From 90ff60cbb137f987159562275d89ecc26f098555 Mon Sep 17 00:00:00 2001
From: Daniel Huigens <d.huigens@protonmail.com>
Date: Thu, 16 Apr 2020 17:03:49 +0200
Subject: [PATCH] Fix verification of EdDSA signatures with short MPIs (#1083)

We would fail to verify EdDSA signatures with leading zeros, when
encoded according to the spec (without leading zeros, leading to
short MPIs). OpenPGP.js itself encodes them with leading zeros.
This is accepted by many implementations, but not valid according
to the spec. We will fix that in a future version.
---
 src/type/mpi.js | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/src/type/mpi.js b/src/type/mpi.js
index ab9502df..e4d6c952 100644
--- a/src/type/mpi.js
+++ b/src/type/mpi.js
@@ -98,16 +98,11 @@ MPI.prototype.toUint8Array = function (endian, length) {
   length = length || this.data.length;
 
   const payload = new Uint8Array(length);
-  const start = length - this.data.length;
-  if (start < 0) {
-    throw new Error('Payload is too large.');
-  }
-
+  const start = endian === 'le' ? 0 : length - this.data.length;
   payload.set(this.data, start);
   if (endian === 'le') {
     payload.reverse();
   }
-
   return payload;
 };