From d49b38c561fac719cf1f7a40cc47a64e2a90032b Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Sat, 25 Mar 2023 11:02:26 +0000
Subject: [PATCH] Add checks to ensure the uint16_t array isn't overflowed when
 this script is run. This is more of an issue with uint16_t now than it was
 with prime_t aka BN_ULONG before r1.6.

---
 lib/libcrypto/bn/bn_prime.pl | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/libcrypto/bn/bn_prime.pl b/lib/libcrypto/bn/bn_prime.pl
index bc85909bfb1..4692e7f419d 100644
--- a/lib/libcrypto/bn/bn_prime.pl
+++ b/lib/libcrypto/bn/bn_prime.pl
@@ -4,6 +4,9 @@
 $num=2048;
 $num=$ARGV[0] if ($#ARGV >= 0);
 
+# The 6543rd prime is 2^16 + 1.
+die "$num must be smaller than 6543" if $num >= 6543;
+
 push(@primes,2);
 $p=1;
 loop: while ($#primes < $num-1)
@@ -46,6 +49,7 @@ for ($i=0; $i <= $#primes; $i++)
 	} else {
 		printf(" ");
 	}
+	die "\$primes[$i] is too large: $primes[$i]" if $primes[$i] > 65535;
 	printf("%5d,",$primes[$i]);
 	}
 print "\n};\n";
-- 
2.20.1