HISTORY: note 2.0.5 rejecting modified signatures

author Fabio Scotoni <34964387+fscoto@users.noreply.github.com>

Sat, 26 Sep 2020 06:26:58 +0000 (08:26 +0200)

committer Fabio Scotoni <34964387+fscoto@users.noreply.github.com>

Sat, 26 Sep 2020 06:26:58 +0000 (08:26 +0200)
author Fabio Scotoni <34964387+fscoto@users.noreply.github.com>
Sat, 26 Sep 2020 06:26:58 +0000 (08:26 +0200)
committer Fabio Scotoni <34964387+fscoto@users.noreply.github.com>
Sat, 26 Sep 2020 06:26:58 +0000 (08:26 +0200)
diff --git a/doc/man/man3/advanced/crypto_sign_init_first_pass.3monocypher b/doc/man/man3/advanced/crypto_sign_init_first_pass.3monocypher

index de6310e1a05a66b3dee1b746a856b2cbede6c90b..40c7f79626978fb6024a898221e77ff48d8d6b9c 100644 (file)
--- a/doc/man/man3/advanced/crypto_sign_init_first_pass.3monocypher
+++ b/doc/man/man3/advanced/crypto_sign_init_first_pass.3monocypher
@@ -50,7 +50,7 @@
  .\" with this software.  If not, see
  .\" <https://creativecommons.org/publicdomain/zero/1.0/>
  .\"
-.Dd March 31, 2020
+.Dd September 26, 2020
  .Dt CRYPTO_SIGN_INIT_FIRST_PASS 3MONOCYPHER
  .Os
  .Sh NAME
@@ -271,6 +271,12 @@ and
  .Fn crypto_check_final
  functions first appeared in Monocypher 1.1.0.
  .Pp
+Starting with Monocypher 2.0.5, modified signatures abusing the inherent
+signature malleability property of EdDSA now cause a non-zero return
+value of
+.Fn crypto_check_final ;
+in prior versions, such signatures would be accepted.
+.Pp
  .Sy A critical security vulnerability
  that caused all-zero signatures to be accepted was introduced in
  Monocypher 0.3;
diff --git a/doc/man/man3/crypto_sign.3monocypher b/doc/man/man3/crypto_sign.3monocypher

index 44c08c8bf9bb916b4c22bc33e6a50231d738781e..0c6b34bc9931294d801691f60eec14718f9dda44 100644 (file)
--- a/doc/man/man3/crypto_sign.3monocypher
+++ b/doc/man/man3/crypto_sign.3monocypher
@@ -50,7 +50,7 @@
  .\" with this software.  If not, see
  .\" <https://creativecommons.org/publicdomain/zero/1.0/>
  .\"
-.Dd March 31, 2020
+.Dd September 26, 2020
  .Dt CRYPTO_SIGN 3MONOCYPHER
  .Os
  .Sh NAME
@@ -208,6 +208,12 @@ and
  .Fn crypto_sign_public_key
  functions appeared in Monocypher 0.2.
  .Pp
+Starting with Monocypher 2.0.5, modified signatures abusing the inherent
+signature malleability property of EdDSA now cause a non-zero return
+value of
+.Fn crypto_check ;
+in prior versions, such signatures would be accepted.
+.Pp
  .Sy A critical security vulnerability
  that caused all-zero signatures to be accepted was introduced in
  Monocypher 0.3;
author	Fabio Scotoni <34964387+fscoto@users.noreply.github.com>
	Sat, 26 Sep 2020 06:26:58 +0000 (08:26 +0200)
committer	Fabio Scotoni <34964387+fscoto@users.noreply.github.com>
	Sat, 26 Sep 2020 06:26:58 +0000 (08:26 +0200)
doc/man/man3/advanced/crypto_sign_init_first_pass.3monocypher		patch \| blob \| history
doc/man/man3/crypto_sign.3monocypher		patch \| blob \| history