From ff46b6b6cf43351b759b87c4c85de3364e7fab8a Mon Sep 17 00:00:00 2001
Message-Id: <ff46b6b6cf43351b759b87c4c85de3364e7fab8a.1718737879.git.mdw@distorted.org.uk>
From: Mark Wooding <mdw@chiark.greenend.org.uk>
Date: Fri, 13 Mar 2015 20:36:31 +0000
Subject: [PATCH] pub/rsa-recover.c: Give up if we run out of prime numbers.
Organization: Straylight/Edgeware

From: Mark Wooding <mdw@distorted.org.uk>

We have a 1/2 probability of winning for each prime, and `NPRIME' is at
least 256, so the chances of us giving up on an input which we could, in
fact, factor if we persevered are negligible.  We therefore neglect them.
---
 pub/rsa-recover.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pub/rsa-recover.c b/pub/rsa-recover.c
index bc3eda22..055d969a 100644
--- a/pub/rsa-recover.c
+++ b/pub/rsa-recover.c
@@ -116,6 +116,7 @@ int rsa_recover(rsa_priv *rp)
        * is a failure.
        */
 
+      if (i > NPRIME) goto out;
       aw = primetab[i++];
       z = mpmont_mul(&mm, z, &a, mm.r2);
       z = mpmont_expr(&mm, z, z, t);
-- 
[mdw]