Skip to content
This repository has been archived by the owner on Nov 16, 2021. It is now read-only.

ed25519: scalarmult fix so dst can be src #171

Merged
merged 1 commit into from
Aug 21, 2018
Merged

ed25519: scalarmult fix so dst can be src #171

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 5 additions & 4 deletions ed25519-donna/ed25519-donna-impl-base.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -421,12 +421,12 @@ void ge25519_scalarmult(ge25519 *r, const ge25519 *p1, const bignum256modm s1) {

contract256_window4_modm(slide1, s1);

/* set neutral */
ge25519_set_neutral(r);

ge25519_full_to_pniels(pre1, r);
ge25519_full_to_pniels(pre1+1, p1);
ge25519_double(&d1, p1);

ge25519_set_neutral(r);
ge25519_full_to_pniels(pre1, r);

ge25519_full_to_pniels(pre1+2, &d1);
for (i = 1; i < 7; i++) {
ge25519_pnielsadd(&pre1[i+2], &d1, &pre1[i]);
Expand All @@ -443,6 +443,7 @@ void ge25519_scalarmult(ge25519 *r, const ge25519 *p1, const bignum256modm s1) {
ge25519_pnielsadd_p1p1(&t, r, &pre, (unsigned char)slide1[i] >> 7);
ge25519_p1p1_to_partial(r, &t);
}
curve25519_mul(r->t, t.x, t.y);
}

void ge25519_scalarmult_base_choose_niels(ge25519_niels *t, const uint8_t table[256][96], uint32_t pos, signed char b) {
Expand Down