Fix constant time message open.

diff --git a/src/lib/crypto/nano-nacl.ts b/src/lib/crypto/nano-nacl.ts
index f44367869ff22980110c693968d41f87ce3ff7ac..f00c8e2a766f8634d384d036834568c342d65cce 100644 (file)
--- a/src/lib/crypto/nano-nacl.ts
+++ b/src/lib/crypto/nano-nacl.ts
@@ -431,7 +431,8 @@ export class NanoNaCl {
                const p: Float64Array[] = [new Float64Array(16), new Float64Array(16), new Float64Array(16), new Float64Array(16)]\r
                const q: Float64Array[] = [new Float64Array(16), new Float64Array(16), new Float64Array(16), new Float64Array(16)]\r
 \r
-               let result = this.unpackneg(q, pk) ? -1 : n\r
+               // eventually used in returned result but allow processing to continue\r
+               const neg = this.unpackneg(q, pk) & 1\r
 \r
                m.set(sm.subarray(0, n), 0)\r
                m.set(pk.subarray(0, 32), 32)\r
@@ -444,20 +445,14 @@ export class NanoNaCl {
                this.pack(t, p)\r
 \r
                n -= 64\r
-               if (this.#vn(sm, 0, t, 0, 32)) {\r
-                       for (let i = 0; i < n; i++) {\r
-                               m[i] = 0\r
-                       }\r
-                       result = -1\r
-               } else {\r
-                       for (let i = 0; i < n; i++) {\r
-                               m[i] = m[i]\r
-                       }\r
-                       result = n\r
+\r
+               // if any bits unequal, zero out and return -1\r
+               const vn = this.#vn(sm, t) ^ 1\r
+               for (let i = 0; i < n; i++) {\r
+                       m[i] = sm[i + 64] * vn\r
                }\r
-               m.set(sm.subarray(64, n + 64), 0)\r
-               result = result === -1 ? -1 : n\r
-               return result\r
+               n = (n * vn) - (vn ^ 1)\r
+               return (n * (neg ^ 1)) - neg\r
        }\r
 \r
        /**\r