Use mpint representation for shared_secret when deriving keys in pure-PQ key exchange, and some other bug fixes; fixes #119 #120
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Other bug fixes:
ssh-keygen
with the-t
parameter to specify the key type for one of the ECDSA hybrids, but using the short name instead of the fullssh-ecdsa-xxxxxxx
name, ECDSA keys would always be generated on P-256. Instead, always use the specified curve.kex_kem_generic_{enc,dec}
could use an uninitialized variable as the return value if the call to the underlying liboqs function failed. On the small chance that variable happened to have a zero in it, this would look like a successful result to teh caller. ReturnSSH_ERR_LIBCRYPTO_ERROR
in these cases instead.