ecc: Fix ec_mulm_25519.

* mpi/ec.c (ec_mulm_25519): Fix the cases of 0 to 18. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
author: NIIBE Yutaka <gniibe@fsij.org> 2017-08-23 10:22:21 +0900
committer: NIIBE Yutaka <gniibe@fsij.org> 2017-08-23 10:22:21 +0900
commit: aeca1f0afc9091dab9fe1f018ea600064531ccf0 (patch)
tree: a09d438a7a39c0c3b4836d16ac6173597bcfd03c
parent: 02444ab2addeaf9b41aa1bed82cfc7b1ca67404f (diff)
download: libgcrypt-aeca1f0afc9091dab9fe1f018ea600064531ccf0.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/mpi/ec.c b/mpi/ec.c
index 6f7df27f..21cf78b4 100644
--- a/mpi/ec.c
+++ b/mpi/ec.c
@@ -479,6 +479,11 @@ ec_mulm_25519 (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx)
   m[0] = (cy * 2 + msb) * 19;
   _gcry_mpih_add_n (wp, wp, m, wsize);
   wp[LIMB_SIZE_25519-1] &= ~(1UL << (255 % BITS_PER_MPI_LIMB));
+
+  m[0] = 0;
+  cy = _gcry_mpih_sub_n (wp, wp, ctx->p->d, wsize);
+  mpih_set_cond (m, ctx->p->d, wsize, (cy != 0UL));
+  _gcry_mpih_add_n (wp, wp, m, wsize);
 }
 
 static void
author	NIIBE Yutaka <gniibe@fsij.org>	2017-08-23 10:22:21 +0900
committer	NIIBE Yutaka <gniibe@fsij.org>	2017-08-23 10:22:21 +0900
commit	aeca1f0afc9091dab9fe1f018ea600064531ccf0 (patch)
tree	a09d438a7a39c0c3b4836d16ac6173597bcfd03c
parent	02444ab2addeaf9b41aa1bed82cfc7b1ca67404f (diff)
download	libgcrypt-aeca1f0afc9091dab9fe1f018ea600064531ccf0.tar.gz