git: 82874dcb3610 - releng/13.0 - Always clamp curve25519 keys prior to use.
Peter Grehan
grehan at FreeBSD.org
Tue Feb 9 01:40:40 UTC 2021
The branch releng/13.0 has been updated by grehan:
URL: https://cgit.FreeBSD.org/src/commit/?id=82874dcb3610b1e57fb6b1b9db96ac4996bfa620
commit 82874dcb3610b1e57fb6b1b9db96ac4996bfa620
Author: Peter Grehan <grehan at FreeBSD.org>
AuthorDate: 2021-02-03 09:05:09 +0000
Commit: Peter Grehan <grehan at FreeBSD.org>
CommitDate: 2021-02-08 23:36:13 +0000
Always clamp curve25519 keys prior to use.
Approved by: re (gjb)
(cherry picked from commit 6136a10e355a7a837edecbccbed04c34b4bc32c9)
---
sys/dev/if_wg/module/curve25519.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sys/dev/if_wg/module/curve25519.c b/sys/dev/if_wg/module/curve25519.c
index e21d00bd2818..16f0b0337eb6 100644
--- a/sys/dev/if_wg/module/curve25519.c
+++ b/sys/dev/if_wg/module/curve25519.c
@@ -767,6 +767,7 @@ void curve25519_generic(u8 out[CURVE25519_KEY_SIZE],
u8 e[32];
memcpy(e, scalar, 32);
+ curve25519_clamp_secret(e);
/* The following implementation was transcribed to Coq and proven to
* correspond to unary scalar multiplication in affine coordinates given
More information about the dev-commits-src-all
mailing list