diff options
author | Jeffrey Walton <noloader@gmail.com> | 2018-03-25 11:15:34 -0400 |
---|---|---|
committer | Jeffrey Walton <noloader@gmail.com> | 2018-03-25 11:15:34 -0400 |
commit | 932f392b2d335f4ffd8f69f811265118f5460c5d (patch) | |
tree | 8093460764a1a111021f2cda11ebf9228463ca36 /integer.cpp | |
parent | 34be01231c3d234de3fb5d77e9941faf842cd257 (diff) | |
download | cryptopp-git-932f392b2d335f4ffd8f69f811265118f5460c5d.tar.gz |
Fix incorrect InverseMod (GH #602)
cryptest.sh revealed a corner case still producing an incorrect result. We need to check for '*this > m', not '*this > 2m-1'.
The corner case looks obscure. The failure surfaced as 1 failed self test for about every 2048 tests. It was also in a code path where 'a' was explicitly set to '2m-1', with 'm' random.
The test result can be duplicated with 'cryptest.exe v 9996 1521969687'. The value '1521969687' is a seed for the random number generator to reproduce.
Diffstat (limited to 'integer.cpp')
-rw-r--r-- | integer.cpp | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/integer.cpp b/integer.cpp index cf6c6ee9..48ae5470 100644 --- a/integer.cpp +++ b/integer.cpp @@ -4382,9 +4382,8 @@ Integer Integer::InverseMod(const Integer &m) const if (IsNegative())
return Modulo(m).InverseModNext(m);
- // Place *this in the range [0, 2m-1]
// http://github.com/weidai11/cryptopp/issues/602
- if (*this >= (m << 1))
+ if (*this > m)
return Modulo(m).InverseModNext(m);
return InverseModNext(m);
|