<div dir="ltr"><div class="gmail_extra">FWIW:
</div><div class="gmail_extra"><br></div><div class="gmail_extra"><div class="" style="font-weight:bold;margin-top:1em;color:black;font-family:monospace;font-size:13.3333px;white-space:pre">diff --git a/src/crypto/curve25519.c b/src/crypto/curve25519.c<br>index 88a15f2..31c3753 100644<br>--- a/<a href="http://git.zx2c4.com/WireGuard/tree/src/crypto/curve25519.c?id=5e7623a1d383716350313205447d67e7bf40a4f9" style="color:blue;text-decoration:none">src/crypto/curve25519.c</a><br>+++ b/<a href="http://git.zx2c4.com/WireGuard/tree/src/crypto/curve25519.c?id=eeb22e141bd46750e072bfbc20f36ab0d923ecba" style="color:blue;text-decoration:none">src/crypto/curve25519.c</a></div><div class="" style="color:rgb(0,0,153);font-family:monospace;font-size:13.3333px;white-space:pre">@@ -8,6 +8,7 @@</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> #include "curve25519.h"</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> #include <linux/string.h></div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> #include <linux/random.h></div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+#include <crypto/algapi.h></div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> </div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> static __always_inline void normalize_secret(uint8_t secret[CURVE25519_POINT_SIZE])</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> {</div><div class="" style="color:rgb(0,0,153);font-family:monospace;font-size:13.3333px;white-space:pre">@@ -16,6 +17,8 @@ static __always_inline void normalize_secret(uint8_t secret[CURVE25519_POINT_SIZ</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">       secret[31] |= 64;</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> }</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> </div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+static const uint8_t zeros[CURVE25519_POINT_SIZE] = { 0 };</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> #ifdef __SIZEOF_INT128__</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> typedef uint64_t limb;</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> typedef limb felem[5];</div><div class="" style="color:rgb(0,0,153);font-family:monospace;font-size:13.3333px;white-space:pre">@@ -407,7 +410,7 @@ static void crecip(felem out, const felem z)</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">  /* 2^255 - 21 */ fmul(out, t0, a);</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> }</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> </div><div class="" style="color:red;font-family:monospace;font-size:13.3333px;white-space:pre">-void curve25519(uint8_t mypublic[CURVE25519_POINT_SIZE], const uint8_t secret[CURVE25519_POINT_SIZE], const uint8_t basepoint[CURVE25519_POINT_SIZE])</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+bool curve25519(uint8_t mypublic[CURVE25519_POINT_SIZE], const uint8_t secret[CURVE25519_POINT_SIZE], const uint8_t basepoint[CURVE25519_POINT_SIZE])</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> {</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">        limb bp[5], x[5], z[5], zmone[5];</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">     uint8_t e[32];</div><div class="" style="color:rgb(0,0,153);font-family:monospace;font-size:13.3333px;white-space:pre">@@ -420,6 +423,13 @@ void curve25519(uint8_t mypublic[CURVE25519_POINT_SIZE], const uint8_t secret[CU</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">  crecip(zmone, z);</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">     fmul(z, x, zmone);</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">    fcontract(mypublic, z);</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+     memzero_explicit(e, sizeof(e));</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+   memzero_explicit(bp, sizeof(bp));</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+ memzero_explicit(x, sizeof(x));</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+   memzero_explicit(z, sizeof(z));</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+   memzero_explicit(zmone, sizeof(zmone));</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+   return crypto_memneq(mypublic, zeros, CURVE25519_POINT_SIZE);</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> }</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> </div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> #else</div><div class="" style="color:rgb(0,0,153);font-family:monospace;font-size:13.3333px;white-space:pre">@@ -1212,7 +1222,7 @@ static void crecip(limb *out, const limb *z)</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">       /* 2^255 - 21 */ fmul(out,t1,z11);</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> }</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> </div><div class="" style="color:red;font-family:monospace;font-size:13.3333px;white-space:pre">-void curve25519(uint8_t mypublic[CURVE25519_POINT_SIZE], const uint8_t secret[CURVE25519_POINT_SIZE], const uint8_t basepoint[CURVE25519_POINT_SIZE])</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+bool curve25519(uint8_t mypublic[CURVE25519_POINT_SIZE], const uint8_t secret[CURVE25519_POINT_SIZE], const uint8_t basepoint[CURVE25519_POINT_SIZE])</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> {</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">        limb bp[10], x[10], z[11], zmone[10];</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">         