diff options
| author | George Kadianakis <desnacked@riseup.net> | 2017-06-28 14:12:20 +0300 |
|---|---|---|
| committer | George Kadianakis <desnacked@riseup.net> | 2017-06-28 14:58:22 +0300 |
| commit | 0269e4ffba02ff810b9098a67e8212c291d5fee5 (patch) | |
| tree | fd600062ba4bb1cf5f348f9ab6ade2aec67a6e5f /src/ext/ed25519 | |
| parent | 0d9873ac0daa82fa9d43c1eb7e93ec75758f2063 (diff) | |
| download | tor-0269e4ffba02ff810b9098a67e8212c291d5fee5.tar.gz tor-0269e4ffba02ff810b9098a67e8212c291d5fee5.zip | |
ed25519: Also check that retval in the ref10 implementation.
Diffstat (limited to 'src/ext/ed25519')
| -rw-r--r-- | src/ext/ed25519/ref10/blinding.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/src/ext/ed25519/ref10/blinding.c b/src/ext/ed25519/ref10/blinding.c index 8503f90edd..31332a2719 100644 --- a/src/ext/ed25519/ref10/blinding.c +++ b/src/ext/ed25519/ref10/blinding.c @@ -49,6 +49,7 @@ int ed25519_ref10_blind_public_key(unsigned char *out, unsigned char pkcopy[32]; ge_p3 A; ge_p2 Aprime; + int retval = -1; ed25519_ref10_gettweak(tweak, param); @@ -62,17 +63,22 @@ int ed25519_ref10_blind_public_key(unsigned char *out, * "ge_frombytes", we'd use that, but there isn't. */ memcpy(pkcopy, inp, 32); pkcopy[31] ^= (1<<7); - ge_frombytes_negate_vartime(&A, pkcopy); + if (ge_frombytes_negate_vartime(&A, pkcopy) != 0) { + goto done; + } /* There isn't a regular ge_scalarmult -- we have to do tweak*A + zero*B. */ ge_double_scalarmult_vartime(&Aprime, tweak, &A, zero); ge_tobytes(out, &Aprime); + retval = 0; + + done: memwipe(tweak, 0, sizeof(tweak)); memwipe(&A, 0, sizeof(A)); memwipe(&Aprime, 0, sizeof(Aprime)); memwipe(pkcopy, 0, sizeof(pkcopy)); - return 0; + return retval; } /* This is the group order encoded in a format that |