diff options
| author | Damien Miller <djm@mindrot.org> | 2010-09-24 14:03:24 +0200 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2010-09-24 14:03:24 +0200 |
| commit | f7540cd5c4047675d03b2426bb6c32d3ff811bf7 (patch) | |
| tree | 6a1f00877c30f14cb8243dd965290c073489cd8c /schnorr.c | |
| parent | - djm@cvs.openbsd.org 2010/09/20 04:41:47 (diff) | |
| download | openssh-f7540cd5c4047675d03b2426bb6c32d3ff811bf7.tar.xz openssh-f7540cd5c4047675d03b2426bb6c32d3ff811bf7.zip | |
- djm@cvs.openbsd.org 2010/09/20 04:50:53
[jpake.c schnorr.c]
check that received values are smaller than the group size in the
disabled and unfinished J-PAKE code.
avoids catastrophic security failure found by Sebastien Martini
Diffstat (limited to '')
| -rw-r--r-- | schnorr.c | 10 |
1 files changed, 9 insertions, 1 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: schnorr.c,v 1.3 2009/03/05 07:18:19 djm Exp $ */ +/* $OpenBSD: schnorr.c,v 1.4 2010/09/20 04:50:53 djm Exp $ */ /* * Copyright (c) 2008 Damien Miller. All rights reserved. * @@ -138,6 +138,10 @@ schnorr_sign(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g, error("%s: g_x < 1", __func__); return -1; } + if (BN_cmp(g_x, grp_p) >= 0) { + error("%s: g_x > g", __func__); + return -1; + } h = g_v = r = tmp = v = NULL; if ((bn_ctx = BN_CTX_new()) == NULL) { @@ -264,6 +268,10 @@ schnorr_verify(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g, error("%s: g_x < 1", __func__); return -1; } + if (BN_cmp(g_x, grp_p) >= 0) { + error("%s: g_x >= p", __func__); + return -1; + } h = g_xh = g_r = expected = NULL; if ((bn_ctx = BN_CTX_new()) == NULL) { |