Illumos Illumos-Gate Elliptic Curve Point Addition Vulnerability in Mixed Jacobian-Affine Coordinates

A vulnerability exists in the elliptic curve point addition algorithm of Illumos Illumos-Gate, specifically in the version released on 2024-02-15. The issue arises when the algorithm uses mixed Jacobian-affine coordinates, leading to an incorrect result of 'POINT_AT_INFINITY' under certain conditions. This flaw allows a man-in-the-middle attacker to disrupt a connection, causing the affected party to calculate an incorrect shared secret.

Impact

Exploitation of this vulnerability results in an incorrect computation of shared secrets during elliptic curve cryptographic operations, which could undermine the security of key exchange protocols.

Reproduction

The vulnerability can be reproduced by using the flawed elliptic curve point addition algorithm in mixed Jacobian-affine coordinates. This can be done by invoking the 'ec_GFp_pt_add_jm_aff' function with specific parameters that trigger the incorrect behavior, such as points that cause the intermediate calculation 'C' to equal zero, leading to a premature return of 'POINT_AT_INFINITY'.

Remediation

Users can update to the latest version of Illumos Illumos-Gate, where this vulnerability has been addressed. Instructions for updating can be found in the project's documentation.