Merge branch 'curve448' into master

author: Niels Möller <nisse@lysator.liu.se> 2019-11-21 19:43:57 +0100
committer: Niels Möller <nisse@lysator.liu.se> 2019-11-21 19:43:57 +0100
commit: 889a582f3ee1b03e98f47e8bb353659af0933822 (patch)
tree: c74554dc6d15e89a8cc30853acf4319b9256c8c6 /eddsa-sign.c
parent: 85fd4910eefca34abee053d3014a819b0e97301b (diff)
parent: 5fffda51dc1b8c4a09e81bce6b262870ee27a967 (diff)
download: nettle-889a582f3ee1b03e98f47e8bb353659af0933822.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/eddsa-sign.c b/eddsa-sign.c
index 5832c23a..13ae4799 100644
--- a/eddsa-sign.c
+++ b/eddsa-sign.c
@@ -93,7 +93,7 @@ _eddsa_sign (const struct ecc_curve *ecc,
     unsigned shift;
     mp_limb_t cy;
     assert (ecc->p.bit_size == 255);
-    shift = 252 - GMP_NUMB_BITS * (ecc->p.size - 1);
+    shift = ecc->q.bit_size - 1 - GMP_NUMB_BITS * (ecc->p.size - 1);
     cy = mpn_submul_1 (sp, ecc->q.m, ecc->p.size,
 		       sp[ecc->p.size-1] >> shift);
     assert (cy < 2);
author	Niels Möller <nisse@lysator.liu.se>	2019-11-21 19:43:57 +0100
committer	Niels Möller <nisse@lysator.liu.se>	2019-11-21 19:43:57 +0100
commit	889a582f3ee1b03e98f47e8bb353659af0933822 (patch)
tree	c74554dc6d15e89a8cc30853acf4319b9256c8c6 /eddsa-sign.c
parent	85fd4910eefca34abee053d3014a819b0e97301b (diff)
parent	5fffda51dc1b8c4a09e81bce6b262870ee27a967 (diff)
download	nettle-889a582f3ee1b03e98f47e8bb353659af0933822.tar.gz