diff options
| -rw-r--r-- | lib/libcrypto/bn/bn_sqrt.c | 29 |
1 files changed, 15 insertions, 14 deletions
diff --git a/lib/libcrypto/bn/bn_sqrt.c b/lib/libcrypto/bn/bn_sqrt.c index 8514f23a274..4b9638b6dca 100644 --- a/lib/libcrypto/bn/bn_sqrt.c +++ b/lib/libcrypto/bn/bn_sqrt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_sqrt.c,v 1.9 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: bn_sqrt.c,v 1.10 2022/03/15 15:52:39 tb Exp $ */ /* Written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> * and Bodo Moeller for the OpenSSL project. */ /* ==================================================================== @@ -351,21 +351,22 @@ BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) goto vrfy; } - - /* find smallest i such that b^(2^i) = 1 */ - i = 1; - if (!BN_mod_sqr(t, b, p, ctx)) - goto end; - while (!BN_is_one(t)) { - i++; - if (i == e) { - BNerror(BN_R_NOT_A_SQUARE); - goto end; + /* Find the smallest i with 0 < i < e such that b^(2^i) = 1. */ + for (i = 1; i < e; i++) { + if (i == 1) { + if (!BN_mod_sqr(t, b, p, ctx)) + goto end; + } else { + if (!BN_mod_sqr(t, t, p, ctx)) + goto end; } - if (!BN_mod_mul(t, t, t, p, ctx)) - goto end; + if (BN_is_one(t)) + break; + } + if (i >= e) { + BNerror(BN_R_NOT_A_SQUARE); + goto end; } - /* t := y^2^(e - i - 1) */ if (!BN_copy(t, y)) |