Merge remote-tracking branch 'origin/maint-0.2.5'

author: Nick Mathewson <nickm@torproject.org> 2014-07-23 21:28:58 -0400
committer: Nick Mathewson <nickm@torproject.org> 2014-07-23 21:28:58 -0400
commit: dfe80c966d5136bc4f3287f4f762384ecc4df0c5 (patch)
tree: 4dcc0c26b8c10d3d457c17dfff3a69fa3171ab9b /changes
parent: 641c1584f7be8de88d3c58eae96c5c022a4870d1 (diff)
parent: 5c200d9be28ac9e53caac333ddd334539524d9e1 (diff)
download: tor-dfe80c966d5136bc4f3287f4f762384ecc4df0c5.tar.gz
tor-dfe80c966d5136bc4f3287f4f762384ecc4df0c5.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/changes/curve25519-donna32-bug b/changes/curve25519-donna32-bug
new file mode 100644
index 0000000000..7fccab1b0c
--- /dev/null
+++ b/changes/curve25519-donna32-bug
@@ -0,0 +1,12 @@
+  o Major bugfixes:
+
+    - Fix a bug in the bounds-checking in the 32-bit curve25519-donna
+      implementation that caused incorrect results on 32-bit
+      implementations when certain malformed inputs were used along with
+      a small class of private ntor keys. This bug does not currently
+      appear to allow an attacker to learn private keys or impersonate a
+      Tor server, but it could provide a means to distinguish 32-bit Tor
+      implementations from 64-bit Tor implementations. Fixes bug 12694;
+      bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from
+      Adam Langley.
+
author	Nick Mathewson <nickm@torproject.org>	2014-07-23 21:28:58 -0400
committer	Nick Mathewson <nickm@torproject.org>	2014-07-23 21:28:58 -0400
commit	dfe80c966d5136bc4f3287f4f762384ecc4df0c5 (patch)
tree	4dcc0c26b8c10d3d457c17dfff3a69fa3171ab9b /changes
parent	641c1584f7be8de88d3c58eae96c5c022a4870d1 (diff)
parent	5c200d9be28ac9e53caac333ddd334539524d9e1 (diff)
download	tor-dfe80c966d5136bc4f3287f4f762384ecc4df0c5.tar.gz tor-dfe80c966d5136bc4f3287f4f762384ecc4df0c5.zip