Fix off-by-one error in SHA512_rng.

madars · madars · commit 523ca4b45f4b · 2017-06-06T17:03:20.000-04:00
This fixes issue originally filed in scipr-lab/libsnark#24.
diff --git a/src/common/rng.tcc b/src/common/rng.tcc
@@ -44,7 +44,9 @@ FieldT SHA512_rng(const uint64_t idx)
         }
 
         /* clear all bits higher than MSB of modulus */
-        size_t bitno = GMP_NUMB_BITS * FieldT::num_limbs;
+        size_t bitno = GMP_NUMB_BITS * FieldT::num_limbs - 1;
+
+        /* mod is non-zero so the loop will always terminate */
         while (FieldT::mod.test_bit(bitno) == false)
         {
             const std::size_t part = bitno/GMP_NUMB_BITS;

Original file line number	Diff line number	Diff line change
`@@ -44,7 +44,9 @@ FieldT SHA512_rng(const uint64_t idx)`
`44`	`44`	`}`
`45`	`45`
`46`	`46`	`/* clear all bits higher than MSB of modulus */`
`47`		`- size_t bitno = GMP_NUMB_BITS * FieldT::num_limbs;`
	`47`	`+ size_t bitno = GMP_NUMB_BITS * FieldT::num_limbs - 1;`
	`48`	`+`
	`49`	`+ /* mod is non-zero so the loop will always terminate */`
`48`	`50`	`while (FieldT::mod.test_bit(bitno) == false)`
`49`	`51`	`{`
`50`	`52`	`const std::size_t part = bitno/GMP_NUMB_BITS;`