DragonX/dragonx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

We do not need to check for sprout-related bugs in sodium since we do not use these functions #480

Browse Source
This commit is contained in:
Duke
2025-12-30 16:43:13 -05:00
parent 7a029528b7
commit ffa1378725
1 changed files with 2 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
src/crypto/common.h
View File

@@ -121,34 +121,8 @@ int inline init_and_check_sodium()
return -1;
}
// What follows is a runtime test that ensures the version of libsodium
// we're linked against checks that signatures are canonical (s < L).
const unsigned char message[1] = { 0 };
unsigned char pk[crypto_sign_PUBLICKEYBYTES];
unsigned char sk[crypto_sign_SECRETKEYBYTES];
unsigned char sig[crypto_sign_BYTES];
crypto_sign_keypair(pk, sk);
crypto_sign_detached(sig, NULL, message, sizeof(message), sk);
assert(crypto_sign_verify_detached(sig, message, sizeof(message), pk) == 0);
// Copied from libsodium/crypto_sign/ed25519/ref10/open.c
static const unsigned char L[32] =
{ 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10 };
// Add L to S, which starts at sig[32].
unsigned int s = 0;
for (size_t i = 0; i < 32; i++) {
s = sig[32 + i] + L[i] + (s >> 8);
sig[32 + i] = s & 0xff;
}
assert(crypto_sign_verify_detached(sig, message, sizeof(message), pk) != 0);
// We no longer need to check for canonical signatures since we no longer
// use the crypto_sign_* API since Sprout was removed
return 0;
}