302bb3964a
Per Brian, x25519_ge_frombytes_vartime does not match the usual BoringSSL return value convention, and we're slightly inconsistent about whether to mask the last byte with 63 or 127. (It then gets ANDed with 64, so it doesn't matter which.) Use 127 to align with the curve25519 RFC. Finally, when we invert the transformation, use the same constants inverted so that they're parallel. Bug: 243, 244 Change-Id: I0e3aca0433ead210446c58d86b2f57526bde1eac Reviewed-on: https://boringssl-review.googlesource.com/27984 Reviewed-by: Adam Langley <agl@google.com> |
||
|---|---|---|
| .. | ||
| asm | ||
| CMakeLists.txt | ||
| ed25519_test.cc | ||
| ed25519_tests.txt | ||
| spake25519_test.cc | ||
| spake25519.c | ||
| x25519_test.cc | ||