From: Fabio Scotoni <34964387+fscoto@users.noreply.github.com>
Date: Sat, 26 Sep 2020 06:26:58 +0000 (+0200)
Subject: HISTORY: note 2.0.5 rejecting modified signatures
X-Git-Url: https://git.codecow.com/?a=commitdiff_plain;h=6b726b323cd1a0255d195ed56b49d11930924b27;p=Monocypher.git

HISTORY: note 2.0.5 rejecting modified signatures

Change introduced in 974e55d21c1fac7a2e21f91cb7174601b653180a and
24f4be7acc3ec7ff613715a7a97597e587f6d6d8.

The actual reasons to introduce this were actually performance-related.

Sparked by #189.
---

diff --git a/doc/man/man3/advanced/crypto_sign_init_first_pass.3monocypher b/doc/man/man3/advanced/crypto_sign_init_first_pass.3monocypher
index de6310e..40c7f79 100644
--- a/doc/man/man3/advanced/crypto_sign_init_first_pass.3monocypher
+++ b/doc/man/man3/advanced/crypto_sign_init_first_pass.3monocypher
@@ -50,7 +50,7 @@
 .\" with this software.  If not, see
 .\" <https://creativecommons.org/publicdomain/zero/1.0/>
 .\"
-.Dd March 31, 2020
+.Dd September 26, 2020
 .Dt CRYPTO_SIGN_INIT_FIRST_PASS 3MONOCYPHER
 .Os
 .Sh NAME
@@ -271,6 +271,12 @@ and
 .Fn crypto_check_final
 functions first appeared in Monocypher 1.1.0.
 .Pp
+Starting with Monocypher 2.0.5, modified signatures abusing the inherent
+signature malleability property of EdDSA now cause a non-zero return
+value of
+.Fn crypto_check_final ;
+in prior versions, such signatures would be accepted.
+.Pp
 .Sy A critical security vulnerability
 that caused all-zero signatures to be accepted was introduced in
 Monocypher 0.3;
diff --git a/doc/man/man3/crypto_sign.3monocypher b/doc/man/man3/crypto_sign.3monocypher
index 44c08c8..0c6b34b 100644
--- a/doc/man/man3/crypto_sign.3monocypher
+++ b/doc/man/man3/crypto_sign.3monocypher
@@ -50,7 +50,7 @@
 .\" with this software.  If not, see
 .\" <https://creativecommons.org/publicdomain/zero/1.0/>
 .\"
-.Dd March 31, 2020
+.Dd September 26, 2020
 .Dt CRYPTO_SIGN 3MONOCYPHER
 .Os
 .Sh NAME
@@ -208,6 +208,12 @@ and
 .Fn crypto_sign_public_key
 functions appeared in Monocypher 0.2.
 .Pp
+Starting with Monocypher 2.0.5, modified signatures abusing the inherent
+signature malleability property of EdDSA now cause a non-zero return
+value of
+.Fn crypto_check ;
+in prior versions, such signatures would be accepted.
+.Pp
 .Sy A critical security vulnerability
 that caused all-zero signatures to be accepted was introduced in
 Monocypher 0.3;