Commit 76eea4ab authored by Damien Miller's avatar Damien Miller

- dtucker@cvs.openbsd.org 2014/01/25 10:12:50

     [cipher.c cipher.h kex.c kex.h kexgexc.c]
     Add a special case for the DH group size for 3des-cbc, which has an
     effective strength much lower than the key size.  This causes problems
     with some cryptlib implementations, which don't support group sizes larger
     than 4k but also don't use the largest group size it does support as
     specified in the RFC.  Based on a patch from Petr Lautrbach at Redhat,
     reduced by me with input from Markus.  ok djm@ markus@
parent 603b8f47
20130126
- OpenBSD CVS Sync
- dtucker@cvs.openbsd.org 2014/01/25 10:12:50
[cipher.c cipher.h kex.c kex.h kexgexc.c]
Add a special case for the DH group size for 3des-cbc, which has an
effective strength much lower than the key size. This causes problems
with some cryptlib implementations, which don't support group sizes larger
than 4k but also don't use the largest group size it does support as
specified in the RFC. Based on a patch from Petr Lautrbach at Redhat,
reduced by me with input from Markus. ok djm@ markus@
20130125
- (djm) [configure.ac] Fix detection of capsicum sandbox on FreeBSD
- (djm) [configure.ac] Do not attempt to use capsicum sandbox unless
......
/* $OpenBSD: cipher.c,v 1.93 2013/12/06 13:34:54 markus Exp $ */
/* $OpenBSD: cipher.c,v 1.94 2014/01/25 10:12:50 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
......@@ -141,6 +141,14 @@ cipher_keylen(const Cipher *c)
return (c->key_len);
}
u_int
cipher_seclen(const Cipher *c)
{
if (strcmp("3des-cbc", c->name) == 0)
return 14;
return cipher_keylen(c);
}
u_int
cipher_authlen(const Cipher *c)
{
......
/* $OpenBSD: cipher.h,v 1.43 2013/12/06 13:34:54 markus Exp $ */
/* $OpenBSD: cipher.h,v 1.44 2014/01/25 10:12:50 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
......@@ -89,6 +89,7 @@ void cipher_cleanup(CipherContext *);
void cipher_set_key_string(CipherContext *, const Cipher *, const char *, int);
u_int cipher_blocksize(const Cipher *);
u_int cipher_keylen(const Cipher *);
u_int cipher_seclen(const Cipher *);
u_int cipher_authlen(const Cipher *);
u_int cipher_ivlen(const Cipher *);
u_int cipher_is_cbc(const Cipher *);
......
/* $OpenBSD: kex.c,v 1.95 2014/01/12 08:13:13 djm Exp $ */
/* $OpenBSD: kex.c,v 1.96 2014/01/25 10:12:50 dtucker Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
*
......@@ -458,7 +458,7 @@ kex_choose_conf(Kex *kex)
char **my, **peer;
char **cprop, **sprop;
int nenc, nmac, ncomp;
u_int mode, ctos, need, authlen;
u_int mode, ctos, need, dh_need, authlen;
int first_kex_follows, type;
my = kex_buf2prop(&kex->my, NULL);
......@@ -506,7 +506,7 @@ kex_choose_conf(Kex *kex)
choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]);
choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
sprop[PROPOSAL_SERVER_HOST_KEY_ALGS]);
need = 0;
need = dh_need = 0;
for (mode = 0; mode < MODE_MAX; mode++) {
newkeys = kex->newkeys[mode];
if (need < newkeys->enc.key_len)
......@@ -517,9 +517,12 @@ kex_choose_conf(Kex *kex)
need = newkeys->enc.iv_len;
if (need < newkeys->mac.key_len)
need = newkeys->mac.key_len;
if (dh_need < cipher_seclen(newkeys->enc.cipher))
dh_need = cipher_seclen(newkeys->enc.cipher);
}
/* XXX need runden? */
kex->we_need = need;
kex->dh_need = dh_need;
/* ignore the next message if the proposals do not match */
if (first_kex_follows && !proposals_match(my, peer) &&
......
/* $OpenBSD: kex.h,v 1.60 2014/01/12 08:13:13 djm Exp $ */
/* $OpenBSD: kex.h,v 1.61 2014/01/25 10:12:50 dtucker Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
......@@ -124,6 +124,7 @@ struct Kex {
u_int session_id_len;
Newkeys *newkeys[MODE_MAX];
u_int we_need;
u_int dh_need;
int server;
char *name;
int hostkey_type;
......
/* $OpenBSD: kexgexc.c,v 1.15 2014/01/12 08:13:13 djm Exp $ */
/* $OpenBSD: kexgexc.c,v 1.16 2014/01/25 10:12:50 dtucker Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved.
......@@ -58,7 +58,7 @@ kexgex_client(Kex *kex)
int min, max, nbits;
DH *dh;
nbits = dh_estimate(kex->we_need * 8);
nbits = dh_estimate(kex->dh_need * 8);
if (datafellows & SSH_OLD_DHGEX) {
/* Old GEX request */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment