Apply bugfix to Edwards25519.pointsMulVarTime

2017-12-16 07:19:41 +01:00 · 2017-12-16 07:19:41 +01:00 · 251f164f47
commit 251f164f47
parent b962952c30
1 changed files with 7 additions and 1 deletions
--- a/cbits/ed25519/ed25519-donna-impl-base.h
+++ b/cbits/ed25519/ed25519-donna-impl-base.h
@ -287,7 +287,13 @@ ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const bignum256
 			ge25519_nielsadd2_p1p1(&t, r, &ge25519_niels_sliding_multiples[abs(slide2[i]) / 2], (unsigned char)slide2[i] >> 7);
 		}

-		ge25519_p1p1_to_partial(r, &t);
+		// diverges from the original source code and resolves bug explained
+		// in <https://github.com/floodyberry/ed25519-donna/issues/31>
+		if (i == 0) {
+			ge25519_p1p1_to_full(r, &t);
+		} else {
+			ge25519_p1p1_to_partial(r, &t);
+		}
 	}
 }