From 958060e2ec2fa8a9d242e2b6fc24a6f3777ee4e0 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 16 Jan 2018 01:01:40 +0100 Subject: [PATCH] Signatures: do not reject weak public keys if ED25519_COMPAT is defined --- src/libsodium/crypto_sign/ed25519/ref10/open.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/libsodium/crypto_sign/ed25519/ref10/open.c b/src/libsodium/crypto_sign/ed25519/ref10/open.c index c9e8843c..c9ac6a33 100644 --- a/src/libsodium/crypto_sign/ed25519/ref10/open.c +++ b/src/libsodium/crypto_sign/ed25519/ref10/open.c @@ -28,7 +28,8 @@ _crypto_sign_ed25519_verify_detached(const unsigned char *sig, ge25519_has_small_order(sig) != 0) { return -1; } - if (ge25519_is_canonical(pk) == 0) { + if (ge25519_is_canonical(pk) == 0 || + ge25519_has_small_order(pk) != 0) { return -1; } #else @@ -36,8 +37,7 @@ _crypto_sign_ed25519_verify_detached(const unsigned char *sig, return -1; } #endif - if (ge25519_has_small_order(pk) != 0 || - ge25519_frombytes_negate_vartime(&A, pk) != 0) { + if (ge25519_frombytes_negate_vartime(&A, pk) != 0) { return -1; } _crypto_sign_ed25519_ref10_hinit(&hs, prehashed);