bug fix

2014-01-23 14:57:09 +09:00
parent 29e76d0ba7
commit 36541838f9
2 changed files with 7 additions and 3 deletions
--- a/4
+++ b/4
@@ -1,3 +1,7 @@
+2014-01-23  Niibe Yutaka  <gniibe@fsij.org>
+
+	* src/ec_p256.c (ecdsa): Bug fix for k selection.
+
 2014-01-22  Niibe Yutaka  <gniibe@fsij.org>

 	* src/modp256.c (modp256_inv): Fix for constant time.
--- a/src/ec_p256.c
+++ b/src/ec_p256.c
@@ -514,11 +514,11 @@ ecdsa (bn256 *r, bn256 *s, const bn256 *z, const bn256 *d)
      do
 	{
 	  bn256_random (k);
-	  if (bn256_sub (tmp_k, k, N) == 0)	/* > N, it's too big.  */
+	  if (bn256_add_uint (k, k, 1))
 	    continue;
-	  if (bn256_add_uint (tmp_k, tmp_k, 2)) /* > N - 2, still big.  */
+	  if (bn256_sub (tmp_k, k, N) == 0)	/* >= N, it's too big.  */
 	    continue;
-	  bn256_add_uint (k, k, 1);
+	  /* 1 <= k <= N - 1 */
 	  compute_kG (KG, k);
 	  borrow = bn256_sub (r, KG->x, N);
 	  if (borrow)