uint8_t e[32];</div><div class="" style="color:rgb(0,0,153);font-family:monospace;font-size:13.3333px;white-space:pre">@@ -1225,6 +1235,13 @@ void curve25519(uint8_t mypublic[CURVE25519_POINT_SIZE], const uint8_t secret[CU</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">        crecip(zmone, z);</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">     fmul(z, x, zmone);</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">    fcontract(mypublic, z);</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+     memzero_explicit(e, sizeof(e));</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+   memzero_explicit(bp, sizeof(bp));</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+ memzero_explicit(x, sizeof(x));</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+   memzero_explicit(z, sizeof(z));</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+   memzero_explicit(zmone, sizeof(zmone));</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+   return crypto_memneq(mypublic, zeros, CURVE25519_POINT_SIZE);</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> }</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> #endif</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> </div><div class="" style="color:rgb(0,0,153);font-family:monospace;font-size:13.3333px;white-space:pre">@@ -1238,5 +1255,5 @@ void curve25519_generate_secret(uint8_t secret[CURVE25519_POINT_SIZE])</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> void curve25519_generate_public(uint8_t pub[CURVE25519_POINT_SIZE], const uint8_t secret[CURVE25519_POINT_SIZE])</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> {</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">     static const uint8_t basepoint[CURVE25519_POINT_SIZE] = { 9 };</div><div class="" style="color:red;font-family:monospace;font-size:13.3333px;white-space:pre">- curve25519(pub, secret, basepoint);</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+       curve25519(pub, secret, basepoint); /* We don't care about the return result of this because the basepoint is always correct */</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> }</div><div class="" style="font-weight:bold;margin-top:1em;color:black;font-family:monospace;font-size:13.3333px;white-space:pre">diff --git a/src/crypto/curve25519.h b/src/crypto/curve25519.h<br>index 52756d7..dc1feb9 100644<br>--- a/<a href="http://git.zx2c4.com/WireGuard/tree/src/crypto/curve25519.h?id=5e7623a1d383716350313205447d67e7bf40a4f9" style="color:blue;text-decoration:none">src/crypto/curve25519.h</a><br>+++ b/<a href="http://git.zx2c4.com/WireGuard/tree/src/crypto/curve25519.h?id=eeb22e141bd46750e072bfbc20f36ab0d923ecba" style="color:blue;text-decoration:none">src/crypto/curve25519.h</a></div><div class="" style="color:rgb(0,0,153);font-family:monospace;font-size:13.3333px;white-space:pre">@@ -9,7 +9,7 @@ enum curve25519_lengths {</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">    CURVE25519_POINT_SIZE = 32</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> };</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> </div><div class="" style="color:red;font-family:monospace;font-size:13.3333px;white-space:pre">-void curve25519(uint8_t mypublic[CURVE25519_POINT_SIZE], const uint8_t secret[CURVE25519_POINT_SIZE], const uint8_t basepoint[CURVE25519_POINT_SIZE]);</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+bool curve25519(uint8_t mypublic[CURVE25519_POINT_SIZE], const uint8_t secret[CURVE25519_POINT_SIZE], const uint8_t basepoint[CURVE25519_POINT_SIZE]);</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> void curve25519_generate_secret(uint8_t secret[CURVE25519_POINT_SIZE]);</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> void curve25519_generate_public(uint8_t pub[CURVE25519_POINT_SIZE], const uint8_t secret[CURVE25519_POINT_SIZE]);</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> </div><div class="" style="font-weight:bold;margin-top:1em;color:black;font-family:monospace;font-size:13.3333px;white-space:pre">diff --git a/src/noise/handshake.c b/src/noise/handshake.c<br>index ecfb6bd..ed3e149 100644<br>--- a/<a href="http://git.zx2c4.com/WireGuard/tree/src/noise/handshake.c?id=5e7623a1d383716350313205447d67e7bf40a4f9" style="color:blue;text-decoration:none">src/noise/handshake.c</a><br>+++ b/<a href="http://git.zx2c4.com/WireGuard/tree/src/noise/handshake.c?id=eeb22e141bd46750e072bfbc20f36ab0d923ecba" style="color:blue;text-decoration:none">src/noise/handshake.c</a></div><div class="" style="color:rgb(0,0,153);font-family:monospace;font-size:13.3333px;white-space:pre">@@ -58,14 +58,16 @@ bool noise_handshake_create_initiation(struct noise_message_handshake_initiation</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">      noise_handshake_nocrypt(dst->unencrypted_ephemeral, peer->handshake.ephemeral_public, NOISE_PUBLIC_KEY_LEN, peer->handshake.hash);</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> </div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">        /* dhes */</div><div class="" style="color:red;font-family:monospace;font-size:13.3333px;white-space:pre">-     noise_mix_dh(&peer->handshake.key, peer->handshake.ephemeral_private, peer->handshake.remote_static);</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+        if (!noise_mix_dh(&peer->handshake.key, peer->handshake.ephemeral_private, peer->handshake.remote_static))</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+           