diff options
| author | Frank Denis <124872+jedisct1@users.noreply.github.com> | 2022-11-24 12:13:37 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-11-24 12:13:37 +0100 |
| commit | feb806a212355956a33cc843a6d593741b93c5ec (patch) | |
| tree | 55577e257e02bbf07a4afa251110d61cd09b347f /lib/std | |
| parent | 02e1facc72fa9cb8e4793ecf114fdd61ea8df6bd (diff) | |
| download | zig-feb806a212355956a33cc843a6d593741b93c5ec.tar.gz zig-feb806a212355956a33cc843a6d593741b93c5ec.zip | |
std.crypto.ed25519 incremental signatures: hash the fallback noise (#13643)
If the noise parameter was null, we didn't use any noise at all.
We unconditionally generated random noise (`noise2`) but didn't use it.
Spotted by @cryptocode, thanks!
Diffstat (limited to 'lib/std')
| -rw-r--r-- | lib/std/crypto/25519/ed25519.zig | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/std/crypto/25519/ed25519.zig b/lib/std/crypto/25519/ed25519.zig index 552bd114a1..149191040a 100644 --- a/lib/std/crypto/25519/ed25519.zig +++ b/lib/std/crypto/25519/ed25519.zig @@ -318,6 +318,7 @@ pub const Ed25519 = struct { h.update(&scalar_and_prefix.prefix); var noise2: [noise_length]u8 = undefined; crypto.random.bytes(&noise2); + h.update(&noise2); if (noise) |*z| { h.update(z); } |