diff options
author | Jack Lloyd <[email protected]> | 2018-05-31 17:18:20 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2018-05-31 17:18:20 -0400 |
commit | ec6afeece0894aee67b4ff1b7ac88403d15219bf (patch) | |
tree | 266e487395345d174276630fc43a348c6f4e115b /src/lib | |
parent | b3e4f1421b432e239ce76d72869a0e28089748f5 (diff) |
Correct error in P-224 computation
If x was very small to start with x.size() might be under the
limb count which would cause the final addition to throw because
the destination array was smaller than the P-224 p being added.
Caught by Wycheproof ECDSA tests
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/math/numbertheory/nistp_redc.cpp | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/lib/math/numbertheory/nistp_redc.cpp b/src/lib/math/numbertheory/nistp_redc.cpp index 33e77562e..b74a2f9c6 100644 --- a/src/lib/math/numbertheory/nistp_redc.cpp +++ b/src/lib/math/numbertheory/nistp_redc.cpp @@ -221,6 +221,8 @@ const BigInt& prime_p224() void redc_p224(BigInt& x, secure_vector<word>& ws) { + static const size_t p224_limbs = (BOTAN_MP_WORD_BITS == 32) ? 7 : 4; + BOTAN_UNUSED(ws); const int64_t X00 = get_uint32_t(x, 0); @@ -249,6 +251,7 @@ void redc_p224(BigInt& x, secure_vector<word>& ws) const int64_t S6 = 0xFFFFFFFF + X06 + X10 - X13; x.mask_bits(224); + x.shrink_to_fit(p224_limbs + 1); int64_t S = 0; uint32_t R0 = 0, R1 = 0; @@ -291,8 +294,6 @@ void redc_p224(BigInt& x, secure_vector<word>& ws) BOTAN_ASSERT(S >= 0 && S <= 2, "Expected overflow in P-224 reduce"); - static const size_t p224_limbs = (BOTAN_MP_WORD_BITS == 32) ? 7 : 4; - static const word p224_mults[3][p224_limbs] = { #if (BOTAN_MP_WORD_BITS == 64) {0x0000000000000001, 0xFFFFFFFF00000000, 0xFFFFFFFFFFFFFFFF, 0x00000000FFFFFFFF}, |