[Bug 252894] Fix public key derivation if WireGuard implementation
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Feb 3 11:06:37 UTC 2021
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=252894
--- Comment #8 from commit-hook at FreeBSD.org ---
A commit in branch main references this bug:
URL:
https://cgit.FreeBSD.org/src/commit/?id=5aaea4b99e5cc724e97e24a68876e8768d3d8012
commit 5aaea4b99e5cc724e97e24a68876e8768d3d8012
Author: Peter Grehan <grehan at FreeBSD.org>
AuthorDate: 2021-02-03 09:05:09 +0000
Commit: Peter Grehan <grehan at FreeBSD.org>
CommitDate: 2021-02-03 09:05:09 +0000
Always clamp curve25519 keys prior to use.
This fixes an issue where a private key contained bits that should
have been cleared by the clamping process, but were passed through
to the scalar multiplication routine and resulted in an invalid
public key.
Issue diagnosed (and an initial fix proposed) by shamaz.mazum in
PR 252894.
This fix suggested by Jason Donenfeld.
PR: 252894
Reported by: shamaz.mazum
Reviewed by: dch
MFC after: 3 days
sys/dev/if_wg/module/curve25519.c | 1 +
1 file changed, 1 insertion(+)
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list