aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2018-07-30 15:33:56 -0400
committerJack Lloyd <[email protected]>2018-07-30 15:35:49 -0400
commit66b7c7e1fe6d979fdd9b879b2ec63fe06c1f6fd9 (patch)
treef651efc2cb0330e6f2766331c8774be76ef38f76 /src
parentcb14e9ce95bcaae2ada7ffe96ef0cce6a2b38593 (diff)
Ensure values are fully reduced during ECDSA signature
It was possible that the Barrett reduction code would fall back to standard division due to getting an input that was >= order^2.
Diffstat (limited to 'src')
-rw-r--r--src/lib/pubkey/ecdsa/ecdsa.cpp6
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/pubkey/ecdsa/ecdsa.cpp b/src/lib/pubkey/ecdsa/ecdsa.cpp
index 2409d8f0d..a239aab73 100644
--- a/src/lib/pubkey/ecdsa/ecdsa.cpp
+++ b/src/lib/pubkey/ecdsa/ecdsa.cpp
@@ -106,10 +106,10 @@ ECDSA_Signature_Operation::raw_sign(const uint8_t msg[], size_t msg_len,
m_b = m_group.square_mod_order(m_b);
m_b_inv = m_group.square_mod_order(m_b_inv);
- m = m_group.multiply_mod_order(m_b, m);
- const BigInt xr = m_group.multiply_mod_order(m_x, m_b, r);
+ m = m_group.multiply_mod_order(m_b, m_group.mod_order(m));
+ const BigInt xr_m = m_group.mod_order(m_group.multiply_mod_order(m_x, m_b, r) + m);
- const BigInt s = m_group.multiply_mod_order(k_inv, xr + m, m_b_inv);
+ const BigInt s = m_group.multiply_mod_order(k_inv, xr_m, m_b_inv);
// With overwhelming probability, a bug rather than actual zero r/s
if(r.is_zero() || s.is_zero())