mpi: Fix _gcry_mpih_mod implementation.

* mpi/mpih-const-time.c (_gcry_mpih_mod): Handle the overflow. -- GnuPG-bug-id: 5269 Reported-by: Guido Vranken <guidovranken@gmail.com> Fixes-commit: 95bdfd9ce9e114f447f3639e551e8f4f63d024fe Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
author: NIIBE Yutaka <gniibe@fsij.org> 2021-01-27 12:12:36 +0900
committer: NIIBE Yutaka <gniibe@fsij.org> 2021-01-27 12:12:36 +0900
commit: f06ff4e31c8e162f4a59986241c7ab43d5085927 (patch)
tree: 514e131e4ff964068fe004f7767ac7a524899007 /mpi
parent: fc901e978a0c18a3524cad5d1ef3451ed11b9347 (diff)
download: libgcrypt-f06ff4e31c8e162f4a59986241c7ab43d5085927.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/mpi/mpih-const-time.c b/mpi/mpih-const-time.c
index 5ebb8d11..96899505 100644
--- a/mpi/mpih-const-time.c
+++ b/mpi/mpih-const-time.c
@@ -170,12 +170,13 @@ _gcry_mpih_mod (mpi_ptr_t vp, mpi_size_t vsize,
       mpi_limb_t limb = vp[limbno];
       unsigned int the_bit = ((limb & (A_LIMB_1 << bitno)) ? 1 : 0);
       mpi_limb_t underflow;
+      mpi_limb_t overflow;
 
-      _gcry_mpih_lshift (rp, rp, usize, 1);
+      overflow = _gcry_mpih_lshift (rp, rp, usize, 1);
       rp[0] |= the_bit;
 
       underflow = _gcry_mpih_sub_n (rp, rp, up, usize);
-      mpih_add_n_cond (rp, rp, up, usize, underflow);
+      mpih_add_n_cond (rp, rp, up, usize, overflow ^ underflow);
     }
 
   return rp;
author	NIIBE Yutaka <gniibe@fsij.org>	2021-01-27 12:12:36 +0900
committer	NIIBE Yutaka <gniibe@fsij.org>	2021-01-27 12:12:36 +0900
commit	f06ff4e31c8e162f4a59986241c7ab43d5085927 (patch)
tree	514e131e4ff964068fe004f7767ac7a524899007 /mpi
parent	fc901e978a0c18a3524cad5d1ef3451ed11b9347 (diff)
download	libgcrypt-f06ff4e31c8e162f4a59986241c7ab43d5085927.tar.gz