X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/41e5bd9ad936e3dbb125ce07d90a15e1e1e619d6..e516451d451856ef9ab6b651d260a298ff45b139:/dh.c

diff --git a/dh.c b/dh.c
index 176fb746..e708ff78 100644
--- a/dh.c
+++ b/dh.c
@@ -1,3 +1,4 @@
+/* $OpenBSD: dh.c,v 1.43 2006/11/06 21:25:28 markus Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  *
@@ -23,17 +24,17 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: dh.c,v 1.30 2004/06/13 12:53:24 djm Exp $");
 
-#include "xmalloc.h"
+#include <sys/param.h>
 
 #include <openssl/bn.h>
 #include <openssl/dh.h>
-#include <openssl/evp.h>
 
-#include "buffer.h"
-#include "cipher.h"
-#include "kex.h"
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
 #include "dh.h"
 #include "pathnames.h"
 #include "log.h"
@@ -44,9 +45,11 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
 {
 	char *cp, *arg;
 	char *strsize, *gen, *prime;
+	const char *errstr = NULL;
 
 	cp = line;
-	arg = strdelim(&cp);
+	if ((arg = strdelim(&cp)) == NULL)
+		return 0;
 	/* Ignore leading whitespace */
 	if (*arg == '\0')
 		arg = strdelim(&cp);
@@ -67,7 +70,8 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
 		goto fail;
 	strsize = strsep(&cp, " "); /* size */
 	if (cp == NULL || *strsize == '\0' ||
-	    (dhg->size = atoi(strsize)) == 0)
+	    (dhg->size = (u_int)strtonum(strsize, 0, 64*1024, &errstr)) == 0 ||
+	    errstr)
 		goto fail;
 	/* The whole group is one bit larger */
 	dhg->size++;
@@ -145,7 +149,7 @@ choose_dh(int min, int wantbits, int max)
 	if (bestcount == 0) {
 		fclose(f);
 		logit("WARNING: no suitable primes in %s", _PATH_DH_PRIMES);
-		return (NULL);
+		return (dh_new_group14());
 	}
 
 	linenum = 0;
@@ -178,19 +182,36 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
 	int i;
 	int n = BN_num_bits(dh_pub);
 	int bits_set = 0;
+	BIGNUM *tmp;
 
 	if (dh_pub->neg) {
 		logit("invalid public DH value: negativ");
 		return 0;
 	}
+	if (BN_cmp(dh_pub, BN_value_one()) != 1) {	/* pub_exp <= 1 */
+		logit("invalid public DH value: <= 1");
+		return 0;
+	}
+
+	if ((tmp = BN_new()) == NULL)
+		return (-1);
+	if (!BN_sub(tmp, dh->p, BN_value_one()) ||
+	    BN_cmp(dh_pub, tmp) != -1) {		/* pub_exp > p-2 */
+		BN_clear_free(tmp);
+		logit("invalid public DH value: >= p-1");
+		return 0;
+	}
+	BN_clear_free(tmp);
+
 	for (i = 0; i <= n; i++)
 		if (BN_is_bit_set(dh_pub, i))
 			bits_set++;
 	debug2("bits set: %d/%d", bits_set, BN_num_bits(dh->p));
 
 	/* if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial */
-	if (bits_set > 1 && (BN_cmp(dh_pub, dh->p) == -1))
+	if (bits_set > 1)
 		return 1;
+
 	logit("invalid public DH value (%d/%d)", bits_set, BN_num_bits(dh->p));
 	return 0;
 }
@@ -233,9 +254,9 @@ dh_new_group_asc(const char *gen, const char *modulus)
 	if ((dh = DH_new()) == NULL)
 		fatal("dh_new_group_asc: DH_new");
 
-	if (BN_hex2bn(&dh->p, modulus) == 0)
+	if (BN_hex2bn(&dh->p, modulus) == NULL)
 		fatal("BN_hex2bn p");
-	if (BN_hex2bn(&dh->g, gen) == 0)
+	if (BN_hex2bn(&dh->g, gen) == NULL)
 		fatal("BN_hex2bn g");
 
 	return (dh);