diff options
| author | dtucker@openbsd.org <dtucker@openbsd.org> | 2015-05-26 23:23:40 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2015-05-27 13:47:19 +1000 |
| commit | b282fec1aa05246ed3482270eb70fc3ec5f39a00 (patch) | |
| tree | 16ad568c149a219d84be1a954e52f093ebb762aa | |
| parent | 3e91b4e8b0dc2b4b7e7d42cf6e8994a32e4cb55e (diff) | |
upstream commit
Cap DH-GEX group size at 4kbits for Cisco implementations.
Some of them will choke when asked for preferred sizes >4k instead of
returning the 4k group that they do have. bz#2209, ok djm@
Upstream-ID: 54b863a19713446b7431f9d06ad0532b4fcfef8d
| -rw-r--r-- | compat.c | 3 | ||||
| -rw-r--r-- | compat.h | 3 | ||||
| -rw-r--r-- | kexgexc.c | 5 |
3 files changed, 8 insertions, 3 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: compat.c,v 1.93 2015/05/06 04:07:18 dtucker Exp $ */ | 1 | /* $OpenBSD: compat.c,v 1.94 2015/05/26 23:23:40 dtucker Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -152,6 +152,7 @@ compat_datafellows(const char *version) | |||
| 152 | "1.2.22*", SSH_BUG_IGNOREMSG }, | 152 | "1.2.22*", SSH_BUG_IGNOREMSG }, |
| 153 | { "1.3.2*", /* F-Secure */ | 153 | { "1.3.2*", /* F-Secure */ |
| 154 | SSH_BUG_IGNOREMSG }, | 154 | SSH_BUG_IGNOREMSG }, |
| 155 | { "Cisco-1.*", SSH_BUG_DHGEX_LARGE }, | ||
| 155 | { "*SSH Compatible Server*", /* Netscreen */ | 156 | { "*SSH Compatible Server*", /* Netscreen */ |
| 156 | SSH_BUG_PASSWORDPAD }, | 157 | SSH_BUG_PASSWORDPAD }, |
| 157 | { "*OSU_0*," | 158 | { "*OSU_0*," |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: compat.h,v 1.47 2015/04/10 05:16:50 dtucker Exp $ */ | 1 | /* $OpenBSD: compat.h,v 1.48 2015/05/26 23:23:40 dtucker Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. |
| @@ -61,6 +61,7 @@ | |||
| 61 | #define SSH_BUG_DYNAMIC_RPORT 0x08000000 | 61 | #define SSH_BUG_DYNAMIC_RPORT 0x08000000 |
| 62 | #define SSH_BUG_CURVE25519PAD 0x10000000 | 62 | #define SSH_BUG_CURVE25519PAD 0x10000000 |
| 63 | #define SSH_BUG_HOSTKEYS 0x20000000 | 63 | #define SSH_BUG_HOSTKEYS 0x20000000 |
| 64 | #define SSH_BUG_DHGEX_LARGE 0x40000000 | ||
| 64 | 65 | ||
| 65 | void enable_compat13(void); | 66 | void enable_compat13(void); |
| 66 | void enable_compat20(void); | 67 | void enable_compat20(void); |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kexgexc.c,v 1.21 2015/04/13 02:04:08 djm Exp $ */ | 1 | /* $OpenBSD: kexgexc.c,v 1.22 2015/05/26 23:23:40 dtucker Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. | 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. |
| 4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
| @@ -28,6 +28,7 @@ | |||
| 28 | 28 | ||
| 29 | #ifdef WITH_OPENSSL | 29 | #ifdef WITH_OPENSSL |
| 30 | 30 | ||
| 31 | #include <sys/param.h> | ||
| 31 | #include <sys/types.h> | 32 | #include <sys/types.h> |
| 32 | 33 | ||
| 33 | #include <openssl/dh.h> | 34 | #include <openssl/dh.h> |
| @@ -65,6 +66,8 @@ kexgex_client(struct ssh *ssh) | |||
| 65 | kex->min = DH_GRP_MIN; | 66 | kex->min = DH_GRP_MIN; |
| 66 | kex->max = DH_GRP_MAX; | 67 | kex->max = DH_GRP_MAX; |
| 67 | kex->nbits = nbits; | 68 | kex->nbits = nbits; |
| 69 | if (datafellows & SSH_BUG_DHGEX_LARGE) | ||
| 70 | kex->nbits = MIN(kex->nbits, 4096); | ||
| 68 | /* New GEX request */ | 71 | /* New GEX request */ |
| 69 | if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REQUEST)) != 0 || | 72 | if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REQUEST)) != 0 || |
| 70 | (r = sshpkt_put_u32(ssh, kex->min)) != 0 || | 73 | (r = sshpkt_put_u32(ssh, kex->min)) != 0 || |