From 8228fd89fc63ea766529075ac25628c47d4d5546 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Mon, 23 Jun 2008 20:46:24 +0000 Subject: avoid potential infinite loop in final reduction round of BN_GF2m_mod_arr() Submitted by: Huang Ying Reviewed by: Douglas Stebila --- crypto/bn/bn_gf2m.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'crypto/bn/bn_gf2m.c') diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c index be409e1..f7551da 100644 --- a/crypto/bn/bn_gf2m.c +++ b/crypto/bn/bn_gf2m.c @@ -322,7 +322,11 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]) if (zz == 0) break; d1 = BN_BITS2 - d0; - if (d0) z[dN] = (z[dN] << d1) >> d1; /* clear up the top d1 bits */ + /* clear up the top d1 bits */ + if (d0) + z[dN] = (z[dN] << d1) >> d1; + else + z[dN] = 0; z[0] ^= zz; /* reduction t^0 component */ for (k = 1; p[k] != 0; k++) -- cgit v1.1