From cfa6779e85fc96d709e30240454bc5438bae67f1 Mon Sep 17 00:00:00 2001
From: Marcel Keller <mks.keller@gmail.com>
Date: Wed, 19 Dec 2018 13:50:43 +1100
Subject: [PATCH] Bug.

---
 Tools/random.cpp | 5 ++++-
 Tools/random.h   | 3 +--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/Tools/random.cpp b/Tools/random.cpp
index 660ba1b2..c4425027 100644
--- a/Tools/random.cpp
+++ b/Tools/random.cpp
@@ -146,7 +146,7 @@ void PRNG::get_octetStream(octetStream& ans,int len)
 }
 
 
-void PRNG::randomBnd(mp_limb_t* res, const mp_limb_t* B, size_t n_bytes)
+void PRNG::randomBnd(mp_limb_t* res, const mp_limb_t* B, size_t n_bytes, mp_limb_t mask)
 {
   if (n_bytes == 16)
     do
@@ -156,7 +156,10 @@ void PRNG::randomBnd(mp_limb_t* res, const mp_limb_t* B, size_t n_bytes)
     {
       size_t n_limbs = (n_bytes + sizeof(mp_limb_t) - 1) / sizeof(mp_limb_t);
       do
+      {
         get_octets((octet*) res, n_bytes);
+        res[n_limbs - 1] &= mask;
+      }
       while (mpn_cmp(res, B, n_limbs) >= 0);
     }
 }
diff --git a/Tools/random.h b/Tools/random.h
index a2bb0c3c..83639d53 100644
--- a/Tools/random.h
+++ b/Tools/random.h
@@ -75,8 +75,7 @@ class PRNG
    void get(int& res, int n_bits, bool positive = true);
    void randomBnd(bigint& res, const bigint& B, bool positive=true);
    bigint randomBnd(const bigint& B, bool positive=true);
-   // only efficient if byte length of B is exactly n_bytes
-   void randomBnd(mp_limb_t* res, const mp_limb_t* B, size_t n_bytes);
+   void randomBnd(mp_limb_t* res, const mp_limb_t* B, size_t n_bytes, mp_limb_t mask = -1);
    word get_word()
      {
        word a;