diff --git a/ChangeLog b/ChangeLog
index c99ba251cf09cb8c95dee8e153b6ad4949035cae..10381aa67c956a3073904abec22d8ac16b9d5dc4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2012-04-23 Niels Möller <nisse@lysator.liu.se>
+
+ * nettle-internal.h (NETTLE_MAX_BIGNUM_SIZE): New constant. Based
+ on NETTLE_MAX_BIGNUM_BITS, rounded upwards. Replaced all uses of
+ NETTLE_MAX_BIGNUM_BITS.
+
2012-04-19 Niels Möller <nisse@lysator.liu.se>
* list-obj-sizes.awk: Use decimal rather than hexadecimal output.
diff --git a/bignum-random.c b/bignum-random.c
index 6a93a5ab6fdbc67c6989cb37b2b875a3269a1227..6b745d88bbae7be72e57af649b4773a252133aa2 100644
--- a/bignum-random.c
+++ b/bignum-random.c
@@ -38,7 +38,7 @@ nettle_mpz_random_size(mpz_t x,
unsigned bits)
{
unsigned length = (bits + 7) / 8;
- TMP_DECL(data, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
+ TMP_DECL(data, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
TMP_ALLOC(data, length);
random(ctx, length, data);
diff --git a/nettle-internal.h b/nettle-internal.h
index 888223932008b5a42e58a160552b930ea12571dd..f1a904291dbed374189d8f99b6c10c23b7506aa3 100644
--- a/nettle-internal.h
+++ b/nettle-internal.h
@@ -45,6 +45,7 @@ do { if (size > (sizeof(name) / sizeof(name[0]))) abort(); } while (0)
/* Arbitrary limits which apply to systems that don't have alloca */
#define NETTLE_MAX_BIGNUM_BITS 10000
+#define NETTLE_MAX_BIGNUM_SIZE ((NETTLE_MAX_BIGNUM_BITS + 7)/8)
#define NETTLE_MAX_HASH_BLOCK_SIZE 128
#define NETTLE_MAX_HASH_DIGEST_SIZE 64
#define NETTLE_MAX_SEXP_ASSOC 17
diff --git a/pkcs1-decrypt.c b/pkcs1-decrypt.c
index bd21f88b3c1cd24a7cf02c014b71d5f71c55f2cb..eb003528e296802d0eb1e03a5ee6e00f54105e3e 100644
--- a/pkcs1-decrypt.c
+++ b/pkcs1-decrypt.c
@@ -38,11 +38,11 @@ pkcs1_decrypt (unsigned key_size,
const mpz_t m,
unsigned *length, uint8_t *message)
{
- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
+ TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
uint8_t *terminator;
unsigned padding;
unsigned message_length;
-
+
TMP_ALLOC(em, key_size);
nettle_mpz_get_str_256(key_size, em, m);
diff --git a/pkcs1-rsa-md5.c b/pkcs1-rsa-md5.c
index b7980e7dff45894f66d3f6640d106482849ea48a..8284f4f244b904e115dbb2619fe94ffbb2eb42db 100644
--- a/pkcs1-rsa-md5.c
+++ b/pkcs1-rsa-md5.c
@@ -64,7 +64,7 @@ md5_prefix[] =
int
pkcs1_rsa_md5_encode(mpz_t m, unsigned size, struct md5_ctx *hash)
{
- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
+ TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
TMP_ALLOC(em, size);
if (pkcs1_signature_prefix(size, em,
@@ -83,7 +83,7 @@ pkcs1_rsa_md5_encode(mpz_t m, unsigned size, struct md5_ctx *hash)
int
pkcs1_rsa_md5_encode_digest(mpz_t m, unsigned size, const uint8_t *digest)
{
- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
+ TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
TMP_ALLOC(em, size);
if (pkcs1_signature_prefix(size, em,
diff --git a/pkcs1-rsa-sha1.c b/pkcs1-rsa-sha1.c
index 656bba0508353231dac11a8aad449213081d314f..78143a770ead26c0c4a96ee1b6a02a44cd135e29 100644
--- a/pkcs1-rsa-sha1.c
+++ b/pkcs1-rsa-sha1.c
@@ -64,7 +64,7 @@ sha1_prefix[] =
int
pkcs1_rsa_sha1_encode(mpz_t m, unsigned size, struct sha1_ctx *hash)
{
- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
+ TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
TMP_ALLOC(em, size);
if (pkcs1_signature_prefix(size, em,
@@ -83,7 +83,7 @@ pkcs1_rsa_sha1_encode(mpz_t m, unsigned size, struct sha1_ctx *hash)
int
pkcs1_rsa_sha1_encode_digest(mpz_t m, unsigned size, const uint8_t *digest)
{
- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
+ TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
TMP_ALLOC(em, size);
if (pkcs1_signature_prefix(size, em,
diff --git a/pkcs1-rsa-sha256.c b/pkcs1-rsa-sha256.c
index a374768b5d7ab2bd7e5ec219a62239eca0d60395..a02a3e9529199e1c11e92487014ccc1045b2e682 100644
--- a/pkcs1-rsa-sha256.c
+++ b/pkcs1-rsa-sha256.c
@@ -62,7 +62,7 @@ sha256_prefix[] =
int
pkcs1_rsa_sha256_encode(mpz_t m, unsigned size, struct sha256_ctx *hash)
{
- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
+ TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
TMP_ALLOC(em, size);
if (pkcs1_signature_prefix(size, em,
@@ -81,7 +81,7 @@ pkcs1_rsa_sha256_encode(mpz_t m, unsigned size, struct sha256_ctx *hash)
int
pkcs1_rsa_sha256_encode_digest(mpz_t m, unsigned size, const uint8_t *digest)
{
- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
+ TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
TMP_ALLOC(em, size);
if (pkcs1_signature_prefix(size, em,
diff --git a/pkcs1-rsa-sha512.c b/pkcs1-rsa-sha512.c
index fd58999c8be55a9d50ad06d25ab441d2422193d8..df7520e5224760847886ee7c6b8b7ff8ff5e0493 100644
--- a/pkcs1-rsa-sha512.c
+++ b/pkcs1-rsa-sha512.c
@@ -62,7 +62,7 @@ sha512_prefix[] =
int
pkcs1_rsa_sha512_encode(mpz_t m, unsigned size, struct sha512_ctx *hash)
{
- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
+ TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
TMP_ALLOC(em, size);
if (pkcs1_signature_prefix(size, em,
@@ -82,7 +82,7 @@ pkcs1_rsa_sha512_encode(mpz_t m, unsigned size, struct sha512_ctx *hash)
int
pkcs1_rsa_sha512_encode_digest(mpz_t m, unsigned size, const uint8_t *digest)
{
- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
+ TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
TMP_ALLOC(em, size);
if (pkcs1_signature_prefix(size, em,
diff --git a/rsa-encrypt.c b/rsa-encrypt.c
index fb346db751397be3c288b1b507960631c4b0ef9c..29523fcbd93dee2c5ebf73fb27e4cbd8d70ed126 100644
--- a/rsa-encrypt.c
+++ b/rsa-encrypt.c
@@ -43,7 +43,7 @@ rsa_encrypt(const struct rsa_public_key *key,
unsigned length, const uint8_t *message,
mpz_t gibbberish)
{
- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
+ TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
unsigned padding;
unsigned i;