ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-06-26 18:17:32 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

check for zero K value from curve25519

Browse Source
This commit is contained in:
Matt Johnston 2015-11-25 22:15:59 +08:00
parent 550b3056fd
commit 2293e3d105
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
common-kex.c
View File

@ -760,6 +760,7 @@ void kexcurve25519_comb_key(struct kex_curve25519_param *param, buffer *buf_pub_
unsigned char out[CURVE25519_LEN]; unsigned char out[CURVE25519_LEN];
const unsigned char* Q_C = NULL; const unsigned char* Q_C = NULL;
const unsigned char* Q_S = NULL; const unsigned char* Q_S = NULL;
char zeroes[CURVE25519_LEN] = {0};
if (buf_pub_them->len != CURVE25519_LEN) if (buf_pub_them->len != CURVE25519_LEN)
{ {
@ -767,6 +768,11 @@ void kexcurve25519_comb_key(struct kex_curve25519_param *param, buffer *buf_pub_
} }
curve25519_donna(out, param->priv, buf_pub_them->data); curve25519_donna(out, param->priv, buf_pub_them->data);
if (constant_time_memcmp(zeroes, out, CURVE25519_LEN) == 0) {
dropbear_exit("Bad curve25519");
}
m_mp_alloc_init_multi(&ses.dh_K, NULL); m_mp_alloc_init_multi(&ses.dh_K, NULL);
bytes_to_mp(ses.dh_K, out, CURVE25519_LEN); bytes_to_mp(ses.dh_K, out, CURVE25519_LEN);
m_burn(out, sizeof(out)); m_burn(out, sizeof(out));