summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog4
-rw-r--r--kex.c20
2 files changed, 13 insertions, 11 deletions
diff --git a/ChangeLog b/ChangeLog
index 64da7a475..384c0712c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,10 @@
8 than 4k but also don't use the largest group size it does support as 8 than 4k but also don't use the largest group size it does support as
9 specified in the RFC. Based on a patch from Petr Lautrbach at Redhat, 9 specified in the RFC. Based on a patch from Petr Lautrbach at Redhat,
10 reduced by me with input from Markus. ok djm@ markus@ 10 reduced by me with input from Markus. ok djm@ markus@
11 - markus@cvs.openbsd.org 2014/01/25 20:35:37
12 [kex.c]
13 dh_need needs to be set to max(seclen, blocksize, ivlen, mac_len)
14 ok dtucker@, noted by mancha
11 15
1220130125 1620130125
13 - (djm) [configure.ac] Fix detection of capsicum sandbox on FreeBSD 17 - (djm) [configure.ac] Fix detection of capsicum sandbox on FreeBSD
diff --git a/kex.c b/kex.c
index 39d16f8e3..616484b85 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kex.c,v 1.96 2014/01/25 10:12:50 dtucker Exp $ */ 1/* $OpenBSD: kex.c,v 1.97 2014/01/25 20:35:37 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -509,16 +509,14 @@ kex_choose_conf(Kex *kex)
509 need = dh_need = 0; 509 need = dh_need = 0;
510 for (mode = 0; mode < MODE_MAX; mode++) { 510 for (mode = 0; mode < MODE_MAX; mode++) {
511 newkeys = kex->newkeys[mode]; 511 newkeys = kex->newkeys[mode];
512 if (need < newkeys->enc.key_len) 512 need = MAX(need, newkeys->enc.key_len);
513 need = newkeys->enc.key_len; 513 need = MAX(need, newkeys->enc.block_size);
514 if (need < newkeys->enc.block_size) 514 need = MAX(need, newkeys->enc.iv_len);
515 need = newkeys->enc.block_size; 515 need = MAX(need, newkeys->mac.key_len);
516 if (need < newkeys->enc.iv_len) 516 dh_need = MAX(dh_need, cipher_seclen(newkeys->enc.cipher));
517 need = newkeys->enc.iv_len; 517 dh_need = MAX(dh_need, newkeys->enc.block_size);
518 if (need < newkeys->mac.key_len) 518 dh_need = MAX(dh_need, newkeys->enc.iv_len);
519 need = newkeys->mac.key_len; 519 dh_need = MAX(dh_need, newkeys->mac.key_len);
520 if (dh_need < cipher_seclen(newkeys->enc.cipher))
521 dh_need = cipher_seclen(newkeys->enc.cipher);
522 } 520 }
523 /* XXX need runden? */ 521 /* XXX need runden? */
524 kex->we_need = need; 522 kex->we_need = need;
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 04:57:29 +0000