сб, 11 мая 2019 г. в 21:55, Niels Möller <[email protected]>: > > Dmitry Eremin-Solenikov <[email protected]> writes: > > >> If p is close to B^size / 2, then I think a reduction like > > > > Yes, it is. > > > > As an overflow happens in low level code, do you suggest > > duplicating ecc-dup-jj/ecc-add-jja/ecc-add-jjj for GOST curves? > > I'd prefer not to duplicate the point functions. Could consider doing > these operations (or part of them) using indirection via some new > function pointer in struct ecc_modulo.
This patch makes things work for me. Does it stand a chance to be applied? I'll run GnuTLS tests against it later. For now I'm running ecc-mul-a-test and ecc-mul-g-test in a loop without any errors. diff --git a/ecc-mod-arith.c b/ecc-mod-arith.c index f2e47f6747c1..a70ee1228c78 100644 --- a/ecc-mod-arith.c +++ b/ecc-mod-arith.c @@ -103,8 +103,10 @@ ecc_mod_submul_1 (const struct ecc_modulo *m, mp_limb_t *rp, assert (b <= 0xffffffff); hi = mpn_submul_1 (rp, ap, m->size, b); hi = mpn_submul_1 (rp, m->B, m->size, hi); + hi = mpn_submul_1 (rp, m->B, m->size, hi); assert (hi <= 1); hi = cnd_sub_n (hi, rp, m->B, m->size); + hi = cnd_sub_n (hi, rp, m->B, m->size); /* Sufficient roughly if b < B^size / p */ assert (hi == 0); } > > Regards, > /Niels > > -- > Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677. > Internet email is subject to wholesale government surveillance. -- With best wishes Dmitry _______________________________________________ nettle-bugs mailing list [email protected] http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
