Added more checks on g_a and g

c4962665 · vysheng · f11ae198 · c4962665 · c4962665 · c4962665
Commit c4962665 authored Dec 24, 2013 by vysheng
Hide whitespace changes
Inline Side-by-side

Showing with 27 additions and 7 deletions

interface.c interface.c +1 -1

mtproto-client.c mtproto-client.c +21 -2

mtproto-client.h mtproto-client.h +2 -1

net.c net.c +1 -1

queries.c queries.c +2 -2

No files found.
--- a/interface.c
+++ b/interface.c
@@ -43,7 +43,7 @@

 #include "mtproto-common.h"

-#define ALLOW_MULT 1
+//#define ALLOW_MULT 1
 char *default_prompt = "> ";

 int unread_messages;

--- a/mtproto-client.c
+++ b/mtproto-client.c
@@ -462,7 +462,7 @@ int check_DH_params (BIGNUM *p, int g) {
  return 0;
 }

-int check_g (BIGNUM *g) {
+int check_g (unsigned char p[256], BIGNUM *g) {
  static unsigned char s[256];
  memset (s, 0, 256);
  assert (BN_num_bytes (g) <= 256);
@@ -484,9 +484,28 @@ int check_g (BIGNUM *g) {
    }
  }
  if (!ok) { return -1; }
+  ok = 0;
+  for (i = 0; i < 64; i++) {
+    if (s[i] < p[i]) { 
+      ok = 1;
+      break;
+    } else if (s[i] > p[i]) {
+      logprintf ("i = %d (%d %d)\n", i, (int)s[i], (int)p[i]);
+      return -1;
+    }
+  }
+  if (!ok) { return -1; }
  return 0;
 }

+int check_g_bn (BIGNUM *p, BIGNUM *g) {
+  static unsigned char s[256];
+  memset (s, 0, 256);
+  assert (BN_num_bytes (p) <= 256);
+  BN_bn2bin (p, s);
+  return check_g (s, g);
+}
+
 int process_dh_answer (struct connection *c, char *packet, int len) {
  if (verbosity) {
    logprintf ( "process_dh_answer(), len=%d\n", len);
@@ -519,7 +538,7 @@ int process_dh_answer (struct connection *c, char *packet, int len) {
  BN_init (&g_a);
  assert (fetch_bignum (&dh_prime) > 0);
  assert (fetch_bignum (&g_a) > 0);
-  assert (check_g (&g_a) >= 0);
+  assert (check_g_bn (&dh_prime, &g_a) >= 0);
  int server_time = *in_ptr++;
  assert (in_ptr <= in_end);


--- a/mtproto-client.h
+++ b/mtproto-client.h
@@ -26,6 +26,7 @@ long long encrypt_send_message (struct connection *c, int *msg, int msg_ints, in
 void dc_authorize (struct dc *DC);
 void work_update (struct connection *c, long long msg_id);
 void work_update_binlog (void);
-int check_g (BIGNUM *g);
+int check_g (unsigned char p[256], BIGNUM *g);
+int check_g_bn (BIGNUM *p, BIGNUM *g);
 int check_DH_params (BIGNUM *p, int g);
 #endif
--- a/net.c
+++ b/net.c
@@ -596,7 +596,7 @@ void insert_seqno (struct session *S, int seqno) {

 extern struct dc *DC_list[];

-struct dc *alloc_dc (int id, char *ip, int port) {
+struct dc *alloc_dc (int id, char *ip, int port UU) {
  assert (!DC_list[id]);
  struct dc *DC = malloc (sizeof (*DC));
  memset (DC, 0, sizeof (*DC));

--- a/queries.c
+++ b/queries.c
@@ -2270,7 +2270,7 @@ void do_send_accept_encr_chat (struct secret_chat *E, unsigned char *random) {
  assert (b);
  BIGNUM *g_a = BN_bin2bn (E->g_key, 256, 0);
  assert (g_a);
-  assert (check_g (g_a) >= 0);
+  assert (check_g (encr_prime, g_a) >= 0);
  if (!ctx) {
    ctx = BN_CTX_new ();
    BN_CTX_init (ctx);
@@ -2316,7 +2316,7 @@ void do_create_keys_end (struct secret_chat *U) {
  assert (encr_prime);
  BIGNUM *g_b = BN_bin2bn (U->g_key, 256, 0);
  assert (g_b);
-  assert (check_g (g_b) >= 0);
+  assert (check_g (encr_prime, g_b) >= 0);
  if (!ctx) {
    ctx = BN_CTX_new ();
    BN_CTX_init (ctx);