diff options
author | Damien Miller <djm@mindrot.org> | 2010-09-24 22:03:24 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2010-09-24 22:03:24 +1000 |
commit | f7540cd5c4047675d03b2426bb6c32d3ff811bf7 (patch) | |
tree | 6a1f00877c30f14cb8243dd965290c073489cd8c | |
parent | 857b02e37f3bd6d5390711521e2dd021beca3a3c (diff) |
- djm@cvs.openbsd.org 2010/09/20 04:50:53
[jpake.c schnorr.c]
check that received values are smaller than the group size in the
disabled and unfinished J-PAKE code.
avoids catastrophic security failure found by Sebastien Martini
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | jpake.c | 8 | ||||
-rw-r--r-- | schnorr.c | 10 |
3 files changed, 21 insertions, 2 deletions
@@ -15,6 +15,11 @@ | |||
15 | - djm@cvs.openbsd.org 2010/09/20 04:41:47 | 15 | - djm@cvs.openbsd.org 2010/09/20 04:41:47 |
16 | [ssh.c] | 16 | [ssh.c] |
17 | install a SIGCHLD handler to reap expiried child process; ok markus@ | 17 | install a SIGCHLD handler to reap expiried child process; ok markus@ |
18 | - djm@cvs.openbsd.org 2010/09/20 04:50:53 | ||
19 | [jpake.c schnorr.c] | ||
20 | check that received values are smaller than the group size in the | ||
21 | disabled and unfinished J-PAKE code. | ||
22 | avoids catastrophic security failure found by Sebastien Martini | ||
18 | 23 | ||
19 | 20100910 | 24 | 20100910 |
20 | - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact | 25 | - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: jpake.c,v 1.4 2010/07/13 23:13:16 djm Exp $ */ | 1 | /* $OpenBSD: jpake.c,v 1.5 2010/09/20 04:50:53 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 3 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
4 | * | 4 | * |
@@ -257,8 +257,12 @@ jpake_step2(struct modp_group *grp, BIGNUM *s, | |||
257 | /* Validate peer's step 1 values */ | 257 | /* Validate peer's step 1 values */ |
258 | if (BN_cmp(theirpub1, BN_value_one()) <= 0) | 258 | if (BN_cmp(theirpub1, BN_value_one()) <= 0) |
259 | fatal("%s: theirpub1 <= 1", __func__); | 259 | fatal("%s: theirpub1 <= 1", __func__); |
260 | if (BN_cmp(theirpub1, grp->p) >= 0) | ||
261 | fatal("%s: theirpub1 >= p", __func__); | ||
260 | if (BN_cmp(theirpub2, BN_value_one()) <= 0) | 262 | if (BN_cmp(theirpub2, BN_value_one()) <= 0) |
261 | fatal("%s: theirpub2 <= 1", __func__); | 263 | fatal("%s: theirpub2 <= 1", __func__); |
264 | if (BN_cmp(theirpub2, grp->p) >= 0) | ||
265 | fatal("%s: theirpub2 >= p", __func__); | ||
262 | 266 | ||
263 | if (schnorr_verify_buf(grp->p, grp->q, grp->g, theirpub1, | 267 | if (schnorr_verify_buf(grp->p, grp->q, grp->g, theirpub1, |
264 | theirid, theirid_len, theirpub1_proof, theirpub1_proof_len) != 1) | 268 | theirid, theirid_len, theirpub1_proof, theirpub1_proof_len) != 1) |
@@ -363,6 +367,8 @@ jpake_key_confirm(struct modp_group *grp, BIGNUM *s, BIGNUM *step2_val, | |||
363 | /* Validate step 2 values */ | 367 | /* Validate step 2 values */ |
364 | if (BN_cmp(step2_val, BN_value_one()) <= 0) | 368 | if (BN_cmp(step2_val, BN_value_one()) <= 0) |
365 | fatal("%s: step2_val <= 1", __func__); | 369 | fatal("%s: step2_val <= 1", __func__); |
370 | if (BN_cmp(step2_val, grp->p) >= 0) | ||
371 | fatal("%s: step2_val >= p", __func__); | ||
366 | 372 | ||
367 | /* | 373 | /* |
368 | * theirpriv2_s_proof is calculated with a different generator: | 374 | * theirpriv2_s_proof is calculated with a different generator: |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: schnorr.c,v 1.3 2009/03/05 07:18:19 djm Exp $ */ | 1 | /* $OpenBSD: schnorr.c,v 1.4 2010/09/20 04:50:53 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 3 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
4 | * | 4 | * |
@@ -138,6 +138,10 @@ schnorr_sign(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g, | |||
138 | error("%s: g_x < 1", __func__); | 138 | error("%s: g_x < 1", __func__); |
139 | return -1; | 139 | return -1; |
140 | } | 140 | } |
141 | if (BN_cmp(g_x, grp_p) >= 0) { | ||
142 | error("%s: g_x > g", __func__); | ||
143 | return -1; | ||
144 | } | ||
141 | 145 | ||
142 | h = g_v = r = tmp = v = NULL; | 146 | h = g_v = r = tmp = v = NULL; |
143 | if ((bn_ctx = BN_CTX_new()) == NULL) { | 147 | if ((bn_ctx = BN_CTX_new()) == NULL) { |
@@ -264,6 +268,10 @@ schnorr_verify(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g, | |||
264 | error("%s: g_x < 1", __func__); | 268 | error("%s: g_x < 1", __func__); |
265 | return -1; | 269 | return -1; |
266 | } | 270 | } |
271 | if (BN_cmp(g_x, grp_p) >= 0) { | ||
272 | error("%s: g_x >= p", __func__); | ||
273 | return -1; | ||
274 | } | ||
267 | 275 | ||
268 | h = g_xh = g_r = expected = NULL; | 276 | h = g_xh = g_r = expected = NULL; |
269 | if ((bn_ctx = BN_CTX_new()) == NULL) { | 277 | if ((bn_ctx = BN_CTX_new()) == NULL) { |