git.codecow.com Git - Monocypher.git/commit

]> git.codecow.com Git - Monocypher.git/commit

author	Loup Vaillant <loup@loup-vaillant.fr>
	Sat, 14 Oct 2017 10:11:20 +0000 (12:11 +0200)
committer	Loup Vaillant <loup@loup-vaillant.fr>
	Sat, 14 Oct 2017 10:11:20 +0000 (12:11 +0200)
commit	f7297c27e3f6a440165443a9bc46e3fc41094150
tree	1606deb811e0f84496277543d7fe18e1c124b5da	tree \| snapshot
parent	f74ae86d53e541d38ca46afe050f2e17d1f774f1	commit \| diff

Fixed bogus comparison functions

Found by michaelforney on Github.

- On neq0 , I used ^ instead of |
- On zerocmp32, I used + instead of |

Both errors lead to false negatives: you *think* all went well and the
number looks like it is indeed, zero, but it's not. This could lead
to vulnerabilities in practice, where we could use the flaws in the
comparison functions to find pseudo-collisions, that defeat the checks
without being actual collisions.

Oops.

src/monocypher.c

diff | blob | history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom