diff options
author | Jack Lloyd <[email protected]> | 2018-06-18 19:12:34 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2018-06-18 19:12:34 -0400 |
commit | 7a13623a1ebf9ca289b0e4f5e5f08d1f415c0891 (patch) | |
tree | 7457da4b637560ece2c2b62a483b3f73463b81fa /src | |
parent | cb9a5724aed5293359d3d5b35447d50875756b06 (diff) |
Avoid a special case in Barrett reduction for x < mod
This would have prevented CVE-2018-12435
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/math/numbertheory/reducer.cpp | 11 |
1 files changed, 3 insertions, 8 deletions
diff --git a/src/lib/math/numbertheory/reducer.cpp b/src/lib/math/numbertheory/reducer.cpp index b59a8d989..c739ea31a 100644 --- a/src/lib/math/numbertheory/reducer.cpp +++ b/src/lib/math/numbertheory/reducer.cpp @@ -41,16 +41,11 @@ BigInt Modular_Reducer::reduce(const BigInt& x) const return (x % m_modulus); } - if(x_sw < m_mod_words - 1) - { - if(x.is_negative()) - return x + m_modulus; // make positive - return x; - } - secure_vector<word> ws; - BigInt t1(x.data() + (m_mod_words - 1), x_sw - (m_mod_words - 1)); + BigInt t1 = x; + t1.set_sign(BigInt::Positive); + t1 >>= (BOTAN_MP_WORD_BITS * (m_mod_words - 1)); t1.mul(m_mu, ws); t1 >>= (BOTAN_MP_WORD_BITS * (m_mod_words + 1)); |