Signatures: do not reject weak public keys if ED25519_COMPAT is defined

This commit is contained in:
Frank Denis 2018-01-16 01:01:40 +01:00
parent 0468e778d2
commit 958060e2ec

View File

@ -28,7 +28,8 @@ _crypto_sign_ed25519_verify_detached(const unsigned char *sig,
ge25519_has_small_order(sig) != 0) { ge25519_has_small_order(sig) != 0) {
return -1; return -1;
} }
if (ge25519_is_canonical(pk) == 0) { if (ge25519_is_canonical(pk) == 0 ||
ge25519_has_small_order(pk) != 0) {
return -1; return -1;
} }
#else #else
@ -36,8 +37,7 @@ _crypto_sign_ed25519_verify_detached(const unsigned char *sig,
return -1; return -1;
} }
#endif #endif
if (ge25519_has_small_order(pk) != 0 || if (ge25519_frombytes_negate_vartime(&A, pk) != 0) {
ge25519_frombytes_negate_vartime(&A, pk) != 0) {
return -1; return -1;
} }
_crypto_sign_ed25519_ref10_hinit(&hs, prehashed); _crypto_sign_ed25519_ref10_hinit(&hs, prehashed);