From f582db039f7242097f20ac84df062c9f864d0943 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 21 Apr 2020 12:24:40 +0200 Subject: [PATCH] Handle identity; fix comment --- src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c b/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c index 43933c03..fd48710f 100644 --- a/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c +++ b/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c @@ -2550,7 +2550,7 @@ chi25519(fe25519 out, const fe25519 z) fe25519_mul(out, t1, t0); } -/* montgomery to edwards - xed = sqrt(-A)*x/y */ +/* montgomery to edwards -- xed = sqrt(-A-2)*x/y */ static void ge25519_xymont_to_xed(fe25519 xed, const fe25519 x, const fe25519 y) { @@ -2575,6 +2575,7 @@ ge25519_xmont_to_yed(fe25519 yed, const fe25519 x) fe25519_sub(x_minus_one, x, one); fe25519_invert(x_plus_one_inv, x_plus_one); fe25519_mul(yed, x_minus_one, x_plus_one_inv); + fe25519_cmov(yed, one, fe25519_iszero(x_plus_one)); } /* montgomery -- recover y = sqrt(x^3 + A*x^2 + x) */