From 8b6f5ef50555a1c4b8563c7cf21443913a07d637 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 25 Apr 2020 12:15:30 +0200 Subject: [PATCH] ristretto255_is_canonical(): sync with wasm-crypto Reject string with the top bit set. --- src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c b/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c index 4ae28731..4dc9d7f2 100644 --- a/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c +++ b/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c @@ -2758,6 +2758,7 @@ ristretto255_is_canonical(const unsigned char *s) { unsigned char c; unsigned char d; + unsigned char e; unsigned int i; c = (s[31] & 0x7f) ^ 0x7f; @@ -2766,8 +2767,9 @@ ristretto255_is_canonical(const unsigned char *s) } c = (((unsigned int) c) - 1U) >> 8; d = (0xed - 1U - (unsigned int) s[0]) >> 8; + e = s[31] >> 7; - return 1 - (((c & d) | s[0]) & 1); + return 1 - (((c & d) | e | s[0]) & 1); } int