aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2018-06-18 19:12:34 -0400
committerJack Lloyd <[email protected]>2018-06-18 19:12:34 -0400
commit7a13623a1ebf9ca289b0e4f5e5f08d1f415c0891 (patch)
tree7457da4b637560ece2c2b62a483b3f73463b81fa /src
parentcb9a5724aed5293359d3d5b35447d50875756b06 (diff)
Avoid a special case in Barrett reduction for x < mod
This would have prevented CVE-2018-12435
Diffstat (limited to 'src')
-rw-r--r--src/lib/math/numbertheory/reducer.cpp11
1 files changed, 3 insertions, 8 deletions
diff --git a/src/lib/math/numbertheory/reducer.cpp b/src/lib/math/numbertheory/reducer.cpp
index b59a8d989..c739ea31a 100644
--- a/src/lib/math/numbertheory/reducer.cpp
+++ b/src/lib/math/numbertheory/reducer.cpp
@@ -41,16 +41,11 @@ BigInt Modular_Reducer::reduce(const BigInt& x) const
return (x % m_modulus);
}
- if(x_sw < m_mod_words - 1)
- {
- if(x.is_negative())
- return x + m_modulus; // make positive
- return x;
- }
-
secure_vector<word> ws;
- BigInt t1(x.data() + (m_mod_words - 1), x_sw - (m_mod_words - 1));
+ BigInt t1 = x;
+ t1.set_sign(BigInt::Positive);
+ t1 >>= (BOTAN_MP_WORD_BITS * (m_mod_words - 1));
t1.mul(m_mu, ws);
t1 >>= (BOTAN_MP_WORD_BITS * (m_mod_words + 1));