• Nick Mathewson's avatar
    Tolerate curve25519 backends where the high bit of the pk isn't ignored · 266419d2
    Nick Mathewson authored
    Right now, all our curve25519 backends ignore the high bit of the
    public key. But possibly, others could treat the high bit of the
    public key as encoding out-of-bounds values, or as something to be
    preserved. This could be used to distinguish clients with different
    backends, at the cost of killing a circuit.
    As a workaround, let's just clear the high bit of each public key
    indiscriminately before we use it. Fix for bug 8121, reported by
    rransom. Bugfix on