aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2018-03-27 12:42:26 -0400
committerJack Lloyd <[email protected]>2018-03-27 12:42:26 -0400
commit15478bc16dfbf2ddb6f9a7614039015569c8680d (patch)
tree4b03a9873c211cb9d07af70a4ae8ed3b04f5d08c /src/lib
parenteaa8e1593481518e33f83340bf0a05d2669f3b21 (diff)
Fix carry bugs introduced in 8a7559e4f8ad
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/pubkey/ed25519/sc_muladd.cpp22
-rw-r--r--src/lib/pubkey/ed25519/sc_reduce.cpp23
2 files changed, 23 insertions, 22 deletions
diff --git a/src/lib/pubkey/ed25519/sc_muladd.cpp b/src/lib/pubkey/ed25519/sc_muladd.cpp
index 8a95c652d..711118ceb 100644
--- a/src/lib/pubkey/ed25519/sc_muladd.cpp
+++ b/src/lib/pubkey/ed25519/sc_muladd.cpp
@@ -157,17 +157,17 @@ void sc_muladd(uint8_t* s, const uint8_t* a, const uint8_t* b, const uint8_t* c)
redc_mul(s0, s1, s2, s3, s4, s5, s12);
- carry<21>(s0, s1);
- carry<21>(s1, s2);
- carry<21>(s2, s3);
- carry<21>(s3, s4);
- carry<21>(s4, s5);
- carry<21>(s5, s6);
- carry<21>(s6, s7);
- carry<21>(s7, s8);
- carry<21>(s8, s9);
- carry<21>(s9, s10);
- carry<21>(s10, s11);
+ carry0<21>(s0, s1);
+ carry0<21>(s1, s2);
+ carry0<21>(s2, s3);
+ carry0<21>(s3, s4);
+ carry0<21>(s4, s5);
+ carry0<21>(s5, s6);
+ carry0<21>(s6, s7);
+ carry0<21>(s7, s8);
+ carry0<21>(s8, s9);
+ carry0<21>(s9, s10);
+ carry0<21>(s10, s11);
carry0<21>(s11, s12);
redc_mul(s0, s1, s2, s3, s4, s5, s12);
diff --git a/src/lib/pubkey/ed25519/sc_reduce.cpp b/src/lib/pubkey/ed25519/sc_reduce.cpp
index b9d0f9527..250e603e4 100644
--- a/src/lib/pubkey/ed25519/sc_reduce.cpp
+++ b/src/lib/pubkey/ed25519/sc_reduce.cpp
@@ -94,17 +94,17 @@ void sc_reduce(uint8_t* s)
redc_mul(s0, s1, s2, s3, s4, s5, s12);
- carry<21>(s0, s1);
- carry<21>(s1, s2);
- carry<21>(s2, s3);
- carry<21>(s3, s4);
- carry<21>(s4, s5);
- carry<21>(s5, s6);
- carry<21>(s6, s7);
- carry<21>(s7, s8);
- carry<21>(s8, s9);
- carry<21>(s9, s10);
- carry<21>(s10, s11);
+ carry0<21>(s0, s1);
+ carry0<21>(s1, s2);
+ carry0<21>(s2, s3);
+ carry0<21>(s3, s4);
+ carry0<21>(s4, s5);
+ carry0<21>(s5, s6);
+ carry0<21>(s6, s7);
+ carry0<21>(s7, s8);
+ carry0<21>(s8, s9);
+ carry0<21>(s9, s10);
+ carry0<21>(s10, s11);
carry0<21>(s11, s12);
redc_mul(s0, s1, s2, s3, s4, s5, s12);
@@ -120,6 +120,7 @@ void sc_reduce(uint8_t* s)
carry0<21>(s8, s9);
carry0<21>(s9, s10);
carry0<21>(s10, s11);
+ carry0<21>(s11, s12);
s[0] = s0 >> 0;
s[1] = s0 >> 8;