diff options
| -rw-r--r-- | ChangeLog | 11 | ||||
| -rw-r--r-- | cipher.c | 10 | ||||
| -rw-r--r-- | cipher.h | 3 | ||||
| -rw-r--r-- | kex.c | 9 | ||||
| -rw-r--r-- | kex.h | 3 | ||||
| -rw-r--r-- | kexgexc.c | 4 |
6 files changed, 32 insertions, 8 deletions
@@ -1,3 +1,14 @@ +20130126 + - OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2014/01/25 10:12:50 + [cipher.c cipher.h kex.c kex.h kexgexc.c] + Add a special case for the DH group size for 3des-cbc, which has an + effective strength much lower than the key size. This causes problems + with some cryptlib implementations, which don't support group sizes larger + than 4k but also don't use the largest group size it does support as + specified in the RFC. Based on a patch from Petr Lautrbach at Redhat, + reduced by me with input from Markus. ok djm@ markus@ + 20130125 - (djm) [configure.ac] Fix detection of capsicum sandbox on FreeBSD - (djm) [configure.ac] Do not attempt to use capsicum sandbox unless @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.c,v 1.93 2013/12/06 13:34:54 markus Exp $ */ +/* $OpenBSD: cipher.c,v 1.94 2014/01/25 10:12:50 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -142,6 +142,14 @@ cipher_keylen(const Cipher *c) } u_int +cipher_seclen(const Cipher *c) +{ + if (strcmp("3des-cbc", c->name) == 0) + return 14; + return cipher_keylen(c); +} + +u_int cipher_authlen(const Cipher *c) { return (c->auth_len); @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.h,v 1.43 2013/12/06 13:34:54 markus Exp $ */ +/* $OpenBSD: cipher.h,v 1.44 2014/01/25 10:12:50 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -89,6 +89,7 @@ void cipher_cleanup(CipherContext *); void cipher_set_key_string(CipherContext *, const Cipher *, const char *, int); u_int cipher_blocksize(const Cipher *); u_int cipher_keylen(const Cipher *); +u_int cipher_seclen(const Cipher *); u_int cipher_authlen(const Cipher *); u_int cipher_ivlen(const Cipher *); u_int cipher_is_cbc(const Cipher *); @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.95 2014/01/12 08:13:13 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.96 2014/01/25 10:12:50 dtucker Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -458,7 +458,7 @@ kex_choose_conf(Kex *kex) char **my, **peer; char **cprop, **sprop; int nenc, nmac, ncomp; - u_int mode, ctos, need, authlen; + u_int mode, ctos, need, dh_need, authlen; int first_kex_follows, type; my = kex_buf2prop(&kex->my, NULL); @@ -506,7 +506,7 @@ kex_choose_conf(Kex *kex) choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]); choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS], sprop[PROPOSAL_SERVER_HOST_KEY_ALGS]); - need = 0; + need = dh_need = 0; for (mode = 0; mode < MODE_MAX; mode++) { newkeys = kex->newkeys[mode]; if (need < newkeys->enc.key_len) @@ -517,9 +517,12 @@ kex_choose_conf(Kex *kex) need = newkeys->enc.iv_len; if (need < newkeys->mac.key_len) need = newkeys->mac.key_len; + if (dh_need < cipher_seclen(newkeys->enc.cipher)) + dh_need = cipher_seclen(newkeys->enc.cipher); } /* XXX need runden? */ kex->we_need = need; + kex->dh_need = dh_need; /* ignore the next message if the proposals do not match */ if (first_kex_follows && !proposals_match(my, peer) && @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.60 2014/01/12 08:13:13 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.61 2014/01/25 10:12:50 dtucker Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -124,6 +124,7 @@ struct Kex { u_int session_id_len; Newkeys *newkeys[MODE_MAX]; u_int we_need; + u_int dh_need; int server; char *name; int hostkey_type; @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexc.c,v 1.15 2014/01/12 08:13:13 djm Exp $ */ +/* $OpenBSD: kexgexc.c,v 1.16 2014/01/25 10:12:50 dtucker Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -58,7 +58,7 @@ kexgex_client(Kex *kex) int min, max, nbits; DH *dh; - nbits = dh_estimate(kex->we_need * 8); + nbits = dh_estimate(kex->dh_need * 8); if (datafellows & SSH_OLD_DHGEX) { /* Old GEX request */ |