ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-04-26 08:59:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Tighten validation of DH values. Odds of x==0 being generated are

Browse Source 
improbable, roughly 2**-1023
Regression in 0.49
This commit is contained in:
Matt Johnston 2015-02-10 21:46:19 +08:00
parent b6685bf806
commit c44a78a2e6
4 changed files with 15 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
common-kex.c
View File

@ -629,16 +629,20 @@ void free_kexdh_param(struct kex_dh_param *param)
void kexdh_comb_key(struct kex_dh_param *param, mp_int *dh_pub_them, void kexdh_comb_key(struct kex_dh_param *param, mp_int *dh_pub_them,
sign_key *hostkey) { sign_key *hostkey) {
mp_int dh_p; DEF_MP_INT(dh_p);
DEF_MP_INT(dh_p_min1);
mp_int *dh_e = NULL, *dh_f = NULL; mp_int *dh_e = NULL, *dh_f = NULL;
/* read the prime and generator*/ m_mp_init_multi(&dh_p, &dh_p_min1, NULL);
m_mp_init(&dh_p);
load_dh_p(&dh_p); load_dh_p(&dh_p);
/* Check that dh_pub_them (dh_e or dh_f) is in the range [1, p-1] */ if (mp_sub_d(&dh_p, 1, &dh_p_min1) != MP_OKAY) {
if (mp_cmp(dh_pub_them, &dh_p) != MP_LT dropbear_exit("Diffie-Hellman error");
|| mp_cmp_d(dh_pub_them, 0) != MP_GT) { }
/* Check that dh_pub_them (dh_e or dh_f) is in the range [2, p-2] */
if (mp_cmp(dh_pub_them, &dh_p_min1) != MP_LT
|| mp_cmp_d(dh_pub_them, 1) != MP_GT) {
dropbear_exit("Diffie-Hellman error"); dropbear_exit("Diffie-Hellman error");
} }
@ -649,7 +653,7 @@ void kexdh_comb_key(struct kex_dh_param *param, mp_int *dh_pub_them,
} }
/* clear no longer needed vars */ /* clear no longer needed vars */
mp_clear_multi(&dh_p, NULL); mp_clear_multi(&dh_p, &dh_p_min1, NULL);
/* From here on, the code needs to work with the _same_ vars on each side, /* From here on, the code needs to work with the _same_ vars on each side,
* not vice-versaing for client/server */ * not vice-versaing for client/server */

2
dbrandom.c
View File

@ -306,7 +306,7 @@ void gen_random_mpint(mp_int *max, mp_int *rand) {
/* keep regenerating until we get one satisfying /* keep regenerating until we get one satisfying
* 0 < rand < max */ * 0 < rand < max */
} while (mp_cmp(rand, max) != MP_LT); } while (!(mp_cmp(rand, max) == MP_LT && mp_cmp_d(rand, 0) == MP_GT));
m_burn(randbuf, len); m_burn(randbuf, len);
m_free(randbuf); m_free(randbuf);
} }

2
debug.h
View File

@ -39,7 +39,7 @@
* Caution: Don't use this in an unfriendly environment (ie unfirewalled), * Caution: Don't use this in an unfriendly environment (ie unfirewalled),
* since the printing may not sanitise strings etc. This will add a reasonable * since the printing may not sanitise strings etc. This will add a reasonable
* amount to your executable size. */ * amount to your executable size. */
/* #define DEBUG_TRACE */ #define DEBUG_TRACE
/* All functions writing to the cleartext payload buffer call /* All functions writing to the cleartext payload buffer call
* CHECKCLEARTOWRITE() before writing. This is only really useful if you're * CHECKCLEARTOWRITE() before writing. This is only really useful if you're

4
options.h
View File

@ -95,8 +95,8 @@ much traffic. */
#define DROPBEAR_AES256 #define DROPBEAR_AES256
/* Compiling in Blowfish will add ~6kB to runtime heap memory usage */ /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
/*#define DROPBEAR_BLOWFISH*/ /*#define DROPBEAR_BLOWFISH*/
/*#define DROPBEAR_TWOFISH256*/ #define DROPBEAR_TWOFISH256
/*#define DROPBEAR_TWOFISH128*/ #define DROPBEAR_TWOFISH128
/* Enable CBC mode for ciphers. This has security issues though /* Enable CBC mode for ciphers. This has security issues though
* is the most compatible with older SSH implementations */ * is the most compatible with older SSH implementations */