Old bug in gcry_mpi_invm producing wrong result
NIIBE Yutaka
gniibe at fsij.org
Tue May 10 09:05:16 CEST 2022
Guido Vranken wrote:
> It says that InvMod(18446744073709551615,
> 340282366762482138434845932244680310781) is
> 170141183381241069226646338154899963903 but that's not true, because
> 170141183381241069226646338154899963903 * 18446744073709551615 %
> 340282366762482138434845932244680310781 is 4294967297, not 1.
Thank you for your report. With libgcrypt 1.8, it works correctly.
It is tracked by: https://dev.gnupg.org/T5970
The fix I pushed is:
diff --git a/mpi/mpih-const-time.c b/mpi/mpih-const-time.c
index b527ad79..9d74d190 100644
--- a/mpi/mpih-const-time.c
+++ b/mpi/mpih-const-time.c
@@ -204,6 +204,13 @@ _gcry_mpih_cmp_ui (mpi_ptr_t up, mpi_size_t usize, unsigned long v)
is_all_zero &= (up[i] == 0);
if (is_all_zero)
- return up[0] - v;
+ {
+ if (up[0] < v)
+ return -1;
+ else if (up[0] > v)
+ return 1;
+ else
+ return 0;
+ }
return 1;
}
The expression of up[0] - v is only correct on 32-bit architecture.
It may return wrong result on 64-bit architecture.
--
More information about the Gcrypt-devel
mailing list