ecc: Fix length computation.

* cipher/ecc-curves.c (mpi_ec_setup_elliptic_curve): Add one only for Edwards case. Fixes-commit: 3386aaf84d4d89b6ff931533df2ff82ed3f7c7f9 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
author: NIIBE Yutaka <gniibe@fsij.org> 2020-06-23 10:05:26 +0900
committer: NIIBE Yutaka <gniibe@fsij.org> 2020-06-23 10:05:26 +0900
commit: 1db1dc7945b111b6e20a8420ad38a358316681ab (patch)
tree: 3866b1b51a4e3f0cd486606c160a32ab3f73d9a8
parent: 35a78eb248d6bacd2a58477a122a0020d796ce63 (diff)
download: libgcrypt-1db1dc7945b111b6e20a8420ad38a358316681ab.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/cipher/ecc-curves.c b/cipher/ecc-curves.c
index 6ebd60c3..f8d561cb 100644
--- a/cipher/ecc-curves.c
+++ b/cipher/ecc-curves.c
@@ -1157,7 +1157,10 @@ mpi_ec_setup_elliptic_curve (mpi_ec_t ec, int flags,
           unsigned int n = mpi_get_nbits (ec->d);
           unsigned int len;
 
-          len = (ec->nbits%8) == 0 ? (ec->nbits/8 + 1) : (ec->nbits+7)/8;
+          len = (ec->nbits+7)/8;
+          /* EdDSA requires additional bit for sign.  */
+          if ((ec->nbits%8) == 0 && ec->model == MPI_EC_EDWARDS)
+            len++;
 
           if ((n+7)/8 != len)
             {
author	NIIBE Yutaka <gniibe@fsij.org>	2020-06-23 10:05:26 +0900
committer	NIIBE Yutaka <gniibe@fsij.org>	2020-06-23 10:05:26 +0900
commit	1db1dc7945b111b6e20a8420ad38a358316681ab (patch)
tree	3866b1b51a4e3f0cd486606c160a32ab3f73d9a8
parent	35a78eb248d6bacd2a58477a122a0020d796ce63 (diff)
download	libgcrypt-1db1dc7945b111b6e20a8420ad38a358316681ab.tar.gz