diff options
| author | George Kadianakis <desnacked@riseup.net> | 2021-07-30 16:35:48 +0300 |
|---|---|---|
| committer | Alexander Færøy <ahf@torproject.org> | 2021-08-11 13:14:05 +0000 |
| commit | fe5a9db1e6d32f6d706140a6ddda6b40db80434a (patch) | |
| tree | 80997b7a1a30343b27a3b07b4b1770f74d599345 /changes | |
| parent | 399518da022ea94bd0644082e29012a51aec5697 (diff) | |
| download | tor-fe5a9db1e6d32f6d706140a6ddda6b40db80434a.tar.gz tor-fe5a9db1e6d32f6d706140a6ddda6b40db80434a.zip | |
Disable ed25519-donna's batch verification.
Fixes bug 40078.
As reported by hdevalence our batch verification logic can cause an assert
crash.
The assert happens because when the batch verification of ed25519-donna fails,
the code in `ed25519_checksig_batch()` falls back to doing a single
verification for each signature.
The crash occurs because batch verification failed, but then all signatures
individually verified just fine.
That's because batch verification and single verification use a different
equation which means that there are sigs that can pass single verification
but fail batch verification.
Fixing this would require modding ed25519-donna which is not in scope for
this ticket, and will be soon deprecated in favor of arti and
ed25519-dalek, so my branch instead removes batch verification.
Diffstat (limited to 'changes')
| -rw-r--r-- | changes/bug40078 | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/changes/bug40078 b/changes/bug40078 new file mode 100644 index 0000000000..717309e076 --- /dev/null +++ b/changes/bug40078 @@ -0,0 +1,3 @@ + o Minor bugfix (crypto): + - Disable the unused batch verification feature of ed25519-donna. Fixes + bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry de Valence.
\ No newline at end of file |