diff options
| -rw-r--r-- | src/ext/ed25519/ref10/blinding.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/src/ext/ed25519/ref10/blinding.c b/src/ext/ed25519/ref10/blinding.c index 8503f90edd..31332a2719 100644 --- a/src/ext/ed25519/ref10/blinding.c +++ b/src/ext/ed25519/ref10/blinding.c @@ -49,6 +49,7 @@ int ed25519_ref10_blind_public_key(unsigned char *out, unsigned char pkcopy[32]; ge_p3 A; ge_p2 Aprime; + int retval = -1; ed25519_ref10_gettweak(tweak, param); @@ -62,17 +63,22 @@ int ed25519_ref10_blind_public_key(unsigned char *out, * "ge_frombytes", we'd use that, but there isn't. */ memcpy(pkcopy, inp, 32); pkcopy[31] ^= (1<<7); - ge_frombytes_negate_vartime(&A, pkcopy); + if (ge_frombytes_negate_vartime(&A, pkcopy) != 0) { + goto done; + } /* There isn't a regular ge_scalarmult -- we have to do tweak*A + zero*B. */ ge_double_scalarmult_vartime(&Aprime, tweak, &A, zero); ge_tobytes(out, &Aprime); + retval = 0; + + done: memwipe(tweak, 0, sizeof(tweak)); memwipe(&A, 0, sizeof(A)); memwipe(&Aprime, 0, sizeof(Aprime)); memwipe(pkcopy, 0, sizeof(pkcopy)); - return 0; + return retval; } /* This is the group order encoded in a format that |