diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2010-09-20 04:50:54 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2010-09-20 04:50:54 +0000 |
| commit | fa0dc4d2ba2e52e12bb31d69f5c478a390dbe7bc (patch) | |
| tree | da5d8c2d34baec1e7d88048d0d9dcfb6ffedf924 /usr.bin | |
| parent | b599279a8c9ce40def19481c045bf247f72e5053 (diff) | |
check that received values are smaller than the group size in the
disabled and unfinished J-PAKE code.
avoids catastrophic security failure found by Sebastien Martini
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/ssh/jpake.c | 8 | ||||
| -rw-r--r-- | usr.bin/ssh/schnorr.c | 10 |
2 files changed, 16 insertions, 2 deletions
diff --git a/usr.bin/ssh/jpake.c b/usr.bin/ssh/jpake.c index 61240b05156..144551e2e0b 100644 --- a/usr.bin/ssh/jpake.c +++ b/usr.bin/ssh/jpake.c @@ -1,4 +1,4 @@ -/* $OpenBSD: jpake.c,v 1.4 2010/07/13 23:13:16 djm Exp $ */ +/* $OpenBSD: jpake.c,v 1.5 2010/09/20 04:50:53 djm Exp $ */ /* * Copyright (c) 2008 Damien Miller. All rights reserved. * @@ -255,8 +255,12 @@ jpake_step2(struct modp_group *grp, BIGNUM *s, /* Validate peer's step 1 values */ if (BN_cmp(theirpub1, BN_value_one()) <= 0) fatal("%s: theirpub1 <= 1", __func__); + if (BN_cmp(theirpub1, grp->p) >= 0) + fatal("%s: theirpub1 >= p", __func__); if (BN_cmp(theirpub2, BN_value_one()) <= 0) fatal("%s: theirpub2 <= 1", __func__); + if (BN_cmp(theirpub2, grp->p) >= 0) + fatal("%s: theirpub2 >= p", __func__); if (schnorr_verify_buf(grp->p, grp->q, grp->g, theirpub1, theirid, theirid_len, theirpub1_proof, theirpub1_proof_len) != 1) @@ -361,6 +365,8 @@ jpake_key_confirm(struct modp_group *grp, BIGNUM *s, BIGNUM *step2_val, /* Validate step 2 values */ if (BN_cmp(step2_val, BN_value_one()) <= 0) fatal("%s: step2_val <= 1", __func__); + if (BN_cmp(step2_val, grp->p) >= 0) + fatal("%s: step2_val >= p", __func__); /* * theirpriv2_s_proof is calculated with a different generator: diff --git a/usr.bin/ssh/schnorr.c b/usr.bin/ssh/schnorr.c index c9348f7a0e9..c3354dd9166 100644 --- a/usr.bin/ssh/schnorr.c +++ b/usr.bin/ssh/schnorr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: schnorr.c,v 1.3 2009/03/05 07:18:19 djm Exp $ */ +/* $OpenBSD: schnorr.c,v 1.4 2010/09/20 04:50:53 djm Exp $ */ /* * Copyright (c) 2008 Damien Miller. All rights reserved. * @@ -134,6 +134,10 @@ schnorr_sign(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g, error("%s: g_x < 1", __func__); return -1; } + if (BN_cmp(g_x, grp_p) >= 0) { + error("%s: g_x > g", __func__); + return -1; + } h = g_v = r = tmp = v = NULL; if ((bn_ctx = BN_CTX_new()) == NULL) { @@ -260,6 +264,10 @@ schnorr_verify(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g, error("%s: g_x < 1", __func__); return -1; } + if (BN_cmp(g_x, grp_p) >= 0) { + error("%s: g_x >= p", __func__); + return -1; + } h = g_xh = g_r = expected = NULL; if ((bn_ctx = BN_CTX_new()) == NULL) { |