summaryrefslogtreecommitdiffstats
path: root/src/crypto/bn/prime.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/crypto/bn/prime.c')
-rw-r--r--src/crypto/bn/prime.c14
1 files changed, 11 insertions, 3 deletions
diff --git a/src/crypto/bn/prime.c b/src/crypto/bn/prime.c
index fc9a3d5..cf3afcf 100644
--- a/src/crypto/bn/prime.c
+++ b/src/crypto/bn/prime.c
@@ -659,7 +659,13 @@ again:
/* If bits is so small that it fits into a single word then we
* additionally don't want to exceed that many bits. */
if (is_single_word) {
- BN_ULONG size_limit = (((BN_ULONG)1) << bits) - get_word(rnd) - 1;
+ BN_ULONG size_limit;
+ if (bits == BN_BITS2) {
+ /* Avoid undefined behavior. */
+ size_limit = ~((BN_ULONG)0) - get_word(rnd);
+ } else {
+ size_limit = (((BN_ULONG)1) << bits) - get_word(rnd) - 1;
+ }
if (size_limit < maxdelta) {
maxdelta = size_limit;
}
@@ -682,8 +688,9 @@ loop:
for (i = 1; i < NUMPRIMES && primes[i] < rnd_word; i++) {
if ((mods[i] + delta) % primes[i] == 0) {
delta += 2;
- if (delta > maxdelta)
+ if (delta > maxdelta) {
goto again;
+ }
goto loop;
}
}
@@ -693,8 +700,9 @@ loop:
* that gcd(rnd-1,primes) == 1 (except for 2) */
if (((mods[i] + delta) % primes[i]) <= 1) {
delta += 2;
- if (delta > maxdelta)
+ if (delta > maxdelta) {
goto again;
+ }
goto loop;
}
}
generated by cgit v1.1 at 2025-08-24 15:01:46 +0000