diff options
| author | Darren Tucker <dtucker@cvs.openbsd.org> | 2014-01-25 10:12:51 +0000 |
|---|---|---|
| committer | Darren Tucker <dtucker@cvs.openbsd.org> | 2014-01-25 10:12:51 +0000 |
| commit | e6745f425790cd5ec55c5e38abcc2113f5083924 (patch) | |
| tree | 5ddf42b91246283af0a1b64c41901c92f82f1eb3 /usr.bin/ssh/kex.c | |
| parent | d0a5c9f5133d4c84e7bc7914dc7d40229ce0c562 (diff) | |
Add a special case for the DH group size for 3des-cbc, which has an
effective strength much lower than the key size. This causes problems
with some cryptlib implementations, which don't support group sizes larger
than 4k but also don't use the largest group size it does support as
specified in the RFC. Based on a patch from Petr Lautrbach at Redhat,
reduced by me with input from Markus. ok djm@ markus@
Diffstat (limited to 'usr.bin/ssh/kex.c')
| -rw-r--r-- | usr.bin/ssh/kex.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/usr.bin/ssh/kex.c b/usr.bin/ssh/kex.c index 389f6068b8d..14476507d47 100644 --- a/usr.bin/ssh/kex.c +++ b/usr.bin/ssh/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.95 2014/01/12 08:13:13 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.96 2014/01/25 10:12:50 dtucker Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -438,7 +438,7 @@ kex_choose_conf(Kex *kex) char **my, **peer; char **cprop, **sprop; int nenc, nmac, ncomp; - u_int mode, ctos, need, authlen; + u_int mode, ctos, need, dh_need, authlen; int first_kex_follows, type; my = kex_buf2prop(&kex->my, NULL); @@ -486,7 +486,7 @@ kex_choose_conf(Kex *kex) choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]); choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS], sprop[PROPOSAL_SERVER_HOST_KEY_ALGS]); - need = 0; + need = dh_need = 0; for (mode = 0; mode < MODE_MAX; mode++) { newkeys = kex->newkeys[mode]; if (need < newkeys->enc.key_len) @@ -497,9 +497,12 @@ kex_choose_conf(Kex *kex) need = newkeys->enc.iv_len; if (need < newkeys->mac.key_len) need = newkeys->mac.key_len; + if (dh_need < cipher_seclen(newkeys->enc.cipher)) + dh_need = cipher_seclen(newkeys->enc.cipher); } /* XXX need runden? */ kex->we_need = need; + kex->dh_need = dh_need; /* ignore the next message if the proposals do not match */ if (first_kex_follows && !proposals_match(my, peer) && |