Fix canonical reduction in gostdsa_vko.

author Niels Möller <nisse@lysator.liu.se>

Sat, 13 Mar 2021 15:45:34 +0000 (16:45 +0100)

committer Niels Möller <nisse@lysator.liu.se>

Wed, 17 Mar 2021 14:06:23 +0000 (15:06 +0100)
author Niels Möller <nisse@lysator.liu.se>
Sat, 13 Mar 2021 15:45:34 +0000 (16:45 +0100)
committer Niels Möller <nisse@lysator.liu.se>
Wed, 17 Mar 2021 14:06:23 +0000 (15:06 +0100)
diff --git a/ChangeLog b/ChangeLog

index ce330831977e1427ce3c4e2730f7f31aca64fead..8a27a9a6242607210cdf6c1acc9da3f7fd370e5a 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
  2021-03-13  Niels Möller  <nisse@lysator.liu.se>
  
+       * gostdsa-vko.c (gostdsa_vko): Use ecc_mod_mul_canonical to
+       compute the scalar used for ecc multiplication.
+
         * eddsa-hash.c (_eddsa_hash): Ensure result is canonically
         reduced. Two of the three call sites need that.
  
diff --git a/gostdsa-vko.c b/gostdsa-vko.c

index a02d59a96e09ebbcc4f7c2036dd37b9651e4baf1..3dc42a1e45e93ccc333f0193ab5a9ef21380f996 100644 (file)
--- a/gostdsa-vko.c
+++ b/gostdsa-vko.c
@@ -87,7 +87,7 @@ gostdsa_vko (const struct ecc_scalar *priv,
    if (mpn_zero_p (UKM, size))
      UKM[0] = 1;
  
-  ecc_mod_mul (&ecc->q, TEMP, priv->p, UKM, TEMP); /* TEMP = UKM * priv */
+  ecc_mod_mul_canonical (&ecc->q, TEMP, priv->p, UKM, TEMP); /* TEMP = UKM * priv */
    ecc->mul (ecc, XYZ, TEMP, pub->p, scratch + 4*size); /* XYZ = UKM * priv * pub */
    ecc->h_to_a (ecc, 0, TEMP, XYZ, scratch + 5*size); /* TEMP = XYZ */
    mpn_get_base256_le (out, bsize, TEMP, size);
author	Niels Möller <nisse@lysator.liu.se>
	Sat, 13 Mar 2021 15:45:34 +0000 (16:45 +0100)
committer	Niels Möller <nisse@lysator.liu.se>
	Wed, 17 Mar 2021 14:06:23 +0000 (15:06 +0100)
ChangeLog		patch \| blob \| blame \| history
gostdsa-vko.c		patch \| blob \| blame \| history