Fix for CVE-2015-2141. Thanks to Evgeny Sidorov for reporting. Squaring to satisfy Jacobi requirements suggested by JPM.

git-svn-id: svn://svn.code.sf.net/p/cryptopp/code/trunk/c5@542 57ff6487-cd31-0410-9ec3-f628ee90f5f0
author: noloader <noloader@57ff6487-cd31-0410-9ec3-f628ee90f5f0> 2015-06-27 21:52:57 +0000
committer: noloader <noloader@57ff6487-cd31-0410-9ec3-f628ee90f5f0> 2015-06-27 21:52:57 +0000
commit: 1474faab25ee0d59f75c450abe47542f0747e21d (patch)
tree: 25fa3b876c07a36ac859928c8577ca626a691515
parent: 2636b5cd3df492830d3546c4d8934a971d3150c7 (diff)
download: cryptopp-1474faab25ee0d59f75c450abe47542f0747e21d.tar.gz
1 files changed, 7 insertions, 1 deletions
diff --git a/rw.cpp b/rw.cpp
index cdd9f2d..0b9318b 100644
--- a/rw.cpp
+++ b/rw.cpp
@@ -126,10 +126,16 @@ Integer InvertibleRWFunction::CalculateInverse(RandomNumberGenerator &rng, const
 	DoQuickSanityCheck();
 	ModularArithmetic modn(m_n);
 	Integer r, rInv;
-	do {	// do this in a loop for people using small numbers for testing
+
+	// do this in a loop for people using small numbers for testing
+	do {
 		r.Randomize(rng, Integer::One(), m_n - Integer::One());
+		// Fix for CVE-2015-2141. Thanks to Evgeny Sidorov for reporting.
+		// Squaring to satisfy Jacobi requirements suggested by JPM.
+		r = modn.Square(r);
 		rInv = modn.MultiplicativeInverse(r);
 	} while (rInv.IsZero());
+
 	Integer re = modn.Square(r);
 	re = modn.Multiply(re, x);			// blind
author	noloader <noloader@57ff6487-cd31-0410-9ec3-f628ee90f5f0>	2015-06-27 21:52:57 +0000
committer	noloader <noloader@57ff6487-cd31-0410-9ec3-f628ee90f5f0>	2015-06-27 21:52:57 +0000
commit	1474faab25ee0d59f75c450abe47542f0747e21d (patch)
tree	25fa3b876c07a36ac859928c8577ca626a691515
parent	2636b5cd3df492830d3546c4d8934a971d3150c7 (diff)
download	cryptopp-1474faab25ee0d59f75c450abe47542f0747e21d.tar.gz