Update comments
Reference the bug report in DL_SignerBase::SignAndRestart for future readerspull/871/head
Jeffrey Walton
parent
f68f00f560
commit
176cab0dc5
8
pubkey.h
8
pubkey.h
|
|
@ -1604,8 +1604,8 @@ public:
|
||||||
if (rng.CanIncorporateEntropy())
|
if (rng.CanIncorporateEntropy())
|
||||||
rng.IncorporateEntropy(representative, representative.size());
|
rng.IncorporateEntropy(representative, representative.size());
|
||||||
|
|
||||||
|
Integer k, ks;
|
||||||
const Integer& q = params.GetSubgroupOrder();
|
const Integer& q = params.GetSubgroupOrder();
|
||||||
Integer k;
|
|
||||||
if (alg.IsDeterministic())
|
if (alg.IsDeterministic())
|
||||||
{
|
{
|
||||||
const Integer& x = key.GetPrivateExponent();
|
const Integer& x = key.GetPrivateExponent();
|
||||||
|
|
@ -1617,7 +1617,9 @@ public:
|
||||||
k.Randomize(rng, 1, params.GetSubgroupOrder()-1);
|
k.Randomize(rng, 1, params.GetSubgroupOrder()-1);
|
||||||
}
|
}
|
||||||
|
|
||||||
Integer ks = k + q;
|
// Due to timing attack on nonce length by Jancar
|
||||||
|
// https://github.com/weidai11/cryptopp/issues/869
|
||||||
|
ks = k + q;
|
||||||
if (ks.BitCount() == q.BitCount()) {
|
if (ks.BitCount() == q.BitCount()) {
|
||||||
ks += q;
|
ks += q;
|
||||||
}
|
}
|
||||||
|
|
@ -1635,7 +1637,7 @@ public:
|
||||||
alg.Sign(params, key.GetPrivateExponent(), ma.m_k, e, r, s);
|
alg.Sign(params, key.GetPrivateExponent(), ma.m_k, e, r, s);
|
||||||
*/
|
*/
|
||||||
|
|
||||||
size_t rLen = alg.RLen(params);
|
const size_t rLen = alg.RLen(params);
|
||||||
r.Encode(signature, rLen);
|
r.Encode(signature, rLen);
|
||||||
s.Encode(signature+rLen, alg.SLen(params));
|
s.Encode(signature+rLen, alg.SLen(params));
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue