avoid potential infinite loop in final reduction round of BN_GF2m_mod_arr()

[openssl.git] / crypto / bn / bn_gf2m.c

diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c
index be409e1187946efe7264e7ac9702e36383642b49..f7551dacd91d08372b2f85f5bea5d4e4dbba37c9 100644 (file)
--- a/crypto/bn/bn_gf2m.c
+++ b/crypto/bn/bn_gf2m.c
@@ -322,7 +322,11 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[])
                if (zz == 0) break;
                d1 = BN_BITS2 - d0;
                
-               if (d0) z[dN] = (z[dN] << d1) >> d1; /* clear up the top d1 bits */
+               /* clear up the top d1 bits */
+               if (d0)
+                       z[dN] = (z[dN] << d1) >> d1;
+               else
+                       z[dN] = 0;
                z[0] ^= zz; /* reduction t^0 component */
 
                for (k = 1; p[k] != 0; k++)