From: Chris Duncan Date: Mon, 18 Aug 2025 04:39:42 +0000 (-0700) Subject: Execute functions regardless of conditional result. X-Git-Tag: v0.10.5~41^2~79 X-Git-Url: https://git.codecow.com/?a=commitdiff_plain;h=cb27f3eca6d1e1772ed0450ca5db229b1c232431;p=libnemo.git Execute functions regardless of conditional result. To maintain constant time verification, conditional calls or returns now continue through the rest of the flow and discard results if unneeded. --- diff --git a/src/lib/crypto/nano-nacl.ts b/src/lib/crypto/nano-nacl.ts index 52bf2ab..33962ce 100644 --- a/src/lib/crypto/nano-nacl.ts +++ b/src/lib/crypto/nano-nacl.ts @@ -370,20 +370,16 @@ export class NanoNaCl { this.Square(chk, r[0]) this.Multiply(chk, chk, den) - if (this.neq25519(chk, num)) { - this.Multiply(r[0], r[0], this.I) - } + this.Multiply(this.neq25519(chk, num) ? r[0] : new Float64Array(16), r[0], this.I) this.Square(chk, r[0]) this.Multiply(chk, chk, den) - if (this.neq25519(chk, num)) return -1 + const result = this.neq25519(chk, num) ? -1 : 0 - if (this.par25519(r[0]) === (p[31] >> 7)) { - this.Subtract(r[0], new Float64Array(16), r[0]) - } + this.Subtract(this.par25519(r[0]) === (p[31] >> 7) ? r[0] : new Float64Array(16), new Float64Array(16), r[0]) this.Multiply(r[3], r[0], r[1]) - return 0 + return result } static crypto_sign (sm: Uint8Array, m: Uint8Array, n: number, sk: Uint8Array, pk: Uint8Array): void { @@ -506,7 +502,7 @@ export class NanoNaCl { static open (signedMessage: Uint8Array, publicKey: Uint8Array): Uint8Array static open (signedMessage: unknown, publicKey: unknown): Uint8Array { try { - if (!(signedMessage instanceof Uint8Array)) { + if (!(signedMessage instanceof Uint8Array) || signedMessage.byteLength < this.crypto_sign_BYTES) { throw new TypeError('Signed message must be Uint8Array') } if (!(publicKey instanceof Uint8Array) || publicKey.byteLength !== this.crypto_sign_PUBLICKEYBYTES) {