.1.2 released on 2012-04-20
+Bugfix
+   * Fixed handling error in mpi_cmp_mpi() on longer B values (found by
+     Hui Dong)
+
 Security
    * Fixed potential memory corruption on miscrafted client messages (found by
      Frama-C team at CEA LIST)
diff --git a/library/bignum.c b/library/bignum.c
index a74476711..e2cc06f24 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -687,7 +687,7 @@ int mpi_cmp_mpi( const mpi *X, const mpi *Y )
         return( 0 );
 
     if( i > j ) return(  X->s );
-    if( j > i ) return( -X->s );
+    if( j > i ) return( -Y->s );
 
     if( X->s > 0 && Y->s < 0 ) return(  1 );
     if( Y->s > 0 && X->s < 0 ) return( -1 );