check for zero K value from curve25519

author: Matt Johnston <matt@ucc.asn.au> 2015-11-25 22:15:59 +0800
committer: Matt Johnston <matt@ucc.asn.au> 2015-11-25 22:15:59 +0800
commit: 0d1690532e5e1f7b4c8f4a7346a54517a96ff01c (patch)
tree: 982dc615cd172685791d835e5045fbf13e24c214 /common-kex.c
parent: 5a6a1bd9d16709a9f5cc0979dcbacf17ef36a4ab (diff)
download: dropbear-0d1690532e5e1f7b4c8f4a7346a54517a96ff01c.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/common-kex.c b/common-kex.c
index e2b4f8e..b233819 100644
--- a/common-kex.c
+++ b/common-kex.c
@@ -760,6 +760,7 @@ void kexcurve25519_comb_key(struct kex_curve25519_param *param, buffer *buf_pub_
 	unsigned char out[CURVE25519_LEN];
 	const unsigned char* Q_C = NULL;
 	const unsigned char* Q_S = NULL;
+	char zeroes[CURVE25519_LEN] = {0};
 
 	if (buf_pub_them->len != CURVE25519_LEN)
 	{
@@ -767,6 +768,11 @@ void kexcurve25519_comb_key(struct kex_curve25519_param *param, buffer *buf_pub_
 	}
 
 	curve25519_donna(out, param->priv, buf_pub_them->data);
+
+	if (constant_time_memcmp(zeroes, out, CURVE25519_LEN) == 0) {
+		dropbear_exit("Bad curve25519");
+	}
+
 	m_mp_alloc_init_multi(&ses.dh_K, NULL);
 	bytes_to_mp(ses.dh_K, out, CURVE25519_LEN);
 	m_burn(out, sizeof(out));
author	Matt Johnston <matt@ucc.asn.au>	2015-11-25 22:15:59 +0800
committer	Matt Johnston <matt@ucc.asn.au>	2015-11-25 22:15:59 +0800
commit	0d1690532e5e1f7b4c8f4a7346a54517a96ff01c (patch)
tree	982dc615cd172685791d835e5045fbf13e24c214 /common-kex.c
parent	5a6a1bd9d16709a9f5cc0979dcbacf17ef36a4ab (diff)
download	dropbear-0d1690532e5e1f7b4c8f4a7346a54517a96ff01c.tar.gz