cheng/libsodium
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Signatures: do not reject weak public keys if ED25519_COMPAT is defined

Browse Source
This commit is contained in:
Frank Denis 2018-01-16 01:01:40 +01:00
parent 0468e778d2
commit 958060e2ec
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/libsodium/crypto_sign/ed25519/ref10/open.c
View File

@ -28,7 +28,8 @@ _crypto_sign_ed25519_verify_detached(const unsigned char *sig,
ge25519_has_small_order(sig) != 0) { ge25519_has_small_order(sig) != 0) {
return -1; return -1;
} }
if (ge25519_is_canonical(pk) == 0) { if (ge25519_is_canonical(pk) == 0 ||
ge25519_has_small_order(pk) != 0) {
return -1; return -1;
} }
#else #else
@ -36,8 +37,7 @@ _crypto_sign_ed25519_verify_detached(const unsigned char *sig,
return -1; return -1;
} }
#endif #endif
if (ge25519_has_small_order(pk) != 0 || if (ge25519_frombytes_negate_vartime(&A, pk) != 0) {
ge25519_frombytes_negate_vartime(&A, pk) != 0) {
return -1; return -1;
} }
_crypto_sign_ed25519_ref10_hinit(&hs, prehashed); _crypto_sign_ed25519_ref10_hinit(&hs, prehashed);