3 files changed, 21 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index f9e0f6c09..ddfd7b357 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -15,6 +15,11 @@
    - djm@cvs.openbsd.org 2010/09/20 04:41:47
      [ssh.c]
      install a SIGCHLD handler to reap expiried child process; ok markus@
+   - djm@cvs.openbsd.org 2010/09/20 04:50:53
+     [jpake.c schnorr.c]
+     check that received values are smaller than the group size in the
+     disabled and unfinished J-PAKE code.
+     avoids catastrophic security failure found by Sebastien Martini
 
 20100910
  - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact
diff --git a/jpake.c b/jpake.c
index cdf65f509..38fc255c3 100644
--- a/jpake.c
+++ b/jpake.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: jpake.c,v 1.4 2010/07/13 23:13:16 djm Exp $ */
+/* $OpenBSD: jpake.c,v 1.5 2010/09/20 04:50:53 djm Exp $ */
 /*
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
  *
@@ -257,8 +257,12 @@ jpake_step2(struct modp_group *grp, BIGNUM *s,
         /* Validate peer's step 1 values */
         if (BN_cmp(theirpub1, BN_value_one()) <= 0)
                 fatal("%s: theirpub1 <= 1", __func__);
+        if (BN_cmp(theirpub1, grp->p) >= 0)
+                fatal("%s: theirpub1 >= p", __func__);
         if (BN_cmp(theirpub2, BN_value_one()) <= 0)
                 fatal("%s: theirpub2 <= 1", __func__);
+        if (BN_cmp(theirpub2, grp->p) >= 0)
+                fatal("%s: theirpub2 >= p", __func__);
 
         if (schnorr_verify_buf(grp->p, grp->q, grp->g, theirpub1,
             theirid, theirid_len, theirpub1_proof, theirpub1_proof_len) != 1)
@@ -363,6 +367,8 @@ jpake_key_confirm(struct modp_group *grp, BIGNUM *s, BIGNUM *step2_val,
         /* Validate step 2 values */
         if (BN_cmp(step2_val, BN_value_one()) <= 0)
                 fatal("%s: step2_val <= 1", __func__);
+        if (BN_cmp(step2_val, grp->p) >= 0)
+                fatal("%s: step2_val >= p", __func__);
 
         /*
          * theirpriv2_s_proof is calculated with a different generator:
diff --git a/schnorr.c b/schnorr.c
index c17ff3241..8da2feaad 100644
--- a/schnorr.c
+++ b/schnorr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: schnorr.c,v 1.3 2009/03/05 07:18:19 djm Exp $ */
+/* $OpenBSD: schnorr.c,v 1.4 2010/09/20 04:50:53 djm Exp $ */
 /*
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
  *
@@ -138,6 +138,10 @@ schnorr_sign(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g,
                 error("%s: g_x < 1", __func__);
                 return -1;
         }
+        if (BN_cmp(g_x, grp_p) >= 0) {
+                error("%s: g_x > g", __func__);
+                return -1;
+        }
 
         h = g_v = r = tmp = v = NULL;
         if ((bn_ctx = BN_CTX_new()) == NULL) {
@@ -264,6 +268,10 @@ schnorr_verify(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g,
                 error("%s: g_x < 1", __func__);
                 return -1;
         }
+        if (BN_cmp(g_x, grp_p) >= 0) {
+                error("%s: g_x >= p", __func__);
+                return -1;
+        }
 
         h = g_xh = g_r = expected = NULL;
         if ((bn_ctx = BN_CTX_new()) == NULL) {