CryptoLib bug

Jack Lacy (lacy@research.att.com)
Mon, 28 Sep 1998 13:57:17 -0400

• Next message: The Unicorn: "Any info on RPK?"
• Previous message: Eric Pan: "Re[2]: Alcot"

Cryptolib users,

Paul Kocher found a bug in CryptoLib's bigmath.c routines.
The bug is apparent when doing p = p-1
for large values of p . I haven't found any other places
in the library where this kind of operation is used
as I generally do pminus1 = p-1 to keep p around for
p prime.

Please pass this fix along.

The bad code and fix follow:

Bad code:

#define LONG_BORROWSTEP(i, C, A) { \
 (C)[(i)] = (Ulong)((long)(A)[(i)] + carry); \
 carry = (long)(-((C)[(i)] > (A)[(i)])); \
}

Good code:

#define LONG_BORROWSTEP(i, C, A) { \
 suml = A[i]; \
 (C)[(i)] = (Ulong)((long)(A)[(i)] + carry); \
 carry = (long)(-((C)[(i)] > (suml))); \
}

• Next message: The Unicorn: "Any info on RPK?"
• Previous message: Eric Pan: "Re[2]: Alcot"