On 2015-06-10, Mehdi Sotoodeh <mehdisotoodeh@xxxxxxxxx> wrote:
> I have developed a compact at the same time high performance library for
> curve25519/ed25519 and I have placed it in the public domain. It support DH
> key exchange as well as ed25519 keygen, sign and verify. The implementation
> is constant-time, supports blinding, bulk-verify and more.
^^^^^^^^^^^^^
I'm skeptical of this claim.
The ecp_Cmp() function is blatantly not constant-time, and strewn
about the source there are various unbalanced if(...) branches and
while(...) loops with a variable number of iterations.
--
Christian "naddy" Weisgerber naddy@xxxxxxxxxxxx
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
