fork of 9front i guess
57d95c7325
As checking for all zero has to be done in a timing-safe way to avoid a side channel, it is best todo this here instead of letting the caller deal with it. This adds a return type of int to curve25519_dh_finish() where returning 0 means we got a all zero shared key. RFC7748 states: The check for the all-zero value results from the fact that the X25519 function produces that value if it operates on an input corresponding to a point with small order, where the order divides the cofactor of the curve. |
||
---|---|---|
386 | ||
68000 | ||
68020 | ||
acme | ||
adm/timezone | ||
amd64 | ||
arm | ||
arm64 | ||
lib | ||
mips | ||
power | ||
power64 | ||
rc | ||
sparc | ||
sparc64 | ||
spim | ||
sys |