Date: Wed, 03 Feb 2021 11:06:37 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 252894] Fix public key derivation if WireGuard implementation Message-ID: <bug-252894-227-l2cR0tib52@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-252894-227@https.bugs.freebsd.org/bugzilla/> References: <bug-252894-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D252894 --- Comment #8 from commit-hook@FreeBSD.org --- A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3D5aaea4b99e5cc724e97e24a68876e8768= d3d8012 commit 5aaea4b99e5cc724e97e24a68876e8768d3d8012 Author: Peter Grehan <grehan@FreeBSD.org> AuthorDate: 2021-02-03 09:05:09 +0000 Commit: Peter Grehan <grehan@FreeBSD.org> CommitDate: 2021-02-03 09:05:09 +0000 Always clamp curve25519 keys prior to use. This fixes an issue where a private key contained bits that should have been cleared by the clamping process, but were passed through to the scalar multiplication routine and resulted in an invalid public key. Issue diagnosed (and an initial fix proposed) by shamaz.mazum in PR 252894. This fix suggested by Jason Donenfeld. PR: 252894 Reported by: shamaz.mazum Reviewed by: dch MFC after: 3 days sys/dev/if_wg/module/curve25519.c | 1 + 1 file changed, 1 insertion(+) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-252894-227-l2cR0tib52>