Return -1 is the scalar was zero
This realistically only happen on misuse or with a completely broken PRG. Calling misuse() would be a bit too intrusive here. So, we still store the result (might be better than uninitialized memory if the application doesn't check the return code), but return -1.
This commit is contained in:
parent
c150ceb677
commit
e254a654dc
@ -69,7 +69,9 @@ crypto_scalarmult_ed25519_base(unsigned char *q,
|
|||||||
_crypto_scalarmult_ed25519_clamp(t);
|
_crypto_scalarmult_ed25519_clamp(t);
|
||||||
ge_scalarmult_base(&Q, t);
|
ge_scalarmult_base(&Q, t);
|
||||||
ge_p3_tobytes(q, &Q);
|
ge_p3_tobytes(q, &Q);
|
||||||
|
if (sodium_is_zero(t, 32) != 0) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user