| commit | 266419d244c1a4795407479693b016c5a8b5da96 | |
| author | Nick Mathewson <nickm@torproject.org> | |
| Mon, 4 Feb 2013 17:50:01 +0000 (4 12:50 -0500) | ||
| committer | Nick Mathewson <nickm@torproject.org> | |
| Thu, 7 Feb 2013 19:09:01 +0000 (7 14:09 -0500) | ||
| tree | cb5c0b8a9aab066209f81bb8b80cb1e7c3719929 | treesnapshot (tar.gz zip) |
| parent | 898f2d7c278442d2c4fbdf0126eaa406d503d088 | commitdiff |
Tolerate curve25519 backends where the high bit of the pk isn't ignored
Right now, all our curve25519 backends ignore the high bit of the
public key. But possibly, others could treat the high bit of the
public key as encoding out-of-bounds values, or as something to be
preserved. This could be used to distinguish clients with different
backends, at the cost of killing a circuit.
As a workaround, let's just clear the high bit of each public key
indiscriminately before we use it. Fix for bug 8121, reported by
rransom. Bugfix on 0.2.4.8-alpha.
Right now, all our curve25519 backends ignore the high bit of the
public key. But possibly, others could treat the high bit of the
public key as encoding out-of-bounds values, or as something to be
preserved. This could be used to distinguish clients with different
backends, at the cost of killing a circuit.
As a workaround, let's just clear the high bit of each public key
indiscriminately before we use it. Fix for bug 8121, reported by
rransom. Bugfix on 0.2.4.8-alpha.
| changes/bug8121 | [new file with mode: 0644] | blob |
| src/common/crypto_curve25519.c | diffblobblamehistory | |
| src/test/test_crypto.c | diffblobblamehistory |