git.lizzy.rs Git - plan9front.git/commit

author	cinap_lenrek <cinap_lenrek@felloff.net>
	Sun, 20 Jun 2021 14:41:26 +0000 (14:41 +0000)
committer	cinap_lenrek <cinap_lenrek@felloff.net>
	Sun, 20 Jun 2021 14:41:26 +0000 (14:41 +0000)
commit	57d95c73256176bfd5cd3ef003c062697435f9c2
tree	f48bdb80188b8af7962ff7143e1732fc5dfc8d01	tree \| snapshot
parent	6dd2c638b6fa9f891836cd2fceb3e4f996f6e199	commit \| diff

libsec: move zero check to curve25519_dh_finish()

As checking for all zero has to be done in a timing-safe
way to avoid a side channel, it is best todo this here
instead of letting the caller deal with it.

This adds a return type of int to curve25519_dh_finish()
where returning 0 means we got a all zero shared key.

RFC7748 states:

The check for the all-zero value results from the fact
that the X25519 function produces that value if it
operates on an input corresponding to a point with small
order, where the order divides the cofactor of the curve.

some kind of operating system. [Forked from http://git.9front.org/plan9front/plan9front/HEAD/info.html]

RSS Atom

sys/include/ape/libsec.h		diff \| blob \| history
sys/include/libsec.h		diff \| blob \| history
sys/src/cmd/ssh.c		diff \| blob \| history
sys/src/libsec/port/curve25519_dh.c		diff \| blob \| history
sys/src/libsec/port/tlshand.c		diff \| blob \| history