From aeca1f0afc9091dab9fe1f018ea600064531ccf0 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Wed, 23 Aug 2017 10:22:21 +0900
Subject: ecc: Fix ec_mulm_25519.

* mpi/ec.c (ec_mulm_25519): Fix the cases of 0 to 18.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 mpi/ec.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/mpi/ec.c b/mpi/ec.c
index 6f7df27f..21cf78b4 100644
--- a/mpi/ec.c
+++ b/mpi/ec.c
@@ -479,6 +479,11 @@ ec_mulm_25519 (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx)
   m[0] = (cy * 2 + msb) * 19;
   _gcry_mpih_add_n (wp, wp, m, wsize);
   wp[LIMB_SIZE_25519-1] &= ~(1UL << (255 % BITS_PER_MPI_LIMB));
+
+  m[0] = 0;
+  cy = _gcry_mpih_sub_n (wp, wp, ctx->p->d, wsize);
+  mpih_set_cond (m, ctx->p->d, wsize, (cy != 0UL));
+  _gcry_mpih_add_n (wp, wp, m, wsize);
 }
 
 static void
-- 
cgit v1.2.1