Merge commit 'fa9a60a10f9b2c0c650b502c98ba648767289bad'

strobe/x25519.c

@@ -91,12 +91,12 @@ static void add(fe out, const fe a, const fe b) {
 
 static void sub(fe out, const fe a, const fe b) {
     unsigned i;
-    sdlimb_t carry = -38;
+    sdlimb_t carry = -76;
     for (i=0; i<NLIMBS; i++) {
         out[i] = carry = carry + a[i] - b[i];
         carry >>= X25519_WBITS;
     }
-    propagate(out,1+carry);
+    propagate(out,2+carry);
 }
 
 static void __attribute__((unused))