summaryrefslogtreecommitdiff
path: root/libs/libsodium/src/crypto_scalarmult/ed25519/ref10
diff options
context:
space:
mode:
Diffstat (limited to 'libs/libsodium/src/crypto_scalarmult/ed25519/ref10')
-rw-r--r--libs/libsodium/src/crypto_scalarmult/ed25519/ref10/scalarmult_ed25519_ref10.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/libs/libsodium/src/crypto_scalarmult/ed25519/ref10/scalarmult_ed25519_ref10.c b/libs/libsodium/src/crypto_scalarmult/ed25519/ref10/scalarmult_ed25519_ref10.c
index 7fbd5da072..a66ac99758 100644
--- a/libs/libsodium/src/crypto_scalarmult/ed25519/ref10/scalarmult_ed25519_ref10.c
+++ b/libs/libsodium/src/crypto_scalarmult/ed25519/ref10/scalarmult_ed25519_ref10.c
@@ -24,7 +24,6 @@ static inline void
_crypto_scalarmult_ed25519_clamp(unsigned char k[32])
{
k[0] &= 248;
- k[31] &= 127;
k[31] |= 64;
}
@@ -37,8 +36,8 @@ _crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n,
ge25519_p3 P;
unsigned int i;
- if (ge25519_is_canonical(p) == 0 || ge25519_has_small_order(p) != 0 ||
- ge25519_frombytes(&P, p) != 0 || ge25519_is_on_main_subgroup(&P) == 0) {
+ if (ge25519_is_canonical(p) == 0 || ge25519_frombytes(&P, p) != 0 ||
+ ge25519_has_small_order(&P) != 0 || ge25519_is_on_main_subgroup(&P) == 0) {
return -1;
}
for (i = 0; i < 32; ++i) {
@@ -47,6 +46,8 @@ _crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n,
if (clamp != 0) {
_crypto_scalarmult_ed25519_clamp(t);
}
+ t[31] &= 127;
+
ge25519_scalarmult(&Q, t, &P);
ge25519_p3_tobytes(q, &Q);
if (_crypto_scalarmult_ed25519_is_inf(q) != 0 || sodium_is_zero(n, 32)) {
@@ -83,6 +84,8 @@ _crypto_scalarmult_ed25519_base(unsigned char *q,
if (clamp != 0) {
_crypto_scalarmult_ed25519_clamp(t);
}
+ t[31] &= 127;
+
ge25519_scalarmult_base(&Q, t);
ge25519_p3_tobytes(q, &Q);
if (_crypto_scalarmult_ed25519_is_inf(q) != 0 || sodium_is_zero(n, 32)) {