New function ecc_mod_zero_p.

* ecc-mod-arith.c (ecc_mod_zero_p): New function.
* ecc-curve25519.c (ecc_curve25519_zero_p): Use it.
* ecc-curve448.c (ecc_curve448_zero_p): Deleted, usage replaced
with ecc_mod_zero_p.
* testsuite/ecc-modinv-test.c (mod_eq_p): Rewritten to use
ecc_mod_zero_p, and require that one input is canonically reduced.
(zero_p): Deleted, usage replaced with ecc_mod_zero_p.

1 files changed, 2 insertions, 5 deletions

diff --git a/ecc-curve25519.c b/ecc-curve25519.c
index 3a85f07e..a1d68afd 100644
--- a/ecc-curve25519.c
+++ b/ecc-curve25519.c
@@ -170,20 +170,17 @@ ecc_curve25519_inv (const struct ecc_modulo *p,
   ecc_mod_mul (p, rp, ap, rp, scratch);
 }
 
-/* First, do a canonical reduction, then check if zero */
 static int
 ecc_curve25519_zero_p (const struct ecc_modulo *p, mp_limb_t *xp)
 {
-  mp_limb_t cy;
+/* First, reduce to < 2p. */
 #if PHIGH_BITS > 0
   mp_limb_t hi = xp[ECC_LIMB_SIZE-1];
   xp[ECC_LIMB_SIZE-1] = (hi & (GMP_NUMB_MASK >> PHIGH_BITS))
     + sec_add_1 (xp, xp, ECC_LIMB_SIZE - 1, 19 * (hi >> (GMP_NUMB_BITS - PHIGH_BITS)));
 #endif
-  cy = mpn_sub_n (xp, xp, p->m, ECC_LIMB_SIZE);
-  mpn_cnd_add_n (cy, xp, xp, p->m, ECC_LIMB_SIZE);
 
-  return sec_zero_p (xp, ECC_LIMB_SIZE);
+  return ecc_mod_zero_p (p, xp);
 }
 
 /* Compute x such that x^2 = u/v (mod p). Returns one on success, zero