arne
/
cryptopp
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix incorrect InverseMod (GH #602) 

cryptest.sh revealed a corner case still producing an incorrect result. We need to check for '*this > m', not '*this > 2m-1'.

The corner case looks obscure. The failure surfaced as 1 failed self test for about every 2048 tests. It was also in a code path where 'a' was explicitly set to '2m-1', with 'm' random.

The test result can be duplicated with 'cryptest.exe v 9996 1521969687'. The value '1521969687' is a seed for the random number generator to reproduce.
pull/605/head
Jeffrey Walton 2018-03-25 11:15:34 -04:00
parent 34be01231c
commit 932f392b2d
No known key found for this signature in database
GPG Key ID: B36AB348921B1838
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
integer.cpp
View File

@ -4382,9 +4382,8 @@ Integer Integer::InverseMod(const Integer &m) const
if (IsNegative()) if (IsNegative())
return Modulo(m).InverseModNext(m); return Modulo(m).InverseModNext(m);
// Place *this in the range [0, 2m-1]
// http://github.com/weidai11/cryptopp/issues/602 // http://github.com/weidai11/cryptopp/issues/602
if (*this >= (m << 1)) if (*this > m)
return Modulo(m).InverseModNext(m); return Modulo(m).InverseModNext(m);
return InverseModNext(m); return InverseModNext(m);