]> asedeno.scripts.mit.edu Git - PuTTY.git/commitdiff
Fix an assertion failure when loading Ed25519 keys.
authorBen Harris <bjh21@bjh21.me.uk>
Mon, 12 Oct 2015 22:43:49 +0000 (23:43 +0100)
committerBen Harris <bjh21@bjh21.me.uk>
Wed, 28 Oct 2015 22:08:33 +0000 (22:08 +0000)
"amax == 0 || a[amax] != 0"

Essentially, when decodepoint_ed() clears the top bit of the key, it
needs to call bn_restore_invariant() in case that left the high-order
word zero.

Bug found with the help of afl-fuzz.

sshecc.c

index bc842d0b467fa5f667d3a2856f5a6096f25e9ff4..541dd63cdb885b9b645be8aa41c9d4ac6dcfbcc8 100644 (file)
--- a/sshecc.c
+++ b/sshecc.c
@@ -1648,6 +1648,7 @@ static int decodepoint_ed(const char *p, int length, struct ec_point *point)
     /* Read x bit and then reset it */
     negative = bignum_bit(point->y, point->curve->fieldBits - 1);
     bignum_set_bit(point->y, point->curve->fieldBits - 1, 0);
+    bn_restore_invariant(point->y);
 
     /* Get the x from the y */
     point->x = ecp_edx(point->curve, point->y);