summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthias Schiffer <mschiffer@universe-factory.net>2015-10-03 13:35:59 +0200
committerMatthias Schiffer <mschiffer@universe-factory.net>2015-10-03 13:35:59 +0200
commit16636d4f907e151ad399c3825a5319ea4d009404 (patch)
treef0748646574c1bfad44e66c7b7cd757b3020d880
parent962888f03fb3d6254cc9e4bdadced10c1eeeb06d (diff)
downloadlibuecc-16636d4f907e151ad399c3825a5319ea4d009404.tar
libuecc-16636d4f907e151ad399c3825a5319ea4d009404.zip
Add comments clarifying when subtractions without squeeze are valid
-rw-r--r--src/ec25519.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/ec25519.c b/src/ec25519.c
index d673aee..b581057 100644
--- a/src/ec25519.c
+++ b/src/ec25519.c
@@ -473,6 +473,7 @@ int ecc_25519_load_packed(ecc_25519_work_t *out, const ecc_int256_t *in) {
if (!square_root(Y, Y2))
return 0;
+ /* No squeeze is necessary for subtractions from zero */
sub(Yt, zero, Y);
select(out->Y, Y, Yt, (in->p[31] >> 7) ^ (Y[0] & 1));
@@ -506,6 +507,7 @@ void ecc_25519_negate(ecc_25519_work_t *out, const ecc_25519_work_t *in) {
out->Z[i] = in->Z[i];
}
+ /* No squeeze is necessary for subtractions from zero */
sub(out->X, zero, in->X);
sub(out->T, zero, in->T);
}