kevin/libsodium
1
Fork 0
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-23 12:05:11 -07:00
Code Releases Wiki Activity

H2C: Y should be negative is gx1 is a square

Browse Source 
Fixes #1119
This commit is contained in:
Frank Denis 2021-11-08 14:31:14 +01:00
parent 64129657a5
commit 7052e4733f
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c
View File

@ -2739,7 +2739,7 @@ ge25519_from_hash(unsigned char s[32], const unsigned char h[64])
fe25519_reduce64(fe_f, h);
ge25519_elligator2(x, y, fe_f, &notsquare);
y_sign = notsquare;
y_sign = notsquare ^ 1;
fe25519_neg(negy, y);
fe25519_cmov(y, negy, fe25519_isnegative(y) ^ y_sign);

4
test/default/core_ed25519_h2c.exp
View File

@ -1,3 +1,3 @@
NU with oversized context: 998ca2fdd0ade350cb6c279173dfd4a6a42f46ca5c2928871aacff60c1654663
RO with oversized context: 5ed4ae2ab665a7a9543f6e9887dc8f8f68a7720fdf32b971f3be71d9c9549f74
NU with oversized context: 998ca2fdd0ade350cb6c279173dfd4a6a42f46ca5c2928871aacff60c16546e3
RO with oversized context: 5ed4ae2ab665a7a9543f6e9887dc8f8f68a7720fdf32b971f3be71d9c9549ff4
OK