From 3161ce63b657589bb2c48ea49b02a4d42a1d02f5 Mon Sep 17 00:00:00 2001
Message-Id: <3161ce63b657589bb2c48ea49b02a4d42a1d02f5.1716389412.git.mdw@distorted.org.uk>
From: Mark Wooding <mdw@chiark.greenend.org.uk>
Date: Thu, 26 May 2016 09:26:09 +0100
Subject: [PATCH] pub/bbs-gen.c: Carefully generate numbers of the correct
 sizes.
Organization: Straylight/Edgeware

From: Mark Wooding <mdw@distorted.org.uk>

---
 pub/bbs-gen.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/pub/bbs-gen.c b/pub/bbs-gen.c
index d2b4b6e5..4796cf5c 100644
--- a/pub/bbs-gen.c
+++ b/pub/bbs-gen.c
@@ -65,7 +65,7 @@ int bbs_gen(bbs_priv *bp, unsigned nbits, grand *r, unsigned n,
   pgen_jumpctx j;
   pgen_gcdstepctx g;
   unsigned nb = nbits/2;
-  mp *x = MP_NEWSEC;
+  mp *x = MP_NEWSEC, *t = MP_NEW;
 
   /* --- Generate @p@ --- */
 
@@ -88,11 +88,15 @@ int bbs_gen(bbs_priv *bp, unsigned nbits, grand *r, unsigned n,
   g.r = mp_lsr(MP_NEW, bp->p, 1);
   g.g = MP_NEW;
   g.max = MP_ONE;
+  t = mp_lsl(t, MP_ONE, nbits - 1);
+  mp_div(&t, 0, t, bp->p);
+  if (MP_CMP(x, <, t)) x = mp_leastcongruent(x, t, x, g.jp.m);
   bp->q = pgen("q", MP_NEWSEC, x, event, ectx, n, pgen_gcdstep, &g,
 	       rabin_iters(nb), pgen_test, &rb);
   pfilt_destroy(&g.jp);
   mp_drop(g.r);
   mp_drop(g.g);
+  mp_drop(t);
   if (!bp->q) goto fail_q;
 
   /* --- Compute @n@ --- */
-- 
[mdw]