Use ecc_mod_mul_canonical for point comparison.

* eddsa-verify.c (equal_h): Use ecc_mod_mul_canonical.

(cherry picked from commit 5b7608fde3a6d2ab82bffb35db1e4e330927c906)

diff --git a/ChangeLog b/ChangeLog
index 5cc5c188d46926d03264aafad7850ada5587a66e..2a9217a6e1d417051802c26cb8a20bb78dfa4a3f 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2021-03-13  Niels Möller  <nisse@lysator.liu.se>
+
+       * eddsa-verify.c (equal_h): Use ecc_mod_mul_canonical.
+
 2021-03-11  Niels Möller  <nisse@lysator.liu.se>
 
        * ecc-mod-arith.c (ecc_mod_mul_canonical, ecc_mod_sqr_canonical):

diff --git a/eddsa-verify.c b/eddsa-verify.c
index de68f240904fbe3e370ca7b65bcd1279b4b9cea5..10d075ee035088c1a74304c6a479099ec749e427 100644 (file)
--- a/eddsa-verify.c
+++ b/eddsa-verify.c
@@ -53,13 +53,8 @@ equal_h (const struct ecc_modulo *p,
 #define t0 scratch
 #define t1 (scratch + p->size)
 
-  ecc_mod_mul (p, t0, x1, z2, t0);
-  if (mpn_cmp (t0, p->m, p->size) >= 0)
-    mpn_sub_n (t0, t0, p->m, p->size);
-
-  ecc_mod_mul (p, t1, x2, z1, t1);
-  if (mpn_cmp (t1, p->m, p->size) >= 0)
-    mpn_sub_n (t1, t1, p->m, p->size);
+  ecc_mod_mul_canonical (p, t0, x1, z2, t0);
+  ecc_mod_mul_canonical (p, t1, x2, z1, t1);
 
   return mpn_cmp (t0, t1, p->size) == 0;