3 files changed, 18 insertions, 8 deletions
diff --git a/ChangeLog b/ChangeLog
index 6152abb51..5eb73c9f9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -21,6 +21,12 @@
     [sshconnect.c]
     bz#1211: make BindAddress work with UsePrivilegedPort=yes; patch from
     swp AT swp.pp.ru; ok dtucker@
+   - dtucker@cvs.openbsd.org 2013/10/08 11:42:13
+     [dh.c dh.h]
+     Increase the size of the Diffie-Hellman groups requested for a each
+     symmetric key size.  New values from NIST Special Publication 800-57 with
+     the upper limit specified by RFC4419.  Pointed out by Peter Backes, ok
+     djm@.
 20131009
 - (djm) [openbsd-compat/arc4random.c openbsd-compat/chacha_private.h] Pull
diff --git a/dh.c b/dh.c
index 449dd3858..d33af1fa7 100644
--- a/dh.c
+++ b/dh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.c,v 1.51 2013/07/02 12:31:43 markus Exp $ */
+/* $OpenBSD: dh.c,v 1.52 2013/10/08 11:42:13 dtucker Exp $ */
 /*
 * Copyright (c) 2000 Niels Provos.  All rights reserved.
 *
@@ -352,17 +352,20 @@ dh_new_group14(void)
 /*
 * Estimates the group order for a Diffie-Hellman group that has an
- * attack complexity approximately the same as O(2**bits).  Estimate
+ * attack complexity approximately the same as O(2**bits).
- * with:  O(exp(1.9223 * (ln q)^(1/3) (ln ln q)^(2/3)))
+ * Values from NIST Special Publication 800-57: Recommendation for Key
+ * Management Part 1 (rev 3) limited by the recommended maximum value
+ * from RFC4419 section 3.
 */
 int
 dh_estimate(int bits)
 {
+        if (bits <= 112)
+                return 2048;
        if (bits <= 128)
-                return (1024);  /* O(2**86) */
+                return 3072;
        if (bits <= 192)
-                return (2048);  /* O(2**116) */
+                return 7680;
-        return (4096);          /* O(2**156) */
+        return 8192;
 }
diff --git a/dh.h b/dh.h
index dfc1480ea..48f7b68ea 100644
--- a/dh.h
+++ b/dh.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.h,v 1.10 2008/06/26 09:19:40 djm Exp $ */
+/* $OpenBSD: dh.h,v 1.11 2013/10/08 11:42:13 dtucker Exp $ */
 /*
 * Copyright (c) 2000 Niels Provos.  All rights reserved.
@@ -43,6 +43,7 @@ int	 dh_pub_is_valid(DH *, BIGNUM *);
 int      dh_estimate(int);
+/* Min and max values from RFC4419. */
 #define DH_GRP_MIN      1024
 #define DH_GRP_MAX      8192

diff --git a/ChangeLog b/ChangeLog index 6152abb51..5eb73c9f9 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -21,6 +21,12 @@
21	[sshconnect.c]	21	[sshconnect.c]
22	bz#1211: make BindAddress work with UsePrivilegedPort=yes; patch from	22	bz#1211: make BindAddress work with UsePrivilegedPort=yes; patch from
23	swp AT swp.pp.ru; ok dtucker@	23	swp AT swp.pp.ru; ok dtucker@
		24	- dtucker@cvs.openbsd.org 2013/10/08 11:42:13
		25	[dh.c dh.h]
		26	Increase the size of the Diffie-Hellman groups requested for a each
		27	symmetric key size. New values from NIST Special Publication 800-57 with
		28	the upper limit specified by RFC4419. Pointed out by Peter Backes, ok
		29	djm@.
24		30
25	20131009	31	20131009
26	- (djm) [openbsd-compat/arc4random.c openbsd-compat/chacha_private.h] Pull	32	- (djm) [openbsd-compat/arc4random.c openbsd-compat/chacha_private.h] Pull


diff --git a/dh.c b/dh.c index 449dd3858..d33af1fa7 100644 --- a/dh.c +++ b/dh.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: dh.c,v 1.51 2013/07/02 12:31:43 markus Exp $ */	1	/* $OpenBSD: dh.c,v 1.52 2013/10/08 11:42:13 dtucker Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000 Niels Provos. All rights reserved.	3	* Copyright (c) 2000 Niels Provos. All rights reserved.
4	*	4	*
@@ -352,17 +352,20 @@ dh_new_group14(void)
352		352
353	/*	353	/*
354	* Estimates the group order for a Diffie-Hellman group that has an	354	* Estimates the group order for a Diffie-Hellman group that has an
355	* attack complexity approximately the same as O(2**bits). Estimate	355	* attack complexity approximately the same as O(2**bits).
356	* with: O(exp(1.9223 * (ln q)^(1/3) (ln ln q)^(2/3)))	356	* Values from NIST Special Publication 800-57: Recommendation for Key
		357	* Management Part 1 (rev 3) limited by the recommended maximum value
		358	* from RFC4419 section 3.
357	*/	359	*/
358		360
359	int	361	int
360	dh_estimate(int bits)	362	dh_estimate(int bits)
361	{	363	{
362		364	if (bits <= 112)
		365	return 2048;
363	if (bits <= 128)	366	if (bits <= 128)
364	return (1024); /* O(2*86) /	367	return 3072;
365	if (bits <= 192)	368	if (bits <= 192)
366	return (2048); /* O(2*116) /	369	return 7680;
367	return (4096); /* O(2*156) /	370	return 8192;
368	}	371	}


diff --git a/dh.h b/dh.h index dfc1480ea..48f7b68ea 100644 --- a/dh.h +++ b/dh.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: dh.h,v 1.10 2008/06/26 09:19:40 djm Exp $ */	1	/* $OpenBSD: dh.h,v 1.11 2013/10/08 11:42:13 dtucker Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2000 Niels Provos. All rights reserved.	4	* Copyright (c) 2000 Niels Provos. All rights reserved.
@@ -43,6 +43,7 @@ int dh_pub_is_valid(DH , BIGNUM );
43		43
44	int dh_estimate(int);	44	int dh_estimate(int);
45		45
		46	/* Min and max values from RFC4419. */
46	#define DH_GRP_MIN 1024	47	#define DH_GRP_MIN 1024
47	#define DH_GRP_MAX 8192	48	#define DH_GRP_MAX 8192
48		49