From e2451761c670a9b4e615b10e5b1c34cf155188ce Mon Sep 17 00:00:00 2001 From: DeckerSU Date: Wed, 2 Oct 2024 17:12:42 +0200 Subject: [PATCH] use int instead of size_t in 0 <= s < L check loop using a signed integer type (int) is preferable here, to avoid potential issues with unsigned underflow. --- src/cryptoconditions/src/include/ed25519/src/verify.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cryptoconditions/src/include/ed25519/src/verify.c b/src/cryptoconditions/src/include/ed25519/src/verify.c index 55ce97785d..c749d9b991 100644 --- a/src/cryptoconditions/src/include/ed25519/src/verify.c +++ b/src/cryptoconditions/src/include/ed25519/src/verify.c @@ -70,7 +70,7 @@ int ed25519_verify(const unsigned char *signature, const unsigned char *message, /* make sure 0 <= s < L, as per RFC 8032, section 5.1.7 to prevent signature * malleability. Due to the three-bit check above (forces s < 2^253) there * is not that much room, but adding L once works with most signatures */ - for (size_t i = 31; ; i--) + for (int i = 31; ; i--) { if (signature[i+32] < curve25519_order[i]) {