diff options
Diffstat (limited to 'openpgp/src/crypto/backend/nettle/ecdh.rs')
| -rw-r--r-- | openpgp/src/crypto/backend/nettle/ecdh.rs | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/openpgp/src/crypto/backend/nettle/ecdh.rs b/openpgp/src/crypto/backend/nettle/ecdh.rs index af1a7220..011ac024 100644 --- a/openpgp/src/crypto/backend/nettle/ecdh.rs +++ b/openpgp/src/crypto/backend/nettle/ecdh.rs @@ -138,14 +138,11 @@ pub fn decrypt<R>(recipient: &Key<key::PublicParts, R>, // zeros to be stripped. // Padding has to be unconditional; otherwise we have a // secret-dependent branch. - // + let mut r = + scalar.value_padded(curve25519::CURVE25519_SIZE); + // Reverse the scalar. See // https://lists.gnupg.org/pipermail/gnupg-devel/2018-February/033437.html. - let missing = curve25519::CURVE25519_SIZE - .saturating_sub(scalar.value().len()); - let mut r = [0u8; curve25519::CURVE25519_SIZE]; - - r[missing..].copy_from_slice(scalar.value()); r.reverse(); // Compute the shared point S = rV = rvG, where (r, R) |