Fixed conditional_negate for larger numbers

Without the bn_mod the numbers get larger (but still < 2*prime), so conditional_negate should handle this.
9 years ago · 60e36dac3b
parent 6ba4d288b0
commit 60e36dac3b
1 changed files with 4 additions and 2 deletions
--- a/ecdsa.c
+++ b/ecdsa.c
@ -177,13 +177,15 @@ void conditional_negate(uint32_t cond, bignum256 *a, const bignum256 *prime)
 {
 	int j;
 	uint32_t tmp = 1;
+	assert(a->val[8] < 0x20000);
 	for (j = 0; j < 8; j++) {
-		tmp += 0x3fffffff + prime->val[j] - a->val[j];
+		tmp += 0x3fffffff + 2*prime->val[j] - a->val[j];
 		a->val[j] = ((tmp & 0x3fffffff) & cond) | (a->val[j] & ~cond);
 		tmp >>= 30;
 	}
-	tmp += 0x3fffffff + prime->val[j] - a->val[j];
+	tmp += 0x3fffffff + 2*prime->val[j] - a->val[j];
 	a->val[j] = ((tmp & 0x3fffffff) & cond) | (a->val[j] & ~cond);
+	assert(a->val[8] < 0x20000);
 }

 typedef struct jacobian_curve_point {