]> git.ipfire.org Git - thirdparty/ipxe.git/commit
projects / thirdparty / ipxe.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: de8a082) | patch
[crypto] Check for all-zeros result from X25519 key exchange
authorMichael Brown <mcb30@ipxe.org>
Tue, 30 Jan 2024 13:14:21 +0000 (13:14 +0000)
committerMichael Brown <mcb30@ipxe.org>
Tue, 30 Jan 2024 13:21:01 +0000 (13:21 +0000)
commit27398f136030efb8845c45fbe154e544feefd7e5
tree11a7010a065c90bb0e0cd8040a158cf9cb41e09ctree
parentde8a0821c7bc737e724fa3dfb6d89dc36f591d7acommit | diff
[crypto] Check for all-zeros result from X25519 key exchange

RFC7748 states that it is entirely optional for X25519 Diffie-Hellman
implementations to check whether or not the result is the all-zero
value (indicating that an attacker sent a malicious public key with a
small order).  RFC8422 states that implementations in TLS must abort
the handshake if the all-zero value is obtained.

Return an error if the all-zero value is obtained, so that the TLS
code will not require knowledge specific to the X25519 curve.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
src/crypto/x25519.c diff | blob | blame | history
src/include/ipxe/errfile.h diff | blob | blame | history
src/include/ipxe/x25519.h diff | blob | blame | history
src/tests/x25519_test.c diff | blob | blame | history
Mirror of https://github.com/ipxe/ipxe.git