mpi_subm use in elgamal.c:sign

D. Hugh Redelmeier hugh@mimosa.com
Mon, 25 Oct 1999 12:33:47 -0400 (EDT)


I'm trying to steal code for Pluto, and as a result I've got to
understand it to a modest degree.  Something doesn't make sense to me.
Probably it is my misunderstanding, but it would be great to clear
that up.

In gnupg-1.0.0/cipher/elgamal.c:sign, the following sequence occurs:

    mpi_subm(t, input, t, p_1 );
    while( mpi_is_neg(t) )
	mpi_add(t, t, p_1);

When could mpi_is_neg return 1?  As I understand it, the mpi_subm
call will make t equal to
	(input - t) % p_1
The % (calculated by mpi_fdiv_r) can only yield negative result if p_1
is negative, but it is in fact one less than a large prime (I think).

Hugh Redelmeier
hugh@mimosa.com  voice: +1 416 482-8253