ecc: Fix eddsa point decompression.

* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_recover_x): Fix the negative case. Signed-off-by: Werner Koch <wk@gnupg.org>
author: Werner Koch <wk@gnupg.org> 2013-12-02 16:06:40 +0100
committer: Werner Koch <wk@gnupg.org> 2013-12-02 16:21:45 +0100
commit: 485f35124b1a74af0bad321ed70be3a79d8d11d7 (patch)
tree: 34cfaec859212b48b12f81ce14ec8d27b43e296b /cipher/ecc-eddsa.c
parent: ecb90f8e7c6f2516080d27ed7da6a25f2314da3c (diff)
download: libgcrypt-485f35124b1a74af0bad321ed70be3a79d8d11d7.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/cipher/ecc-eddsa.c b/cipher/ecc-eddsa.c
index 92c0713f..29145f82 100644
--- a/cipher/ecc-eddsa.c
+++ b/cipher/ecc-eddsa.c
@@ -252,7 +252,7 @@ _gcry_ecc_eddsa_recover_x (gcry_mpi_t x, gcry_mpi_t y, int sign, mpi_ec_t ec)
 
   /* Choose the desired square root according to parity */
   if (mpi_test_bit (x, 0) != !!sign)
-    gcry_mpi_neg (x, x);
+    mpi_sub (x, ec->p, x);
 
   mpi_free (t);
   mpi_free (v3);
@@ -267,7 +267,7 @@ _gcry_ecc_eddsa_recover_x (gcry_mpi_t x, gcry_mpi_t y, int sign, mpi_ec_t ec)
    the usual curve context.  If R_ENCPK is not NULL, the encoded PK is
    stored at that address; this is a new copy to be released by the
    caller.  In contrast to the supplied PK, this is not an MPI and
-   thus guarnateed to be properly padded.  R_ENCPKLEN received the
+   thus guarnateed to be properly padded.  R_ENCPKLEN receives the
    length of that encoded key.  */
 gpg_err_code_t
 _gcry_ecc_eddsa_decodepoint (gcry_mpi_t pk, mpi_ec_t ctx, mpi_point_t result,
author	Werner Koch <wk@gnupg.org>	2013-12-02 16:06:40 +0100
committer	Werner Koch <wk@gnupg.org>	2013-12-02 16:21:45 +0100
commit	485f35124b1a74af0bad321ed70be3a79d8d11d7 (patch)
tree	34cfaec859212b48b12f81ce14ec8d27b43e296b /cipher/ecc-eddsa.c
parent	ecb90f8e7c6f2516080d27ed7da6a25f2314da3c (diff)
download	libgcrypt-485f35124b1a74af0bad321ed70be3a79d8d11d7.tar.gz