summaryrefslogtreecommitdiff
path: root/dh.c
diff options
context:
space:
mode:
Diffstat (limited to 'dh.c')
-rw-r--r--dh.c49
1 files changed, 44 insertions, 5 deletions
diff --git a/dh.c b/dh.c
index a260240fd..4c639acc3 100644
--- a/dh.c
+++ b/dh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh.c,v 1.55 2015/01/20 23:14:00 deraadt Exp $ */ 1/* $OpenBSD: dh.c,v 1.57 2015/05/27 23:39:18 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Niels Provos. All rights reserved. 3 * Copyright (c) 2000 Niels Provos. All rights reserved.
4 * 4 *
@@ -155,7 +155,7 @@ choose_dh(int min, int wantbits, int max)
155 (f = fopen(_PATH_DH_PRIMES, "r")) == NULL) { 155 (f = fopen(_PATH_DH_PRIMES, "r")) == NULL) {
156 logit("WARNING: %s does not exist, using fixed modulus", 156 logit("WARNING: %s does not exist, using fixed modulus",
157 _PATH_DH_MODULI); 157 _PATH_DH_MODULI);
158 return (dh_new_group14()); 158 return (dh_new_group_fallback(max));
159 } 159 }
160 160
161 linenum = 0; 161 linenum = 0;
@@ -183,7 +183,7 @@ choose_dh(int min, int wantbits, int max)
183 if (bestcount == 0) { 183 if (bestcount == 0) {
184 fclose(f); 184 fclose(f);
185 logit("WARNING: no suitable primes in %s", _PATH_DH_PRIMES); 185 logit("WARNING: no suitable primes in %s", _PATH_DH_PRIMES);
186 return (dh_new_group14()); 186 return (dh_new_group_fallback(max));
187 } 187 }
188 188
189 linenum = 0; 189 linenum = 0;
@@ -204,7 +204,7 @@ choose_dh(int min, int wantbits, int max)
204 if (linenum != which+1) { 204 if (linenum != which+1) {
205 logit("WARNING: line %d disappeared in %s, giving up", 205 logit("WARNING: line %d disappeared in %s, giving up",
206 which, _PATH_DH_PRIMES); 206 which, _PATH_DH_PRIMES);
207 return (dh_new_group14()); 207 return (dh_new_group_fallback(max));
208 } 208 }
209 209
210 return (dh_new_group(dhg.g, dhg.p)); 210 return (dh_new_group(dhg.g, dhg.p));
@@ -261,7 +261,7 @@ dh_gen_key(DH *dh, int need)
261 261
262 if (need < 0 || dh->p == NULL || 262 if (need < 0 || dh->p == NULL ||
263 (pbits = BN_num_bits(dh->p)) <= 0 || 263 (pbits = BN_num_bits(dh->p)) <= 0 ||
264 need > INT_MAX / 2 || 2 * need >= pbits) 264 need > INT_MAX / 2 || 2 * need > pbits)
265 return SSH_ERR_INVALID_ARGUMENT; 265 return SSH_ERR_INVALID_ARGUMENT;
266 dh->length = MIN(need * 2, pbits - 1); 266 dh->length = MIN(need * 2, pbits - 1);
267 if (DH_generate_key(dh) == 0 || 267 if (DH_generate_key(dh) == 0 ||
@@ -339,6 +339,45 @@ dh_new_group14(void)
339} 339}
340 340
341/* 341/*
342 * 4k bit fallback group used by DH-GEX if moduli file cannot be read.
343 * Source: MODP group 16 from RFC3526.
344 */
345DH *
346dh_new_group_fallback(int max)
347{
348 static char *gen = "2", *group16 =
349 "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
350 "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
351 "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
352 "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
353 "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D"
354 "C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F"
355 "83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D"
356 "670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B"
357 "E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9"
358 "DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510"
359 "15728E5A" "8AAAC42D" "AD33170D" "04507A33" "A85521AB" "DF1CBA64"
360 "ECFB8504" "58DBEF0A" "8AEA7157" "5D060C7D" "B3970F85" "A6E1E4C7"
361 "ABF5AE8C" "DB0933D7" "1E8C94E0" "4A25619D" "CEE3D226" "1AD2EE6B"
362 "F12FFA06" "D98A0864" "D8760273" "3EC86A64" "521F2B18" "177B200C"
363 "BBE11757" "7A615D6C" "770988C0" "BAD946E2" "08E24FA0" "74E5AB31"
364 "43DB5BFC" "E0FD108E" "4B82D120" "A9210801" "1A723C12" "A787E6D7"
365 "88719A10" "BDBA5B26" "99C32718" "6AF4E23C" "1A946834" "B6150BDA"
366 "2583E9CA" "2AD44CE8" "DBBBC2DB" "04DE8EF9" "2E8EFC14" "1FBECAA6"
367 "287C5947" "4E6BC05D" "99B2964F" "A090C3A2" "233BA186" "515BE7ED"
368 "1F612970" "CEE2D7AF" "B81BDD76" "2170481C" "D0069127" "D5B05AA9"
369 "93B4EA98" "8D8FDDC1" "86FFB7DC" "90A6C08F" "4DF435C9" "34063199"
370 "FFFFFFFF" "FFFFFFFF";
371
372 if (max < 4096) {
373 debug3("requested max size %d, using 2k bit group 14", max);
374 return dh_new_group14();
375 }
376 debug3("using 4k bit group 16");
377 return (dh_new_group_asc(gen, group16));
378}
379
380/*
342 * Estimates the group order for a Diffie-Hellman group that has an 381 * Estimates the group order for a Diffie-Hellman group that has an
343 * attack complexity approximately the same as O(2**bits). 382 * attack complexity approximately the same as O(2**bits).
344 * Values from NIST Special Publication 800-57: Recommendation for Key 383 * Values from NIST Special Publication 800-57: Recommendation for Key