Mercurial > dropbear

changeset 1175:1b8afc698e39

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
check for zero K value from curve25519
author Matt Johnston <matt@ucc.asn.au>
date Wed, 25 Nov 2015 22:15:59 +0800
parents 80cacacfec23
children 424822a6f8ee
files common-kex.c
diffstat 1 files changed, 6 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/common-kex.c	Wed Nov 25 20:46:06 2015 +0800
+++ b/common-kex.c	Wed Nov 25 22:15:59 2015 +0800
@@ -760,6 +760,7 @@
 	unsigned char out[CURVE25519_LEN];
 	const unsigned char* Q_C = NULL;
 	const unsigned char* Q_S = NULL;
+	char zeroes[CURVE25519_LEN] = {0};
 
 	if (buf_pub_them->len != CURVE25519_LEN)
 	{
@@ -767,6 +768,11 @@
 	}
 
 	curve25519_donna(out, param->priv, buf_pub_them->data);
+
+	if (constant_time_memcmp(zeroes, out, CURVE25519_LEN) == 0) {
+		dropbear_exit("Bad curve25519");
+	}
+
 	m_mp_alloc_init_multi(&ses.dh_K, NULL);
 	bytes_to_mp(ses.dh_K, out, CURVE25519_LEN);
 	m_burn(out, sizeof(out));