summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNIIBE Yutaka <gniibe@fsij.org>2017-08-23 13:03:07 +0900
committerNIIBE Yutaka <gniibe@fsij.org>2017-08-23 13:03:07 +0900
commit8728d5e6cb18cc15f24d7188e7c4175913031977 (patch)
tree2f76ea7d9fc2b24200d6f193581db667cb15d3a4
parent5bbe5e9505b93e7fac94cbaa8464b94a634faf5b (diff)
downloadlibgcrypt-gniibe-T3358.tar.gz
ecc: Fix ec_mulm_25519.gniibe-T3358
* mpi/ec.c (ec_mulm_25519): Improve reduction to 25519. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Diffstat
-rw-r--r--mpi/ec.c7
1 files changed, 2 insertions, 5 deletions
diff --git a/mpi/ec.c b/mpi/ec.c
index 7a56112e..eb71a639 100644
--- a/mpi/ec.c
+++ b/mpi/ec.c
@@ -455,13 +455,10 @@ ec_mulm_25519 (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx)
m[LIMB_SIZE_25519] += cy;
memset (m, 0, wsize * BYTES_PER_MPI_LIMB);
- m[0] = m[LIMB_SIZE_25519] * 2 * 19;
- cy = _gcry_mpih_add_n (wp, wp, m, wsize);
-
msb = (wp[LIMB_SIZE_25519-1] >> (255 % BITS_PER_MPI_LIMB));
- m[0] = (cy * 2 + msb) * 19;
- _gcry_mpih_add_n (wp, wp, m, wsize);
+ m[0] = (m[LIMB_SIZE_25519] * 2 + msb) * 19;
wp[LIMB_SIZE_25519-1] &= ~(1UL << (255 % BITS_PER_MPI_LIMB));
+ _gcry_mpih_add_n (wp, wp, m, wsize);
m[0] = 0;
cy = _gcry_mpih_sub_n (wp, wp, ctx->p->d, wsize);
View Lorry Controller Status