diff options
| author |   djm <djm@openbsd.org> | 2015-03-26 07:00:04 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2015-03-26 07:00:04 +0000 |
| commit | 4aa9b9295365e17cdfd9b24a859e22c8f05f1db8 (patch) | |
| tree | 307946799a03c2e2bfbd058d7b1d0dee93eccc35 | |
| parent | relax bits needed check to allow diffie-hellman-group1-sha1 key (diff) | |
| download | wireguard-openbsd-4aa9b9295365e17cdfd9b24a859e22c8f05f1db8.tar.xz wireguard-openbsd-4aa9b9295365e17cdfd9b24a859e22c8f05f1db8.zip | |
ban all-zero curve25519 keys as recommended by latest
CFRG curves draft; ok markus
| -rw-r--r-- | usr.bin/ssh/kexc25519.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/usr.bin/ssh/kexc25519.c b/usr.bin/ssh/kexc25519.c index 711770ea1c6..76fa63c3a1b 100644 --- a/usr.bin/ssh/kexc25519.c +++ b/usr.bin/ssh/kexc25519.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexc25519.c,v 1.8 2015/01/19 20:16:15 markus Exp $ */ +/* $OpenBSD: kexc25519.c,v 1.9 2015/03/26 07:00:04 djm Exp $ */ /* * Copyright (c) 2001, 2013 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -64,6 +64,11 @@ kexc25519_shared_key(const u_char key[CURVE25519_SIZE], u_char shared_key[CURVE25519_SIZE]; int r; + /* Check for all-zero public key */ + explicit_bzero(shared_key, CURVE25519_SIZE); + if (timingsafe_bcmp(pub, shared_key, CURVE25519_SIZE) == 0) + return SSH_ERR_KEY_INVALID_EC_VALUE; + crypto_scalarmult_curve25519(shared_key, key, pub); #ifdef DEBUG_KEXECDH dump_digest("shared secret", shared_key, CURVE25519_SIZE); |