[Bug 252894] Fix public key derivation if WireGuard implementation

Sat Feb 6 06:10:37 UTC 2021

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=252894

--- Comment #9 from commit-hook at FreeBSD.org ---
A commit in branch stable/13 references this bug:

URL:
https://cgit.FreeBSD.org/src/commit/?id=6136a10e355a7a837edecbccbed04c34b4bc32c9

commit 6136a10e355a7a837edecbccbed04c34b4bc32c9
Author:     Peter Grehan <grehan at FreeBSD.org>
AuthorDate: 2021-02-03 09:05:09 +0000
Commit:     Peter Grehan <grehan at FreeBSD.org>
CommitDate: 2021-02-06 04:01:18 +0000

    Always clamp curve25519 keys prior to use.

    This fixes an issue where a private key contained bits that should
    have been cleared by the clamping process, but were passed through
    to the scalar multiplication routine and resulted in an invalid
    public key.

    Issue diagnosed (and an initial fix proposed) by shamaz.mazum in
    PR 252894.

    This fix suggested by Jason Donenfeld.

    PR:             252894
    Reported by:    shamaz.mazum

    (cherry picked from commit 5aaea4b99e5cc724e97e24a68876e8768d3d8012)

 sys/dev/if_wg/module/curve25519.c | 1 +
 1 file changed, 1 insertion(+)

-- 
You are receiving this mail because:
You are the assignee for the bug.