Update to latest curve25519-donna32

author: Nick Mathewson <nickm@torproject.org> 2014-07-15 15:42:20 +0200
committer: Nick Mathewson <nickm@torproject.org> 2014-07-15 15:42:20 +0200
commit: 8cc086059253347c82ebb1ff072abde56cd1da1a (patch)
tree: 833ea3cdf523b228eef7b77935d2d7b5f85f1765 /changes/curve25519-donna32-bug
parent: f5ce580babc5ca8466da02c53669a58bde8f5445 (diff)
download: tor-8cc086059253347c82ebb1ff072abde56cd1da1a.tar.gz
tor-8cc086059253347c82ebb1ff072abde56cd1da1a.zip
1 files changed, 10 insertions, 0 deletions
diff --git a/changes/curve25519-donna32-bug b/changes/curve25519-donna32-bug
new file mode 100644
index 0000000000..54892d77aa
--- /dev/null
+++ b/changes/curve25519-donna32-bug
@@ -0,0 +1,10 @@
+  o Major bugfixes:
+
+    - Fix a bug in the bounds-checking in the 32-bit curve25519-donna
+      implementation that caused incorrect results on 32-bit
+      implementations when certain malformed inputs were used along with
+      a small class of private ntor keys. This bug does not currently
+      appear to allow an attacker to learn private keys or impersonate a
+      Tor server, but it could provide a means to distinguish 32-bit Tor
+      implementations from 64-bit Tor implementations.
+
author	Nick Mathewson <nickm@torproject.org>	2014-07-15 15:42:20 +0200
committer	Nick Mathewson <nickm@torproject.org>	2014-07-15 15:42:20 +0200
commit	8cc086059253347c82ebb1ff072abde56cd1da1a (patch)
tree	833ea3cdf523b228eef7b77935d2d7b5f85f1765 /changes/curve25519-donna32-bug
parent	f5ce580babc5ca8466da02c53669a58bde8f5445 (diff)
download	tor-8cc086059253347c82ebb1ff072abde56cd1da1a.tar.gz tor-8cc086059253347c82ebb1ff072abde56cd1da1a.zip