From 675149b9b8b66ff44152553fb3ebf9858128363d Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Wed, 13 Dec 2017 10:24:13 +0100
Subject: [PATCH] Comment

---
 .../crypto_scalarmult/curve25519/ref10/x25519_ref10.c        | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.c b/src/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.c
index 022a7474..7b93a724 100644
--- a/src/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.c
+++ b/src/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.c
@@ -8,6 +8,11 @@
 #include "utils.h"
 #include "x25519_ref10.h"
 
+/*
+ * Reject small order points early to mitigate the implications of
+ * unexpected optimizations that would affect the ref10 code.
+ * See https://eprint.iacr.org/2017/806.pdf for reference.
+ */
 static int
 has_small_order(const unsigned char s[32])
 {