tweetnacl.diff

--- tweetnacl-20131229.c	2013-12-29 12:06:54.000000000 +0100
+++ tweetnacl-20140427.c	2014-04-27 11:17:16.000000000 +0200
@@ -22,7 +22,7 @@
   Y = {0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666},
   I = {0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83};
 
-static u32 L32(u32 x,int c) { return (x << c) | (x >> (32 - c)); }
+static u32 L32(u32 x,int c) { return (x << c) | ((x&0xffffffff) >> (32 - c)); }
 
 static u32 ld32(const u8 *x)
 {
@@ -308,7 +308,7 @@
     }
     m[15]=t[15]-0x7fff-((m[14]>>16)&1);
     b=(m[15]>>16)&1;
-    m[15]&=0xffff;
+    m[14]&=0xffff;
     sel25519(t,m,1-b);
   }
   FOR(i,16) {
@@ -394,7 +394,7 @@
 int crypto_scalarmult(u8 *q,const u8 *n,const u8 *p)
 {
   u8 z[32];
-  i64 x[96],r,i;
+  i64 x[80],r,i;
   gf a,b,c,d,e,f;
   FOR(i,31) z[i]=n[i];
   z[31]=(n[31]&127)|64;
@@ -431,14 +431,14 @@
     sel25519(c,d,r);
   }
   FOR(i,16) {
-    x[i+32]=a[i];
-    x[i+48]=c[i];
-    x[i+64]=b[i];
-    x[i+80]=d[i];
-  }
-  inv25519(x+48,x+48);
-  M(x+32,x+32,x+48);
-  pack25519(q,x+32);
+    x[i+16]=a[i];
+    x[i+32]=c[i];
+    x[i+48]=b[i];
+    x[i+64]=d[i];
+  }
+  inv25519(x+32,x+32);
+  M(x+16,x+16,x+32);
+  pack25519(q,x+16);
   return 0;
 }