cheng/libsodium
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

edwards25519sha512batch_open(): check order before decoding instead of after

Browse Source
This commit is contained in:
Frank Denis 2017-10-31 16:09:43 +01:00
parent 1cd0633186
commit 0b734963db
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/libsodium/crypto_sign/ed25519/ref10/obsolete.c
View File

@ -90,8 +90,8 @@ crypto_sign_edwards25519sha512batch_open(unsigned char *m,
if (sm[smlen - 1] & 224) {
return -1;
}
if (ge_frombytes_negate_vartime(&A, pk) != 0 || ge_has_small_order(pk) != 0 ||
ge_frombytes_negate_vartime(&R, sm) != 0 || ge_has_small_order(sm) != 0) {
if (ge_has_small_order(pk) != 0 || ge_frombytes_negate_vartime(&A, pk) != 0 ||
ge_has_small_order(sm) != 0 || ge_frombytes_negate_vartime(&R, sm) != 0) {
return -1;
}
ge_p3_to_cached(&Ai, &A);