- dtucker@cvs.openbsd.org 2014/01/25 10:12:50

     [cipher.c cipher.h kex.c kex.h kexgexc.c]
     Add a special case for the DH group size for 3des-cbc, which has an
     effective strength much lower than the key size.  This causes problems
     with some cryptlib implementations, which don't support group sizes larger
     than 4k but also don't use the largest group size it does support as
     specified in the RFC.  Based on a patch from Petr Lautrbach at Redhat,
     reduced by me with input from Markus.  ok djm@ markus@

1 files changed, 2 insertions, 1 deletions

diff --git a/kex.h b/kex.h
index 7e2878f70..1aa3ec26a 100644
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.60 2014/01/12 08:13:13 djm Exp $ */
+/* $OpenBSD: kex.h,v 1.61 2014/01/25 10:12:50 dtucker Exp $ */
 
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -124,6 +124,7 @@ struct Kex {
         u_int   session_id_len;
         Newkeys *newkeys[MODE_MAX];
         u_int   we_need;
+        u_int   dh_need;
         int     server;
         char    *name;
         int     hostkey_type;