[gnutls-devel] GnuTLS | algorithms: implement X448 key exchange and Ed448 signature scheme (!984)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Wed Jan 15 11:12:55 CET 2020
Dmitry Baryshkov started a new discussion on lib/auth/ecdhe.c: https://gitlab.com/gnutls/gnutls/merge_requests/984#note_271705185
> return gnutls_assert_val(ret);
>
> /* RFC7748 requires to mask the MSB in the final byte */
> - if (ecurve->id == GNUTLS_ECC_CURVE_X25519) {
> + if (ecurve->id == GNUTLS_ECC_CURVE_X25519 ||
> + ecurve->id == GNUTLS_ECC_CURVE_X448) {
> session->key.proto.tls12.ecdh.raw.data[point_size-1] &= 0x7f;
I think this is not correct:
```
When receiving such an array, implementations of X25519
(but not X448) MUST mask the most significant bit in the final byte.
```
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/984#note_271705185
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200115/4b730669/attachment.html>
More information about the Gnutls-devel
mailing list