- dtucker@cvs.openbsd.org 2014/01/25 10:12:50

[cipher.c cipher.h kex.c kex.h kexgexc.c] Add a special case for the DH group size for 3des-cbc, which has an effective strength much lower than the key size. This causes problems with some cryptlib implementations, which don't support group sizes larger than 4k but also don't use the largest group size it does support as specified in the RFC. Based on a patch from Petr Lautrbach at Redhat, reduced by me with input from Markus. ok djm@ markus@
author: Damien Miller <djm@mindrot.org> 2014-01-26 09:37:25 +1100
committer: Damien Miller <djm@mindrot.org> 2014-01-26 09:37:25 +1100
commit: 76eea4ab4e658670ca6e76dd1e6d17f262208b57 (patch)
tree: cf69b6a4ae613af69f6a984a68e8e1e7ee268a93 /cipher.h
parent: 603b8f47f1cd9ed95a2017447db8e60ca6704594 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/cipher.h b/cipher.h
index d78245615..133d2e73d 100644
--- a/cipher.h
+++ b/cipher.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.h,v 1.43 2013/12/06 13:34:54 markus Exp $ */
+/* $OpenBSD: cipher.h,v 1.44 2014/01/25 10:12:50 dtucker Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -89,6 +89,7 @@ void	 cipher_cleanup(CipherContext *);
 void     cipher_set_key_string(CipherContext *, const Cipher *, const char *, int);
 u_int    cipher_blocksize(const Cipher *);
 u_int    cipher_keylen(const Cipher *);
+u_int    cipher_seclen(const Cipher *);
 u_int    cipher_authlen(const Cipher *);
 u_int    cipher_ivlen(const Cipher *);
 u_int    cipher_is_cbc(const Cipher *);
author	Damien Miller <djm@mindrot.org>	2014-01-26 09:37:25 +1100
committer	Damien Miller <djm@mindrot.org>	2014-01-26 09:37:25 +1100
commit	76eea4ab4e658670ca6e76dd1e6d17f262208b57 (patch)
tree	cf69b6a4ae613af69f6a984a68e8e1e7ee268a93 /cipher.h
parent	603b8f47f1cd9ed95a2017447db8e60ca6704594 (diff)