ed25519: Check retval of unpack_negative_vartime in donna.

author: George Kadianakis <desnacked@riseup.net> 2017-06-28 14:10:10 +0300
committer: George Kadianakis <desnacked@riseup.net> 2017-06-28 14:58:22 +0300
commit: 0d9873ac0daa82fa9d43c1eb7e93ec75758f2063 (patch)
tree: 19d611ce4abd0c6c3e97b86ec29ab40bbd5f0c11 /src/ext
parent: 559195ea82bf1c0610898fd96cd5a835b2e4f9a7 (diff)
download: tor-0d9873ac0daa82fa9d43c1eb7e93ec75758f2063.tar.gz
tor-0d9873ac0daa82fa9d43c1eb7e93ec75758f2063.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/src/ext/ed25519/donna/ed25519_tor.c b/src/ext/ed25519/donna/ed25519_tor.c
index bd11027efa..6bc22675ae 100644
--- a/src/ext/ed25519/donna/ed25519_tor.c
+++ b/src/ext/ed25519/donna/ed25519_tor.c
@@ -304,7 +304,9 @@ ed25519_donna_blind_public_key(unsigned char *out, const unsigned char *inp,
   /* No "ge25519_unpack", negate the public key. */
   memcpy(pkcopy, inp, 32);
   pkcopy[31] ^= (1<<7);
-  ge25519_unpack_negative_vartime(&A, pkcopy);
+  if (!ge25519_unpack_negative_vartime(&A, pkcopy)) {
+    return -1;
+  }
 
   /* A' = [tweak] * A + [0] * basepoint. */
   ge25519_double_scalarmult_vartime(&Aprime, &A, t, zero);
author	George Kadianakis <desnacked@riseup.net>	2017-06-28 14:10:10 +0300
committer	George Kadianakis <desnacked@riseup.net>	2017-06-28 14:58:22 +0300
commit	0d9873ac0daa82fa9d43c1eb7e93ec75758f2063 (patch)
tree	19d611ce4abd0c6c3e97b86ec29ab40bbd5f0c11 /src/ext
parent	559195ea82bf1c0610898fd96cd5a835b2e4f9a7 (diff)
download	tor-0d9873ac0daa82fa9d43c1eb7e93ec75758f2063.tar.gz tor-0d9873ac0daa82fa9d43c1eb7e93ec75758f2063.zip