diff options
| author | Peter Grehan <grehan@FreeBSD.org> | 2021-02-03 09:05:09 +0000 |
|---|---|---|
| committer | Peter Grehan <grehan@FreeBSD.org> | 2021-02-08 23:36:13 +0000 |
| commit | 82874dcb3610b1e57fb6b1b9db96ac4996bfa620 (patch) | |
| tree | f84b208b2216e64dfb937116cc21cc2c678f6d35 | |
| parent | 8cb8d8d998792e9c89516904f4951a060a9f2a49 (diff) | |
| download | src-82874dcb3610b1e57fb6b1b9db96ac4996bfa620.tar.gz src-82874dcb3610b1e57fb6b1b9db96ac4996bfa620.zip | |
Always clamp curve25519 keys prior to use.
Approved by: re (gjb)
(cherry picked from commit 6136a10e355a7a837edecbccbed04c34b4bc32c9)
| -rw-r--r-- | sys/dev/if_wg/module/curve25519.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sys/dev/if_wg/module/curve25519.c b/sys/dev/if_wg/module/curve25519.c index e21d00bd2818..16f0b0337eb6 100644 --- a/sys/dev/if_wg/module/curve25519.c +++ b/sys/dev/if_wg/module/curve25519.c @@ -767,6 +767,7 @@ void curve25519_generic(u8 out[CURVE25519_KEY_SIZE], u8 e[32]; memcpy(e, scalar, 32); + curve25519_clamp_secret(e); /* The following implementation was transcribed to Coq and proven to * correspond to unary scalar multiplication in affine coordinates given |