aboutsummaryrefslogtreecommitdiff
path: root/libgo/go/crypto/tls/key_schedule.go
diff options
context:
space:
mode:
Diffstat (limited to 'libgo/go/crypto/tls/key_schedule.go')
-rw-r--r--libgo/go/crypto/tls/key_schedule.go15
1 files changed, 12 insertions, 3 deletions
diff --git a/libgo/go/crypto/tls/key_schedule.go b/libgo/go/crypto/tls/key_schedule.go
index 2cfc226..83e5480 100644
--- a/libgo/go/crypto/tls/key_schedule.go
+++ b/libgo/go/crypto/tls/key_schedule.go
@@ -7,11 +7,12 @@ package tls
import (
"crypto/elliptic"
"crypto/hmac"
+ "crypto/subtle"
"errors"
+ "golang.org/x/crypto/cryptobyte"
+ "golang.org/x/crypto/curve25519"
+ "golang.org/x/crypto/hkdf"
"hash"
- "internal/x/crypto/cryptobyte"
- "internal/x/crypto/curve25519"
- "internal/x/crypto/hkdf"
"io"
"math/big"
)
@@ -193,8 +194,16 @@ func (p *x25519Parameters) SharedKey(peerPublicKey []byte) []byte {
if len(peerPublicKey) != 32 {
return nil
}
+
var theirPublicKey, sharedKey [32]byte
copy(theirPublicKey[:], peerPublicKey)
curve25519.ScalarMult(&sharedKey, &p.privateKey, &theirPublicKey)
+
+ // Check for low-order inputs. See RFC 8422, Section 5.11.
+ var allZeroes [32]byte
+ if subtle.ConstantTimeCompare(allZeroes[:], sharedKey[:]) == 1 {
+ return nil
+ }
+
return sharedKey[:]
}
generated by cgit v1.1 at 2025-04-14 17:10:15 +0000