From eeb60b57d0e0aa150492024da12316b875581827 Mon Sep 17 00:00:00 2001
From: Sun Yimin <emmansun@users.noreply.github.com>
Date: Thu, 28 Nov 2024 10:15:57 +0800
Subject: [PATCH] stealth private key computation mod order

---
 ecdh/sm2ec.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ecdh/sm2ec.go b/ecdh/sm2ec.go
index f3e1129..fc3b68e 100644
--- a/ecdh/sm2ec.go
+++ b/ecdh/sm2ec.go
@@ -57,7 +57,7 @@ func (c *sm2Curve) newPrivateKey(key []byte, checkOrderMinus1 bool) (*PrivateKey
 	if len(key) != len(c.scalarOrder) {
 		return nil, errors.New("ecdh: invalid private key size")
 	}
-	if subtle.ConstantTimeAllZero(key) == 1 || (checkOrderMinus1 && !isLess(key, c.scalarOrderMinus1)) {
+	if subtle.ConstantTimeAllZero(key) == 1 || !isLess(key, c.scalarOrder) || (checkOrderMinus1 && !isLess(key, c.scalarOrderMinus1)) {
 		return nil, errInvalidPrivateKey
 	}
 	return &PrivateKey{
@@ -161,7 +161,7 @@ func (c *sm2Curve) addPrivateKeys(a, b *PrivateKey) (*PrivateKey, error) {
 		return nil, err
 	}
 	aNat = aNat.Add(bNat, m)
-	return c.NewPrivateKey(aNat.Bytes(m))
+	return c.newPrivateKey(aNat.Bytes(m), false)
 }
 
 func (c *sm2Curve) secretKey(local *PrivateKey, remote *PublicKey) ([]byte, error) {