Improve robustness in modpow().

[originally from svn r4372]
2025-05-28 23:34:49 -05:00 · 2004-07-29 15:44:35 +00:00 · 2004-07-29 15:44:35 +00:00 · 501997ab2b
commit 501997ab2b
parent 970079d102
1 changed files with 17 additions and 5 deletions
--- a/sshbn.c
+++ b/sshbn.c
@ -3,6 +3,7 @@
 */

 #include <stdio.h>
+#include <assert.h>
 #include <stdlib.h>
 #include <string.h>

@ -226,16 +227,25 @@ static void internal_mod(BignumInt *a, int alen,

 /*
 * Compute (base ^ exp) % mod.
- * The base MUST be smaller than the modulus.
- * The most significant word of mod MUST be non-zero.
- * We assume that the result array is the same size as the mod array.
 */
-Bignum modpow(Bignum base, Bignum exp, Bignum mod)
+Bignum modpow(Bignum base_in, Bignum exp, Bignum mod)
 {
    BignumInt *a, *b, *n, *m;
    int mshift;
    int mlen, i, j;
-    Bignum result;
+    Bignum base, result;
+
+    /*
+     * The most significant word of mod needs to be non-zero. It
+     * should already be, but let's make sure.
+     */
+    assert(mod[mod[0]] != 0);
+
+    /*
+     * Make sure the base is smaller than the modulus, by reducing
+     * it modulo the modulus if not.
+     */
+    base = bigmod(base_in, mod);

    /* Allocate m of size mlen, copy mod to m */
    /* We use big endian internally */
@ -331,6 +341,8 @@ Bignum modpow(Bignum base, Bignum exp, Bignum mod)
 	n[i] = 0;
    sfree(n);

+    freebn(base);
+
    return result;
 }