aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2018-05-31 17:18:20 -0400
committerJack Lloyd <[email protected]>2018-05-31 17:18:20 -0400
commitec6afeece0894aee67b4ff1b7ac88403d15219bf (patch)
tree266e487395345d174276630fc43a348c6f4e115b /src/lib
parentb3e4f1421b432e239ce76d72869a0e28089748f5 (diff)
Correct error in P-224 computation
If x was very small to start with x.size() might be under the limb count which would cause the final addition to throw because the destination array was smaller than the P-224 p being added. Caught by Wycheproof ECDSA tests
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/math/numbertheory/nistp_redc.cpp5
1 files changed, 3 insertions, 2 deletions
diff --git a/src/lib/math/numbertheory/nistp_redc.cpp b/src/lib/math/numbertheory/nistp_redc.cpp
index 33e77562e..b74a2f9c6 100644
--- a/src/lib/math/numbertheory/nistp_redc.cpp
+++ b/src/lib/math/numbertheory/nistp_redc.cpp
@@ -221,6 +221,8 @@ const BigInt& prime_p224()
void redc_p224(BigInt& x, secure_vector<word>& ws)
{
+ static const size_t p224_limbs = (BOTAN_MP_WORD_BITS == 32) ? 7 : 4;
+
BOTAN_UNUSED(ws);
const int64_t X00 = get_uint32_t(x, 0);
@@ -249,6 +251,7 @@ void redc_p224(BigInt& x, secure_vector<word>& ws)
const int64_t S6 = 0xFFFFFFFF + X06 + X10 - X13;
x.mask_bits(224);
+ x.shrink_to_fit(p224_limbs + 1);
int64_t S = 0;
uint32_t R0 = 0, R1 = 0;
@@ -291,8 +294,6 @@ void redc_p224(BigInt& x, secure_vector<word>& ws)
BOTAN_ASSERT(S >= 0 && S <= 2, "Expected overflow in P-224 reduce");
- static const size_t p224_limbs = (BOTAN_MP_WORD_BITS == 32) ? 7 : 4;
-
static const word p224_mults[3][p224_limbs] = {
#if (BOTAN_MP_WORD_BITS == 64)
{0x0000000000000001, 0xFFFFFFFF00000000, 0xFFFFFFFFFFFFFFFF, 0x00000000FFFFFFFF},