From 2bf84bb98cb76e3bcbb558175d04a5047a907fc3 Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Wed, 4 Nov 2015 16:35:24 +0100
Subject: [PATCH] sandy2x: mask the top bit

---
 .../crypto_scalarmult/curve25519/sandy2x/fe_frombytes_sandy2x.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe_frombytes_sandy2x.c b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe_frombytes_sandy2x.c
index 54770f48..45f4036a 100644
--- a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe_frombytes_sandy2x.c
+++ b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe_frombytes_sandy2x.c
@@ -35,7 +35,7 @@ void fe_frombytes(fe h,const unsigned char *s)
   crypto_uint64 h6 = load_3(s + 20) << 7;
   crypto_uint64 h7 = load_3(s + 23) << 5;
   crypto_uint64 h8 = load_3(s + 26) << 4;
-  crypto_uint64 h9 = load_3(s + 29) << 2;
+  crypto_uint64 h9 = (load_3(s + 29) & 8388607) << 2;
   crypto_uint64 carry0;
   crypto_uint64 carry1;
   crypto_uint64 carry2;