View | Details | Raw Unified | Return to bug 3475 | Differences between
and this patch

Collapse All | Expand All

(-)file_not_specified_in_diff (-1 / +8 lines)
Line  Link Here
0 
-- openssh-9.0p1/ed25519.c        2022-04-05 19:47:48.000000000 -0500
 0 
++ openssh-9.0p1/ed25519.c        2022-09-24 12:54:09.826021259 -0500
Lines 127-132 int crypto_sign_ed25519_open( Link Here
127 
  ge25519_double_scalarmult_vartime(&get2, &get1, &schram, &ge25519_base, &scs);
 127 
  ge25519_double_scalarmult_vartime(&get2, &get1, &schram, &ge25519_base, &scs);
128 
  ge25519_pack(t2, &get2);
 128 
  ge25519_pack(t2, &get2);
129 

          129
          

        

            

              
              
              130
              
  /* nonsignificant bit #256 is nondeterministically set/clear in

            

            

              131
              
   * sm[31], but always clear in t2[31], so it needs to be copied

            

            

              132
              
   * verbatim from sm to t2, to avoid spurious mismatches from

            

            

              133
              
   * crypto_verify_32().

            

            

              134
              
   */

            

            

              135
              
  t2[31] |= sm[31] & 0x80;

            

            

              136
              

            

        

          130
          
  ret = crypto_verify_32(sm, t2);

          137
          
  ret = crypto_verify_32(sm, t2);

        

        

          131
          

          138
          

        

        

          132
          
  if (!ret)

          139
          
  if (!ret)

        






  

  Return to bug 3475