upstream commit ban all-zero curve25519 keys as recommended by latest CFRG curves draft; ok markus

commit: f9b78852379b74a2d14e6fc94fe52af30b7e9c31 [log] [tgz]
author: djm@openbsd.org <djm@openbsd.org> Thu Mar 26 07:00:04 2015 +0000
committer: Damien Miller <djm@mindrot.org> Fri Mar 27 12:02:27 2015 +1100
tree: 8e6c292cf61656a0be2f744be2155956f0142fbf
parent: b8afbe2c1aaf573565e4da775261dfafc8b1ba9c [diff] [blame]
diff --git a/kexc25519.c b/kexc25519.c
index b6e6c40..8d8cd4a 100644
--- a/kexc25519.c
+++ b/kexc25519.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: kexc25519.c,v 1.8 2015/01/19 20:16:15 markus Exp $ */
+/* $OpenBSD: kexc25519.c,v 1.9 2015/03/26 07:00:04 djm Exp $ */
 /*
  * Copyright (c) 2001, 2013 Markus Friedl.  All rights reserved.
  * Copyright (c) 2010 Damien Miller.  All rights reserved.
@@ -66,6 +66,11 @@
 	u_char shared_key[CURVE25519_SIZE];
 	int r;
 
+	/* Check for all-zero public key */
+	explicit_bzero(shared_key, CURVE25519_SIZE);
+	if (timingsafe_bcmp(pub, shared_key, CURVE25519_SIZE) == 0)
+		return SSH_ERR_KEY_INVALID_EC_VALUE;
+
 	crypto_scalarmult_curve25519(shared_key, key, pub);
 #ifdef DEBUG_KEXECDH
 	dump_digest("shared secret", shared_key, CURVE25519_SIZE);
commit	f9b78852379b74a2d14e6fc94fe52af30b7e9c31	[log] [tgz]
author	djm@openbsd.org <djm@openbsd.org>	Thu Mar 26 07:00:04 2015 +0000
committer	Damien Miller <djm@mindrot.org>	Fri Mar 27 12:02:27 2015 +1100
tree	8e6c292cf61656a0be2f744be2155956f0142fbf
parent	b8afbe2c1aaf573565e4da775261dfafc8b1ba9c [diff] [blame]