Skip to content

Commit

Permalink
ed25519: don't use constant-time functions in Verify.
Browse files Browse the repository at this point in the history 
Verify operates only on public data and thus is not constant-time. The
use of a constant-time function in Verify was thus misleading.

Fixes golang/go#21137

Change-Id: I1ff5a0371fbe8abe62420f19acf3e416fe1b1428
Reviewed-on: https://go-review.googlesource.com/53074
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Kevin Burke <kev@inburke.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
  • Loading branch information
@agl
agl committed Aug 3, 2017
1 parent 418008d commit c412588
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions ed25519/ed25519.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,10 @@ package ed25519
// from SUPERCOP.

import (
"bytes"
"crypto"
cryptorand "crypto/rand"
"crypto/sha512"
"crypto/subtle"
"errors"
"io"
"strconv"
Expand Down Expand Up @@ -177,5 +177,5 @@ func Verify(publicKey PublicKey, message, sig []byte) bool {

var checkR [32]byte
R.ToBytes(&checkR)
return subtle.ConstantTimeCompare(sig[:32], checkR[:]) == 1
return bytes.Equal(sig[:32], checkR[:])
}

0 comments on commit c412588

Please sign in to comment.