diff options
author | Werner Koch <wk@gnupg.org> | 2013-12-02 16:06:40 +0100 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2013-12-02 16:21:45 +0100 |
commit | 485f35124b1a74af0bad321ed70be3a79d8d11d7 (patch) | |
tree | 34cfaec859212b48b12f81ce14ec8d27b43e296b /cipher/ecc-eddsa.c | |
parent | ecb90f8e7c6f2516080d27ed7da6a25f2314da3c (diff) | |
download | libgcrypt-485f35124b1a74af0bad321ed70be3a79d8d11d7.tar.gz |
ecc: Fix eddsa point decompression.
* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_recover_x): Fix the negative
case.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'cipher/ecc-eddsa.c')
-rw-r--r-- | cipher/ecc-eddsa.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/cipher/ecc-eddsa.c b/cipher/ecc-eddsa.c index 92c0713f..29145f82 100644 --- a/cipher/ecc-eddsa.c +++ b/cipher/ecc-eddsa.c @@ -252,7 +252,7 @@ _gcry_ecc_eddsa_recover_x (gcry_mpi_t x, gcry_mpi_t y, int sign, mpi_ec_t ec) /* Choose the desired square root according to parity */ if (mpi_test_bit (x, 0) != !!sign) - gcry_mpi_neg (x, x); + mpi_sub (x, ec->p, x); mpi_free (t); mpi_free (v3); @@ -267,7 +267,7 @@ _gcry_ecc_eddsa_recover_x (gcry_mpi_t x, gcry_mpi_t y, int sign, mpi_ec_t ec) the usual curve context. If R_ENCPK is not NULL, the encoded PK is stored at that address; this is a new copy to be released by the caller. In contrast to the supplied PK, this is not an MPI and - thus guarnateed to be properly padded. R_ENCPKLEN received the + thus guarnateed to be properly padded. R_ENCPKLEN receives the length of that encoded key. */ gpg_err_code_t _gcry_ecc_eddsa_decodepoint (gcry_mpi_t pk, mpi_ec_t ctx, mpi_point_t result, |