Signatures: do not reject weak public keys if ED25519_COMPAT is defined

2018-01-16 01:01:40 +01:00 · 2018-01-16 01:01:40 +01:00 · 958060e2ec
commit 958060e2ec
parent 0468e778d2
1 changed files with 3 additions and 3 deletions
--- a/src/libsodium/crypto_sign/ed25519/ref10/open.c
+++ b/src/libsodium/crypto_sign/ed25519/ref10/open.c
@ -28,7 +28,8 @@ _crypto_sign_ed25519_verify_detached(const unsigned char *sig,
        ge25519_has_small_order(sig) != 0) {
        return -1;
    }
-    if (ge25519_is_canonical(pk) == 0) {
+    if (ge25519_is_canonical(pk) == 0 ||
+        ge25519_has_small_order(pk) != 0) {
        return -1;
    }
 #else
@ -36,8 +37,7 @@ _crypto_sign_ed25519_verify_detached(const unsigned char *sig,
        return -1;
    }
 #endif
-    if (ge25519_has_small_order(pk) != 0 ||
-        ge25519_frombytes_negate_vartime(&A, pk) != 0) {
+    if (ge25519_frombytes_negate_vartime(&A, pk) != 0) {
        return -1;
    }
    _crypto_sign_ed25519_ref10_hinit(&hs, prehashed);