diff options
Diffstat (limited to 'src/crypto/x25519.c')
| -rw-r--r-- | src/crypto/x25519.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/src/crypto/x25519.c b/src/crypto/x25519.c index 750a2a71..d3a19bc8 100644 --- a/src/crypto/x25519.c +++ b/src/crypto/x25519.c @@ -59,6 +59,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include <stdint.h> #include <string.h> #include <assert.h> +#include <errno.h> #include <ipxe/init.h> #include <ipxe/x25519.h> @@ -781,10 +782,11 @@ static void x25519_reverse ( struct x25519_value *value ) { * @v base Base point * @v scalar Scalar multiple * @v result Point to hold result (may overlap base point) + * @ret rc Return status code */ -void x25519_key ( const struct x25519_value *base, - const struct x25519_value *scalar, - struct x25519_value *result ) { +int x25519_key ( const struct x25519_value *base, + const struct x25519_value *scalar, + struct x25519_value *result ) { struct x25519_value *tmp = result; union x25519_quad257 point; @@ -805,4 +807,7 @@ void x25519_key ( const struct x25519_value *base, /* Reverse result */ bigint_done ( &point.value, result->raw, sizeof ( result->raw ) ); x25519_reverse ( result ); + + /* Fail if result was all zeros (as required by RFC8422) */ + return ( bigint_is_zero ( &point.value ) ? -EPERM : 0 ); } |