Hi James,
On 04/10/2019 01:37 PM, James Prestwood wrote:
To mitigate potential attacks, checks were added to the two
scalar initalization APIs l_ecc_scalar{new,new_random}. After
the scalar is created we check that its not zero or one, and
less than the group order. For new_random we also keep the check
that the scalar is less than the group prime, as this is required
in several RFCs/spec for creating random values.
---
ell/ecc.c | 32 +++++++++++++++++++++++++++-----
1 file changed, 27 insertions(+), 5 deletions(-)
Applied with some credits going to Mathy Vanhoef.
Regards,
-Denis