diff --git a/crypto/src/math/ec/rfc7748/X25519Field.cs b/crypto/src/math/ec/rfc7748/X25519Field.cs
index 3a06941dd..6843e274a 100644
--- a/crypto/src/math/ec/rfc7748/X25519Field.cs
+++ b/crypto/src/math/ec/rfc7748/X25519Field.cs
@@ -49,6 +49,11 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748
int z0 = z[0], z1 = z[1], z2 = z[2], z3 = z[3], z4 = z[4];
int z5 = z[5], z6 = z[6], z7 = z[7], z8 = z[8], z9 = z[9];
+ z2 += (z1 >> 26); z1 &= M26;
+ z4 += (z3 >> 26); z3 &= M26;
+ z7 += (z6 >> 26); z6 &= M26;
+ z9 += (z8 >> 26); z8 &= M26;
+
z3 += (z2 >> 25); z2 &= M25;
z5 += (z4 >> 25); z4 &= M25;
z8 += (z7 >> 25); z7 &= M25;
@@ -439,22 +444,22 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748
Mul(t, x, rz);
}
- private static void Reduce(int[] z, int c)
- {
- int z9 = z[9], t = z9;
- z9 = t & M24; t >>= 24;
- t += c;
- t *= 19;
- t += z[0]; z[0] = t & M26; t >>= 26;
- t += z[1]; z[1] = t & M26; t >>= 26;
- t += z[2]; z[2] = t & M25; t >>= 25;
- t += z[3]; z[3] = t & M26; t >>= 26;
- t += z[4]; z[4] = t & M25; t >>= 25;
- t += z[5]; z[5] = t & M26; t >>= 26;
- t += z[6]; z[6] = t & M26; t >>= 26;
- t += z[7]; z[7] = t & M25; t >>= 25;
- t += z[8]; z[8] = t & M26; t >>= 26;
- t += z9; z[9] = t;
+ private static void Reduce(int[] z, int x)
+ {
+ int t = z[9], z9 = t & M24;
+ t = (t >> 24) + x;
+
+ long cc = t * 19;
+ cc += z[0]; z[0] = (int)cc & M26; cc >>= 26;
+ cc += z[1]; z[1] = (int)cc & M26; cc >>= 26;
+ cc += z[2]; z[2] = (int)cc & M25; cc >>= 25;
+ cc += z[3]; z[3] = (int)cc & M26; cc >>= 26;
+ cc += z[4]; z[4] = (int)cc & M25; cc >>= 25;
+ cc += z[5]; z[5] = (int)cc & M26; cc >>= 26;
+ cc += z[6]; z[6] = (int)cc & M26; cc >>= 26;
+ cc += z[7]; z[7] = (int)cc & M25; cc >>= 25;
+ cc += z[8]; z[8] = (int)cc & M26; cc >>= 26;
+ z[9] = z9 + (int)cc;
}
public static void Sqr(int[] x, int[] z)
|
