From 1cd063318647bc073467acfdb91af4f3e36e324c Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 31 Oct 2017 16:08:45 +0100 Subject: [PATCH] Accept non-canonical PKs if ED25519_COMPAT is defined --- src/libsodium/crypto_sign/ed25519/ref10/open.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/libsodium/crypto_sign/ed25519/ref10/open.c b/src/libsodium/crypto_sign/ed25519/ref10/open.c index d66f73a9..db3170b4 100644 --- a/src/libsodium/crypto_sign/ed25519/ref10/open.c +++ b/src/libsodium/crypto_sign/ed25519/ref10/open.c @@ -28,13 +28,15 @@ _crypto_sign_ed25519_verify_detached(const unsigned char *sig, if (sc_is_canonical(sig + 32) == 0 || ge_has_small_order(sig) != 0) { return -1; } + if (ge_is_canonical(pk) == 0) { + return -1; + } #else if (sig[63] & 224) { return -1; } #endif - if (ge_is_canonical(pk) == 0 || ge_has_small_order(pk) != 0 || - ge_frombytes_negate_vartime(&A, pk) != 0) { + if (ge_has_small_order(pk) != 0 || ge_frombytes_negate_vartime(&A, pk) != 0) { return -1; } _crypto_sign_ed25519_ref10_hinit(&hs, prehashed);