Return -1 is the scalar was zero

This realistically only happen on misuse or with a completely broken PRG.

Calling misuse() would be a bit too intrusive here. So, we still store
the result (might be better than uninitialized memory if the application
doesn't check the return code), but return -1.
This commit is contained in:
Frank Denis 2017-10-24 17:25:37 +02:00
parent c150ceb677
commit e254a654dc

View File

@ -69,7 +69,9 @@ crypto_scalarmult_ed25519_base(unsigned char *q,
_crypto_scalarmult_ed25519_clamp(t); _crypto_scalarmult_ed25519_clamp(t);
ge_scalarmult_base(&Q, t); ge_scalarmult_base(&Q, t);
ge_p3_tobytes(q, &Q); ge_p3_tobytes(q, &Q);
if (sodium_is_zero(t, 32) != 0) {
return -1;
}
return 0; return 0;
} }