1
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-24 12:36:01 -07:00

ed25519_open(): reject all small order public keys and non-canonical representations

This commit is contained in:
Frank Denis 2017-10-31 16:07:01 +01:00
parent ce56bb596f
commit 5808b83092

View File

@ -21,7 +21,6 @@ _crypto_sign_ed25519_verify_detached(const unsigned char *sig,
unsigned char h[64]; unsigned char h[64];
unsigned char rcheck[32]; unsigned char rcheck[32];
unsigned int i; unsigned int i;
unsigned char d = 0;
ge_p3 A; ge_p3 A;
ge_p2 R; ge_p2 R;
@ -34,13 +33,8 @@ _crypto_sign_ed25519_verify_detached(const unsigned char *sig,
return -1; return -1;
} }
#endif #endif
if (ge_frombytes_negate_vartime(&A, pk) != 0) { if (ge_is_canonical(pk) == 0 || ge_has_small_order(pk) != 0 ||
return -1; ge_frombytes_negate_vartime(&A, pk) != 0) {
}
for (i = 0; i < 32; ++i) {
d |= pk[i];
}
if (d == 0) {
return -1; return -1;
} }
_crypto_sign_ed25519_ref10_hinit(&hs, prehashed); _crypto_sign_ed25519_ref10_hinit(&hs, prehashed);