Comment fixes.

2 files changed, 7 insertions, 4 deletions

diff --git a/ecc-add-ehh.c b/ecc-add-ehh.c
index 140a6d7c..33dc1906 100644
--- a/ecc-add-ehh.c
+++ b/ecc-add-ehh.c
@@ -72,9 +72,9 @@ ecc_add_ehh (const struct ecc_curve *ecc,
      E = b*C*D		2 mul		A, B, C, D, E
      F = B - E				A, B, C, D, E, F
      G = B + E     			A, C, D, F, G
-     x3 = a*f*[(x1+y1)(x2+y2) - c - d] 3 mul	A, C, D, G
-     y3 = a*g*(d-c)	2 mul		F, G
-     z3 = f*g		mul
+     x3 = A*F*[(x1+y1)(x2+y2) - C - D] 3 mul	A, C, D, G
+     y3 = A*G*(D-C)	2 mul		F, G
+     z3 = F*G		mul
   */
 #define A scratch
 #define B (scratch + ecc->size)
diff --git a/ecc-eh-to-a.c b/ecc-eh-to-a.c
index bd0625d4..aaeaf09d 100644
--- a/ecc-eh-to-a.c
+++ b/ecc-eh-to-a.c
@@ -74,7 +74,10 @@ ecc_eh_to_a (const struct ecc_curve *ecc,
 
   ecc_modp_sub (ecc, izp, wp, vp);
   /* FIXME: For the infinity point, this subtraction gives zero (mod
-     p), and the inversion below fails and returns something else. */
+     p), which isn't invertible. For curve25519, the desired output is
+     x = 0, which we get if the modular inversion function returns 0
+     in this case. Need to check that modular inversion really returns
+     0. */
   ecc_modp_mul (ecc, izp + ecc->size, izp, up);
   /* Needs 3*size scratch */
   ecc_modp_inv (ecc, izp, izp + ecc->size, izp + 2*ecc->size);