Update curve25519_mul, to align with RFC 7748.

author: Niels Möller <nisse@lysator.liu.se> 2016-04-25 21:48:52 +0200
committer: Niels Möller <nisse@lysator.liu.se> 2016-04-25 21:48:52 +0200
commit: b18472f886a673c2f823fc69cb4994942badeef1 (patch)
tree: 3bb9240691cd3f930e04c01aca9e838cb6f31433 /curve25519-mul.c
parent: dbd02e3047fae9634bec6ee95549f372134574a3 (diff)
download: nettle-b18472f886a673c2f823fc69cb4994942badeef1.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/curve25519-mul.c b/curve25519-mul.c
index adb20cbc..f5127d77 100644
--- a/curve25519-mul.c
+++ b/curve25519-mul.c
@@ -72,7 +72,11 @@ curve25519_mul (uint8_t *q, const uint8_t *n, const uint8_t *p)
   itch = ecc->p.size * 12;
   scratch = gmp_alloc_limbs (itch);
 
+  /* Note that 255 % GMP_NUMB_BITS == 0 isn't supported, so x1 always
+     holds at least 256 bits. */
   mpn_set_base256_le (x1, ecc->p.size, p, CURVE25519_SIZE);
+  /* Clear bit 255, as required by RFC 7748. */
+  x1[255/GMP_NUMB_BITS] &= ~((mp_limb_t) 1 << (255 % GMP_NUMB_BITS));
 
   /* Initialize, x2 = x1, z2 = 1 */
   mpn_copyi (x2, x1, ecc->p.size);
author	Niels Möller <nisse@lysator.liu.se>	2016-04-25 21:48:52 +0200
committer	Niels Möller <nisse@lysator.liu.se>	2016-04-25 21:48:52 +0200
commit	b18472f886a673c2f823fc69cb4994942badeef1 (patch)
tree	3bb9240691cd3f930e04c01aca9e838cb6f31433 /curve25519-mul.c
parent	dbd02e3047fae9634bec6ee95549f372134574a3 (diff)
download	nettle-b18472f886a673c2f823fc69cb4994942badeef1.tar.gz