Otherwise following operations would bail out in bn_check_top().
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24265)
ossl_bn_mask_bits_fixed_top(r, n);
}
while (BN_ucmp(r, range) >= 0);
+#ifdef BN_DEBUG
+ /* With BN_DEBUG on a fixed top number cannot be returned */
+ bn_correct_top(r);
+#endif
}
return 1;
if (BN_ucmp(out, range) < 0) {
ret = 1;
+#ifdef BN_DEBUG
+ /* With BN_DEBUG on a fixed top number cannot be returned */
+ bn_correct_top(out);
+#endif
goto end;
}
}
} while (ossl_bn_is_word_fixed_top(out, 0)
|| ossl_bn_is_word_fixed_top(out, 1)
|| BN_ucmp(out, q) >= 0);
+#ifdef BN_DEBUG
+ /* With BN_DEBUG on a fixed top number cannot be returned */
+ bn_correct_top(out);
+#endif
ret = 1;
end: