upstream commit

Cap DH-GEX group size at 4kbits for Cisco implementations.
 Some of them will choke when asked for preferred sizes >4k instead of
 returning the 4k group that they do have.  bz#2209, ok djm@

Upstream-ID: 54b863a19713446b7431f9d06ad0532b4fcfef8d
This commit is contained in:
dtucker@openbsd.org 2015-05-26 23:23:40 +00:00 committed by Damien Miller
parent 3e91b4e8b0
commit b282fec1aa
3 changed files with 8 additions and 3 deletions

View File

@ -1,4 +1,4 @@
/* $OpenBSD: compat.c,v 1.93 2015/05/06 04:07:18 dtucker Exp $ */ /* $OpenBSD: compat.c,v 1.94 2015/05/26 23:23:40 dtucker Exp $ */
/* /*
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
* *
@ -152,6 +152,7 @@ compat_datafellows(const char *version)
"1.2.22*", SSH_BUG_IGNOREMSG }, "1.2.22*", SSH_BUG_IGNOREMSG },
{ "1.3.2*", /* F-Secure */ { "1.3.2*", /* F-Secure */
SSH_BUG_IGNOREMSG }, SSH_BUG_IGNOREMSG },
{ "Cisco-1.*", SSH_BUG_DHGEX_LARGE },
{ "*SSH Compatible Server*", /* Netscreen */ { "*SSH Compatible Server*", /* Netscreen */
SSH_BUG_PASSWORDPAD }, SSH_BUG_PASSWORDPAD },
{ "*OSU_0*," { "*OSU_0*,"

View File

@ -1,4 +1,4 @@
/* $OpenBSD: compat.h,v 1.47 2015/04/10 05:16:50 dtucker Exp $ */ /* $OpenBSD: compat.h,v 1.48 2015/05/26 23:23:40 dtucker Exp $ */
/* /*
* Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved.
@ -61,6 +61,7 @@
#define SSH_BUG_DYNAMIC_RPORT 0x08000000 #define SSH_BUG_DYNAMIC_RPORT 0x08000000
#define SSH_BUG_CURVE25519PAD 0x10000000 #define SSH_BUG_CURVE25519PAD 0x10000000
#define SSH_BUG_HOSTKEYS 0x20000000 #define SSH_BUG_HOSTKEYS 0x20000000
#define SSH_BUG_DHGEX_LARGE 0x40000000
void enable_compat13(void); void enable_compat13(void);
void enable_compat20(void); void enable_compat20(void);

View File

@ -1,4 +1,4 @@
/* $OpenBSD: kexgexc.c,v 1.21 2015/04/13 02:04:08 djm Exp $ */ /* $OpenBSD: kexgexc.c,v 1.22 2015/05/26 23:23:40 dtucker Exp $ */
/* /*
* Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved.
@ -28,6 +28,7 @@
#ifdef WITH_OPENSSL #ifdef WITH_OPENSSL
#include <sys/param.h>
#include <sys/types.h> #include <sys/types.h>
#include <openssl/dh.h> #include <openssl/dh.h>
@ -65,6 +66,8 @@ kexgex_client(struct ssh *ssh)
kex->min = DH_GRP_MIN; kex->min = DH_GRP_MIN;
kex->max = DH_GRP_MAX; kex->max = DH_GRP_MAX;
kex->nbits = nbits; kex->nbits = nbits;
if (datafellows & SSH_BUG_DHGEX_LARGE)
kex->nbits = MIN(kex->nbits, 4096);
/* New GEX request */ /* New GEX request */
if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REQUEST)) != 0 || if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REQUEST)) != 0 ||
(r = sshpkt_put_u32(ssh, kex->min)) != 0 || (r = sshpkt_put_u32(ssh, kex->min)) != 0 ||