goto out;</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> </div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">  /* s */</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">       if (!noise_handshake_encrypt(dst->encrypted_static, peer->handshake.static_public, NOISE_PUBLIC_KEY_LEN, &peer->handshake.key, peer->handshake.hash))</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">                 goto out;</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> </div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">  /* dhss */</div><div class="" style="color:red;font-family:monospace;font-size:13.3333px;white-space:pre">-     noise_mix_dh(&peer->handshake.key, peer->handshake.static_private, peer->handshake.remote_static);</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+   if (!noise_mix_dh(&peer->handshake.key, peer->handshake.static_private, peer->handshake.remote_static))</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+              goto out;</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> </div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">  /* t */</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">       tai64n_now_packed(timestamp);</div><div class="" style="color:rgb(0,0,153);font-family:monospace;font-size:13.3333px;white-space:pre">@@ -117,14 +119,16 @@ struct wireguard_peer *noise_handshake_consume_initiation(struct noise_message_h</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">  noise_handshake_nocrypt(e, src->unencrypted_ephemeral, sizeof(src->unencrypted_ephemeral), hash);</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> </div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">    /* dhes */</div><div class="" style="color:red;font-family:monospace;font-size:13.3333px;white-space:pre">-     noise_mix_dh(&key, static_private, e);</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+        if (!noise_mix_dh(&key, static_private, e))</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+           goto out;</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> </div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">  /* s */</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">       if (!noise_handshake_decrypt(s, src->encrypted_static, sizeof(src->encrypted_static), &key, hash))</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">          goto out;</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> </div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">  /* dhss */</div><div class="" style="color:red;font-family:monospace;font-size:13.3333px;white-space:pre">-     noise_mix_dh(&key, static_private, s);</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+        if (!noise_mix_dh(&key, static_private, s))</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+           goto out;</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> </div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">  /* t */</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">       if (!noise_handshake_decrypt(t, src->encrypted_timestamp, sizeof(src->encrypted_timestamp), &key, hash))</div><div class="" style="color:rgb(0,0,153);font-family:monospace;font-size:13.3333px;white-space:pre">@@ -176,10 +180,12 @@ bool noise_handshake_create_response(struct noise_message_handshake_response *ds</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">             goto out;</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> </div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">  /* dhee */</div><div class="" style="color:red;font-family:monospace;font-size:13.3333px;white-space:pre">-     noise_mix_dh(&peer->handshake.key, peer->handshake.ephemeral_private, peer->handshake.remote_ephemeral);</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+     if (!noise_mix_dh(&peer->handshake.key, peer->handshake.ephemeral_private, peer->handshake.remote_ephemeral))</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+                goto out;</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> </div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">  /* dhes */</div><div class="" style="color:red;font-family:monospace;font-size:13.3333px;white-space:pre">-     noise_mix_dh(&peer->handshake.key, peer->handshake.ephemeral_private, peer->handshake.remote_static);</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+        if (!noise_mix_dh(&peer->handshake.key, peer->handshake.ephemeral_private, peer->handshake.remote_static))</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+           goto out;</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> </div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">  if (!noise_handshake_encrypt(dst->encrypted_nothing, NULL, 0, &peer->handshake.key, peer->handshake.hash))</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">               goto out;</div><div class="" style="color:rgb(0,0,153);font-family:monospace;font-size:13.3333px;white-space:pre">@@ -222,10 +228,12 @@ struct wireguard_peer *noise_handshake_consume_response(struct noise_message_han</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">      }</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> </div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">  /* dhee */</div><div class="" style="color:red;font-family:monospace;font-size:13.3333px;white-space:pre">-     