Mercurial > dropbear
changeset 1013:a1e79ffa5862
Tighten validation of DH values. Odds of x==0 being generated are
improbable, roughly 2**-1023
Regression in 0.49
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Tue, 10 Feb 2015 21:46:19 +0800 |
parents | ffd2359564b0 |
children | 37c510c2ac7c cb7b510b4dd2 |
files | common-kex.c dbrandom.c debug.h options.h |
diffstat | 4 files changed, 15 insertions(+), 11 deletions(-) [+] |
line wrap: on
line diff
--- a/common-kex.c Wed Feb 04 22:12:06 2015 +0800 +++ b/common-kex.c Tue Feb 10 21:46:19 2015 +0800 @@ -629,16 +629,20 @@ void kexdh_comb_key(struct kex_dh_param *param, mp_int *dh_pub_them, sign_key *hostkey) { - mp_int dh_p; + DEF_MP_INT(dh_p); + DEF_MP_INT(dh_p_min1); mp_int *dh_e = NULL, *dh_f = NULL; - /* read the prime and generator*/ - m_mp_init(&dh_p); + m_mp_init_multi(&dh_p, &dh_p_min1, NULL); load_dh_p(&dh_p); - /* Check that dh_pub_them (dh_e or dh_f) is in the range [1, p-1] */ - if (mp_cmp(dh_pub_them, &dh_p) != MP_LT - || mp_cmp_d(dh_pub_them, 0) != MP_GT) { + if (mp_sub_d(&dh_p, 1, &dh_p_min1) != MP_OKAY) { + dropbear_exit("Diffie-Hellman error"); + } + + /* Check that dh_pub_them (dh_e or dh_f) is in the range [2, p-2] */ + if (mp_cmp(dh_pub_them, &dh_p_min1) != MP_LT + || mp_cmp_d(dh_pub_them, 1) != MP_GT) { dropbear_exit("Diffie-Hellman error"); } @@ -649,7 +653,7 @@ } /* clear no longer needed vars */ - mp_clear_multi(&dh_p, NULL); + mp_clear_multi(&dh_p, &dh_p_min1, NULL); /* From here on, the code needs to work with the _same_ vars on each side, * not vice-versaing for client/server */
--- a/dbrandom.c Wed Feb 04 22:12:06 2015 +0800 +++ b/dbrandom.c Tue Feb 10 21:46:19 2015 +0800 @@ -306,7 +306,7 @@ /* keep regenerating until we get one satisfying * 0 < rand < max */ - } while (mp_cmp(rand, max) != MP_LT); + } while (!(mp_cmp(rand, max) == MP_LT && mp_cmp_d(rand, 0) == MP_GT)); m_burn(randbuf, len); m_free(randbuf); }
--- a/debug.h Wed Feb 04 22:12:06 2015 +0800 +++ b/debug.h Tue Feb 10 21:46:19 2015 +0800 @@ -39,7 +39,7 @@ * Caution: Don't use this in an unfriendly environment (ie unfirewalled), * since the printing may not sanitise strings etc. This will add a reasonable * amount to your executable size. */ -/* #define DEBUG_TRACE */ +#define DEBUG_TRACE /* All functions writing to the cleartext payload buffer call * CHECKCLEARTOWRITE() before writing. This is only really useful if you're
--- a/options.h Wed Feb 04 22:12:06 2015 +0800 +++ b/options.h Tue Feb 10 21:46:19 2015 +0800 @@ -95,8 +95,8 @@ #define DROPBEAR_AES256 /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */ /*#define DROPBEAR_BLOWFISH*/ -/*#define DROPBEAR_TWOFISH256*/ -/*#define DROPBEAR_TWOFISH128*/ +#define DROPBEAR_TWOFISH256 +#define DROPBEAR_TWOFISH128 /* Enable CBC mode for ciphers. This has security issues though * is the most compatible with older SSH implementations */