From 8cc086059253347c82ebb1ff072abde56cd1da1a Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 15 Jul 2014 15:42:20 +0200 Subject: Update to latest curve25519-donna32 --- changes/curve25519-donna32-bug | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 changes/curve25519-donna32-bug (limited to 'changes') diff --git a/changes/curve25519-donna32-bug b/changes/curve25519-donna32-bug new file mode 100644 index 0000000000..54892d77aa --- /dev/null +++ b/changes/curve25519-donna32-bug @@ -0,0 +1,10 @@ + o Major bugfixes: + + - Fix a bug in the bounds-checking in the 32-bit curve25519-donna + implementation that caused incorrect results on 32-bit + implementations when certain malformed inputs were used along with + a small class of private ntor keys. This bug does not currently + appear to allow an attacker to learn private keys or impersonate a + Tor server, but it could provide a means to distinguish 32-bit Tor + implementations from 64-bit Tor implementations. + -- cgit v1.2.3-54-g00ecf From ad0cf550b727587337d2aed741923d3781bb334f Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 23 Jul 2014 21:25:53 -0400 Subject: Put the bug number and correct credits in the changes file for the new curve25519-donna32 --- changes/curve25519-donna32-bug | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'changes') diff --git a/changes/curve25519-donna32-bug b/changes/curve25519-donna32-bug index 54892d77aa..7fccab1b0c 100644 --- a/changes/curve25519-donna32-bug +++ b/changes/curve25519-donna32-bug @@ -6,5 +6,7 @@ a small class of private ntor keys. This bug does not currently appear to allow an attacker to learn private keys or impersonate a Tor server, but it could provide a means to distinguish 32-bit Tor - implementations from 64-bit Tor implementations. + implementations from 64-bit Tor implementations. Fixes bug 12694; + bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from + Adam Langley. -- cgit v1.2.3-54-g00ecf