From: Daiki Ueno <du...@redhat.com>
This allows the same code to be reused in curve448 and Ed448.
Signed-off-by: Daiki Ueno <du...@redhat.com>
---
ecc-eh-to-a.c | 2 +-
eddsa-sign.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/ecc-eh-to-a.c b/ecc-eh-to-a.c
index 2acaacb1..b9d412d2 100644
--- a/ecc-eh-to-a.c
+++ b/ecc-eh-to-a.c
@@ -73,7 +73,7 @@ ecc_eh_to_a (const struct ecc_curve *ecc,
at all? Full reduction mod p is maybe sufficient. */
unsigned shift;
assert (ecc->p.bit_size == 255);
- shift = 252 - GMP_NUMB_BITS * (ecc->p.size - 1);
+ shift = ecc->q.bit_size - 1 - GMP_NUMB_BITS * (ecc->p.size - 1);
cy = mpn_submul_1 (r, ecc->q.m, ecc->p.size,
r[ecc->p.size-1] >> shift);
assert (cy < 2);
diff --git a/eddsa-sign.c b/eddsa-sign.c
index c1404f67..e5dc0e9d 100644
--- a/eddsa-sign.c
+++ b/eddsa-sign.c
@@ -92,7 +92,7 @@ _eddsa_sign (const struct ecc_curve *ecc,
unsigned shift;
mp_limb_t cy;
assert (ecc->p.bit_size == 255);
- shift = 252 - GMP_NUMB_BITS * (ecc->p.size - 1);
+ shift = ecc->q.bit_size - 1 - GMP_NUMB_BITS * (ecc->p.size - 1);
cy = mpn_submul_1 (sp, ecc->q.m, ecc->p.size,
sp[ecc->p.size-1] >> shift);
assert (cy < 2);
--
2.13.3
_______________________________________________
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
