diff options
Diffstat (limited to 'lib/nettle/ecc/override/eddsa-hash.c.diff')
-rw-r--r-- | lib/nettle/ecc/override/eddsa-hash.c.diff | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/lib/nettle/ecc/override/eddsa-hash.c.diff b/lib/nettle/ecc/override/eddsa-hash.c.diff new file mode 100644 index 0000000000..f2237e503f --- /dev/null +++ b/lib/nettle/ecc/override/eddsa-hash.c.diff @@ -0,0 +1,30 @@ +diff --git a/eddsa-hash.c b/eddsa-hash.c +index e05f6ac1..743dc4be 100644 +--- a/eddsa-hash.c ++++ b/eddsa-hash.c +@@ -44,13 +44,14 @@ + #include "ecc-internal.h" + #include "nettle-internal.h" + +-/* Convert hash digest to integer, and reduce modulo q, to m->size +- limbs. Needs space for 2*m->size + 1 at rp. */ ++/* Convert hash digest to integer, and reduce canonically modulo q. ++ Needs space for 2*m->size + 1 at rp. */ + void + _eddsa_hash (const struct ecc_modulo *m, + mp_limb_t *rp, size_t digest_size, const uint8_t *digest) + { + mp_size_t nlimbs = (8*digest_size + GMP_NUMB_BITS - 1) / GMP_NUMB_BITS; ++ mp_limb_t cy; + + mpn_set_base256_le (rp, nlimbs, digest, digest_size); + +@@ -75,4 +76,8 @@ _eddsa_hash (const struct ecc_modulo *m, + assert (hi == 0); + } + m->mod (m, rp); ++ /* Ensure canonical reduction. */ ++ cy = mpn_sub_n (rp + m->size, rp, m->m, m->size); ++ cnd_copy (cy, rp + m->size, rp, m->size); ++ mpn_copyi (rp, rp + m->size, m->size); + } |