Protect Against Unsafe Coefficients (#9109)

This commit is contained in:
Nishant Das 2021-06-28 17:53:03 +08:00 committed by GitHub
parent 442f8d1d3c
commit f75548ad1e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -204,6 +204,9 @@ func VerifyMultipleSignatures(sigs [][]byte, msgs [][32]byte, pubKeys []common.P
// Ignore error as the error will always be nil in `read` in math/rand.
randGen.Read(rbytes[:])
randLock.Unlock()
// Protect against the generator returning 0. Since the scalar value is
// derived from a big endian byte slice, we take the last byte.
rbytes[len(rbytes)-1] |= 0x01
scalar.FromBEndian(rbytes[:])
}
dummySig := new(blstSignature)