Fix canonical reduction in gostdsa_vko.

* gostdsa-vko.c (gostdsa_vko): Use ecc_mod_mul_canonical to compute the scalar used for ecc multiplication.
author: Niels Möller <nisse@lysator.liu.se> 2021-03-13 16:45:34 +0100
committer: Niels Möller <nisse@lysator.liu.se> 2021-03-13 19:20:39 +0100
commit: b30e0ca6d2b41579a5b6a010fc54065d790e8d55 (patch)
tree: b07098979264a69d06333eedba93d2ac8dacdacb
parent: d9b564e4b3b3a5691afb9328c7342b3f7ca64288 (diff)
download: nettle-b30e0ca6d2b41579a5b6a010fc54065d790e8d55.tar.gz
2 files changed, 4 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 202dc275..468b98a5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
 2021-03-13  Niels Möller  <nisse@lysator.liu.se>
 
+	* gostdsa-vko.c (gostdsa_vko): Use ecc_mod_mul_canonical to
+	compute the scalar used for ecc multiplication.
+
 	* eddsa-hash.c (_eddsa_hash): Ensure result is canonically
 	reduced. Two of the three call sites need that.
 
diff --git a/gostdsa-vko.c b/gostdsa-vko.c
index a02d59a9..3dc42a1e 100644
--- a/gostdsa-vko.c
+++ b/gostdsa-vko.c
@@ -87,7 +87,7 @@ gostdsa_vko (const struct ecc_scalar *priv,
   if (mpn_zero_p (UKM, size))
     UKM[0] = 1;
 
-  ecc_mod_mul (&ecc->q, TEMP, priv->p, UKM, TEMP); /* TEMP = UKM * priv */
+  ecc_mod_mul_canonical (&ecc->q, TEMP, priv->p, UKM, TEMP); /* TEMP = UKM * priv */
   ecc->mul (ecc, XYZ, TEMP, pub->p, scratch + 4*size); /* XYZ = UKM * priv * pub */
   ecc->h_to_a (ecc, 0, TEMP, XYZ, scratch + 5*size); /* TEMP = XYZ */
   mpn_get_base256_le (out, bsize, TEMP, size);
author	Niels Möller <nisse@lysator.liu.se>	2021-03-13 16:45:34 +0100
committer	Niels Möller <nisse@lysator.liu.se>	2021-03-13 19:20:39 +0100
commit	b30e0ca6d2b41579a5b6a010fc54065d790e8d55 (patch)
tree	b07098979264a69d06333eedba93d2ac8dacdacb
parent	d9b564e4b3b3a5691afb9328c7342b3f7ca64288 (diff)
download	nettle-b30e0ca6d2b41579a5b6a010fc54065d790e8d55.tar.gz