diff options
| author | Damien Miller <djm@mindrot.org> | 2014-01-26 09:38:03 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2014-01-26 09:38:03 +1100 |
| commit | a92ac7410475fbb00383c7402aa954dc0a75ae19 (patch) | |
| tree | cc9eb205234444ad3b843838e1786c7dee64eb62 | |
| parent | 76eea4ab4e658670ca6e76dd1e6d17f262208b57 (diff) | |
- markus@cvs.openbsd.org 2014/01/25 20:35:37
[kex.c]
dh_need needs to be set to max(seclen, blocksize, ivlen, mac_len)
ok dtucker@, noted by mancha
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | kex.c | 20 |
2 files changed, 13 insertions, 11 deletions
| @@ -8,6 +8,10 @@ | |||
| 8 | than 4k but also don't use the largest group size it does support as | 8 | than 4k but also don't use the largest group size it does support as |
| 9 | specified in the RFC. Based on a patch from Petr Lautrbach at Redhat, | 9 | specified in the RFC. Based on a patch from Petr Lautrbach at Redhat, |
| 10 | reduced by me with input from Markus. ok djm@ markus@ | 10 | reduced by me with input from Markus. ok djm@ markus@ |
| 11 | - markus@cvs.openbsd.org 2014/01/25 20:35:37 | ||
| 12 | [kex.c] | ||
| 13 | dh_need needs to be set to max(seclen, blocksize, ivlen, mac_len) | ||
| 14 | ok dtucker@, noted by mancha | ||
| 11 | 15 | ||
| 12 | 20130125 | 16 | 20130125 |
| 13 | - (djm) [configure.ac] Fix detection of capsicum sandbox on FreeBSD | 17 | - (djm) [configure.ac] Fix detection of capsicum sandbox on FreeBSD |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kex.c,v 1.96 2014/01/25 10:12:50 dtucker Exp $ */ | 1 | /* $OpenBSD: kex.c,v 1.97 2014/01/25 20:35:37 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -509,16 +509,14 @@ kex_choose_conf(Kex *kex) | |||
| 509 | need = dh_need = 0; | 509 | need = dh_need = 0; |
| 510 | for (mode = 0; mode < MODE_MAX; mode++) { | 510 | for (mode = 0; mode < MODE_MAX; mode++) { |
| 511 | newkeys = kex->newkeys[mode]; | 511 | newkeys = kex->newkeys[mode]; |
| 512 | if (need < newkeys->enc.key_len) | 512 | need = MAX(need, newkeys->enc.key_len); |
| 513 | need = newkeys->enc.key_len; | 513 | need = MAX(need, newkeys->enc.block_size); |
| 514 | if (need < newkeys->enc.block_size) | 514 | need = MAX(need, newkeys->enc.iv_len); |
| 515 | need = newkeys->enc.block_size; | 515 | need = MAX(need, newkeys->mac.key_len); |
| 516 | if (need < newkeys->enc.iv_len) | 516 | dh_need = MAX(dh_need, cipher_seclen(newkeys->enc.cipher)); |
| 517 | need = newkeys->enc.iv_len; | 517 | dh_need = MAX(dh_need, newkeys->enc.block_size); |
| 518 | if (need < newkeys->mac.key_len) | 518 | dh_need = MAX(dh_need, newkeys->enc.iv_len); |
| 519 | need = newkeys->mac.key_len; | 519 | dh_need = MAX(dh_need, newkeys->mac.key_len); |
| 520 | if (dh_need < cipher_seclen(newkeys->enc.cipher)) | ||
| 521 | dh_need = cipher_seclen(newkeys->enc.cipher); | ||
| 522 | } | 520 | } |
| 523 | /* XXX need runden? */ | 521 | /* XXX need runden? */ |
| 524 | kex->we_need = need; | 522 | kex->we_need = need; |