system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-09-20 00:33:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

Always clamp curve25519 keys prior to use.

Browse source 
This fixes an issue where a private key	contained bits that should
have been cleared by the clamping process, but were passed through
to the scalar multiplication routine and resulted in an	invalid
public key.

Issue diagnosed	(and an	initial	fix proposed) by shamaz.mazum in
PR 252894.

This fix suggested by Jason Donenfeld.

PR:		252894
Reported by:	shamaz.mazum
Reviewed by:	dch
MFC after:	3 days
This commit is contained in:
Peter Grehan 2021-02-03 19:05:09 +10:00
parent 9b131f1e51
commit 5aaea4b99e
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
sys/dev/if_wg/module/curve25519.c
View file

@ -767,6 +767,7 @@ void curve25519_generic(u8 out[CURVE25519_KEY_SIZE],
u8 e[32];
memcpy(e, scalar, 32);
curve25519_clamp_secret(e);
/* The following implementation was transcribed to Coq and proven to
* correspond to unary scalar multiplication in affine coordinates given