upstream commit

ban all-zero curve25519 keys as recommended by latest CFRG curves draft; ok markus
2024-11-23 18:23:25 +08:00 · 2015-03-26 07:00:04 +00:00 · 2015-03-26 07:00:04 +00:00 · f9b7885237
commit f9b7885237
parent b8afbe2c1a
1 changed files with 6 additions and 1 deletions
--- a/kexc25519.c
+++ b/kexc25519.c
@ -1,4 +1,4 @@
-/* $OpenBSD: kexc25519.c,v 1.8 2015/01/19 20:16:15 markus Exp $ */
+/* $OpenBSD: kexc25519.c,v 1.9 2015/03/26 07:00:04 djm Exp $ */
 /*
 * Copyright (c) 2001, 2013 Markus Friedl.  All rights reserved.
 * Copyright (c) 2010 Damien Miller.  All rights reserved.
@ -66,6 +66,11 @@ kexc25519_shared_key(const u_char key[CURVE25519_SIZE],
 	u_char shared_key[CURVE25519_SIZE];
 	int r;

+	/* Check for all-zero public key */
+	explicit_bzero(shared_key, CURVE25519_SIZE);
+	if (timingsafe_bcmp(pub, shared_key, CURVE25519_SIZE) == 0)
+		return SSH_ERR_KEY_INVALID_EC_VALUE;
+
 	crypto_scalarmult_curve25519(shared_key, key, pub);
 #ifdef DEBUG_KEXECDH
 	dump_digest("shared secret", shared_key, CURVE25519_SIZE);