Diffusion FreeBSD src repository 6136a10e355a

Always clamp curve25519 keys prior to use.
6136a10e355a
Actions

Description

Always clamp curve25519 keys prior to use.

This fixes an issue where a private key contained bits that should
have been cleared by the clamping process, but were passed through
to the scalar multiplication routine and resulted in an invalid
public key.

Issue diagnosed (and an initial fix proposed) by shamaz.mazum in
PR 252894.

This fix suggested by Jason Donenfeld.

PR: 252894
Reported by: shamaz.mazum

(cherry picked from commit 5aaea4b99e5cc724e97e24a68876e8768d3d8012)

Details

Provenance

grehan

Authored on Feb 3 2021, 9:05 AM

Parents

rG154207a59bd2: powerpc64le: readd COMPAT_FREEBSD11 and COMPAT_FREEBSD12

Branches

Unknown

Tags

Unknown

Event Timeline

grehan committed rG6136a10e355a: Always clamp curve25519 keys prior to use. (authored by grehan).Feb 6 2021, 4:01 AM

grehan mentioned this in rG82874dcb3610: Always clamp curve25519 keys prior to use..Feb 9 2021, 1:41 AM

Changes (1)

Path

Size

sys/

dev/

if_wg/

module/

curve25519.c

rG6136a10e355a

View Options

sys/dev/if_wg/module/curve25519.c