diff options
author | David Benjamin <davidben@chromium.org> | 2015-03-19 03:37:12 +0300 |
---|---|---|
committer | Adam Langley <agl@google.com> | 2015-03-19 14:36:49 +0300 |
commit | 42574efaff5466104bc04692e48f0900cd1f971a (patch) | |
tree | a13c2a5e680b33d8a1303267fde5e3dcdae73f2d /crypto/bn/prime.c | |
parent | cdcecf546b8ea59cd0ac00a53cef7f31c3169480 (diff) |
Avoid undefined behavior in probable_prime.
(Imported from upstream's e4676e900f165f5272991443225813002300b09b.)
Change-Id: I678e158c223daf2f7f9114f4e743d531fe2e2a93
Reviewed-on: https://boringssl-review.googlesource.com/4044
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'crypto/bn/prime.c')
-rw-r--r-- | crypto/bn/prime.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/crypto/bn/prime.c b/crypto/bn/prime.c index 6bdc9217..cf3afcfd 100644 --- a/crypto/bn/prime.c +++ b/crypto/bn/prime.c @@ -659,7 +659,13 @@ again: /* If bits is so small that it fits into a single word then we * additionally don't want to exceed that many bits. */ if (is_single_word) { - BN_ULONG size_limit = (((BN_ULONG)1) << bits) - get_word(rnd) - 1; + BN_ULONG size_limit; + if (bits == BN_BITS2) { + /* Avoid undefined behavior. */ + size_limit = ~((BN_ULONG)0) - get_word(rnd); + } else { + size_limit = (((BN_ULONG)1) << bits) - get_word(rnd) - 1; + } if (size_limit < maxdelta) { maxdelta = size_limit; } |