crypto_check does not wipe context

author Loup Vaillant <loup@loup-vaillant.fr>

Mon, 16 Apr 2018 22:52:14 +0000 (00:52 +0200)

committer Loup Vaillant <loup@loup-vaillant.fr>

Mon, 16 Apr 2018 22:52:14 +0000 (00:52 +0200)
author Loup Vaillant <loup@loup-vaillant.fr>
Mon, 16 Apr 2018 22:52:14 +0000 (00:52 +0200)
committer Loup Vaillant <loup@loup-vaillant.fr>
Mon, 16 Apr 2018 22:52:14 +0000 (00:52 +0200)
diff --git a/doc/man/man3/crypto_sign_init_first_pass.3monocypher b/doc/man/man3/crypto_sign_init_first_pass.3monocypher

index 63f9620ebc4d38fa7ce0be157c21b71b30b5f31d..2687bded78d2767d2d907c87951ba80ae160a61f 100644 (file)
--- a/doc/man/man3/crypto_sign_init_first_pass.3monocypher
+++ b/doc/man/man3/crypto_sign_init_first_pass.3monocypher
@@ -102,7 +102,6 @@ Update with
  .It
  Signature verification with
  .Fn crypto_check_final .
-This also wipes the context.
  .El
  .Sh RETURN VALUES
  .Fn crypto_sign_init_first_pass ,
diff --git a/src/monocypher.c b/src/monocypher.c

index ea462e5f9778e2323db548a05b73645e1fcfafad..04656afb45edb9dea0bca8b0e6e7f1f8c67abc77 100644 (file)
--- a/src/monocypher.c
+++ b/src/monocypher.c
@@ -1676,6 +1676,7 @@ int crypto_check_final(crypto_check_ctx *ctx)
      ge_add(&diff, &p, &sB);                    // diff = s - A*h_ram
      ge_tobytes(R_check, &diff);
      return crypto_verify32(ctx->sig, R_check); // R == s - A*h_ram ? OK : fail
+    // No secret, no wipe
  }
  
  int crypto_check(const u8  signature[64],
author	Loup Vaillant <loup@loup-vaillant.fr>
	Mon, 16 Apr 2018 22:52:14 +0000 (00:52 +0200)
committer	Loup Vaillant <loup@loup-vaillant.fr>
	Mon, 16 Apr 2018 22:52:14 +0000 (00:52 +0200)
doc/man/man3/crypto_sign_init_first_pass.3monocypher		patch \| blob \| history
src/monocypher.c		patch \| blob \| history