noise_mix_dh(&key, peer->handshake.ephemeral_private, e);</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+  if (!noise_mix_dh(&key, peer->handshake.ephemeral_private, e))</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+             goto out;</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> </div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">  /* dhes */</div><div class="" style="color:red;font-family:monospace;font-size:13.3333px;white-space:pre">-     noise_mix_dh(&key, peer->handshake.static_private, e);</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+     if (!noise_mix_dh(&key, peer->handshake.static_private, e))</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+                goto out;</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> </div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">  /* decrypt nothing */</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">         decrypt_success = noise_handshake_decrypt(NULL, src->encrypted_nothing, sizeof(src->encrypted_nothing), &key, hash);</div><div class="" style="font-weight:bold;margin-top:1em;color:black;font-family:monospace;font-size:13.3333px;white-space:pre">diff --git a/src/noise/key.c b/src/noise/key.c<br>index 03089c9..fe7dd54 100644<br>--- a/<a href="http://git.zx2c4.com/WireGuard/tree/src/noise/key.c?id=5e7623a1d383716350313205447d67e7bf40a4f9" style="color:blue;text-decoration:none">src/noise/key.c</a><br>+++ b/<a href="http://git.zx2c4.com/WireGuard/tree/src/noise/key.c?id=eeb22e141bd46750e072bfbc20f36ab0d923ecba" style="color:blue;text-decoration:none">src/noise/key.c</a></div><div class="" style="color:rgb(0,0,153);font-family:monospace;font-size:13.3333px;white-space:pre">@@ -50,12 +50,14 @@ static inline bool derive_key(struct noise_symmetric_key *dst, struct noise_symm</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">  return true;</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> }</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> </div><div class="" style="color:red;font-family:monospace;font-size:13.3333px;white-space:pre">-void noise_mix_dh(struct noise_symmetric_key *key, const u8 private[NOISE_PUBLIC_KEY_LEN], const u8 public[NOISE_PUBLIC_KEY_LEN])</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+bool noise_mix_dh(struct noise_symmetric_key *key, const u8 private[NOISE_PUBLIC_KEY_LEN], const u8 public[NOISE_PUBLIC_KEY_LEN])</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> {</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">      u8 dh_calculation[NOISE_PUBLIC_KEY_LEN];</div><div class="" style="color:red;font-family:monospace;font-size:13.3333px;white-space:pre">-       curve25519(dh_calculation, private, public);</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+      if (!curve25519(dh_calculation, private, public))</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+         return false;</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">         kdf(key, dh_calculation, NOISE_PUBLIC_KEY_LEN);</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre">       memzero_explicit(dh_calculation, NOISE_PUBLIC_KEY_LEN);</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+   return true;</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> }</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> </div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> static void clear_old_session(struct rcu_head *rcu)</div><div class="" style="font-weight:bold;margin-top:1em;color:black;font-family:monospace;font-size:13.3333px;white-space:pre">diff --git a/src/noise/noise.h b/src/noise/noise.h<br>index 940e519..18f7beb 100644<br>--- a/<a href="http://git.zx2c4.com/WireGuard/tree/src/noise/noise.h?id=5e7623a1d383716350313205447d67e7bf40a4f9" style="color:blue;text-decoration:none">src/noise/noise.h</a><br>+++ b/<a href="http://git.zx2c4.com/WireGuard/tree/src/noise/noise.h?id=eeb22e141bd46750e072bfbc20f36ab0d923ecba" style="color:blue;text-decoration:none">src/noise/noise.h</a></div><div class="" style="color:rgb(0,0,153);font-family:monospace;font-size:13.3333px;white-space:pre">@@ -137,7 +137,7 @@ bool noise_handshake_decrypt(u8 *dst_plaintext, const u8 *src_ciphertext, size_t</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> void noise_handshake_nocrypt(u8 *dst, const u8 *src, size_t src_len, u8 hash[NOISE_HASH_LEN]);</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> void noise_symmetric_key_init(struct noise_symmetric_key *key, const u8 responder_static[NOISE_PUBLIC_KEY_LEN]);</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> void noise_handshake_clear(struct noise_handshake *handshake);</div><div class="" style="color:red;font-family:monospace;font-size:13.3333px;white-space:pre">-void noise_mix_dh(struct noise_symmetric_key *key, const u8 private[NOISE_PUBLIC_KEY_LEN], const u8 public[NOISE_PUBLIC_KEY_LEN]);</div><div class="" style="color:green;font-family:monospace;font-size:13.3333px;line-height:normal;white-space:pre">+bool noise_mix_dh(struct noise_symmetric_key *key, const u8 private[NOISE_PUBLIC_KEY_LEN], const u8 public[NOISE_PUBLIC_KEY_LEN]);</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> </div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> /* External API: */</div><div class="" style="color:rgb(51,51,51);font-family:monospace;font-size:13.3333px;white-space:pre"> bool noise_handshake_create_initiation(struct noise_message_handshake_initiation *dst, struct noise_peer *peer, u16 self_index);</div></div></div>