CVS commit: src

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: src
From: "Taylor R Campbell" <riastradh%netbsd.org@localhost>
Date: Tue, 23 Jun 2026 04:11:41 +0000

Module Name:    src
Committed By:   riastradh
Date:           Tue Jun 23 04:11:41 UTC 2026

Modified Files:
        src/sys/net: if_wg.c
        src/tests/net/if_wg: t_basic.sh

Log Message:
wg(4): Drop KASSERT on result of crypto_scalarmult.

The result of this check is not relevant to security of the protocol,
either for static peer identity keys or for ephemeral handshake keys.
See comments for details.

We can't simply write

        (void)crypto_scalarmult(...);

because the function was tagged with warn_unused_result.  And
apparently libsodium may leave the output uninitialized if the check
fails.  So just yield zero instead of stack garbage / UB -- stack
garbage is probably actually fine since it is immediately hashed into
something that won't match anything so downstream logic will just drop
it, but UB might invite nefarious compilers to cause trouble.

PR security/60106: wg(4) should properly handle invalid or insecure
ephemeral Curve25119 public keys


To generate a diff of this commit:
cvs rdiff -u -r1.135 -r1.136 src/sys/net/if_wg.c
cvs rdiff -u -r1.8 -r1.9 src/tests/net/if_wg/t_basic.sh

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: src/tests/net/if_wg
Next by Date: CVS commit: src
Previous by Thread: CVS commit: src/tests/net/if_wg
Next by Thread: CVS commit: src
Indexes:

Home | Main Index | Thread Index | Old Index