43 and #44 required almost a day of investigation for what was initializing a BigInt by iterative sum, except that the result was not properly zero-initialized and so if the sum didn't reach all the limbs the last limbs stayed uninitialized.
We need tests to ensure that:
BIG384 (SecretKey)
ECP (PublicKey)
ECP2 (Signature / Proof-of-Possession)
are properly initialized even if the destination buffer contains random data.
mratsim
commented
2 years ago
43 and #44 required almost a day of investigation for what was initializing a BigInt by iterative sum, except that the result was not properly zero-initialized and so if the sum didn't reach all the limbs the last limbs stayed uninitialized.
We need tests to ensure that: