upstream commit

author dtucker@openbsd.org <dtucker@openbsd.org>

Tue, 26 May 2015 23:23:40 +0000 (23:23 +0000)

committer Damien Miller <djm@mindrot.org>

Wed, 27 May 2015 03:47:19 +0000 (13:47 +1000)
author dtucker@openbsd.org <dtucker@openbsd.org>
Tue, 26 May 2015 23:23:40 +0000 (23:23 +0000)
committer Damien Miller <djm@mindrot.org>
Wed, 27 May 2015 03:47:19 +0000 (13:47 +1000)
diff --git a/compat.c b/compat.c

index 337bbe01ee168af5c4540cfc7f839b127bf70286..0631024f08e52af16f239cea683ddeafa0366ba2 100644 (file)
--- a/compat.c
+++ b/compat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: compat.c,v 1.93 2015/05/06 04:07:18 dtucker Exp $ */
+/* $OpenBSD: compat.c,v 1.94 2015/05/26 23:23:40 dtucker Exp $ */
  /*
   * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl.  All rights reserved.
   *
@@ -152,6 +152,7 @@ compat_datafellows(const char *version)
                   "1.2.22*",            SSH_BUG_IGNOREMSG },
                 { "1.3.2*",             /* F-Secure */
                                         SSH_BUG_IGNOREMSG },
+               { "Cisco-1.*",          SSH_BUG_DHGEX_LARGE },
                 { "*SSH Compatible Server*",                    /* Netscreen */
                                         SSH_BUG_PASSWORDPAD },
                 { "*OSU_0*,"
diff --git a/compat.h b/compat.h

index 83507f070356f8c5a53f0c8cda7d45bbc706cf44..2be290a8a8fe0600aafb12e33837be144bcf4d2d 100644 (file)
--- a/compat.h
+++ b/compat.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: compat.h,v 1.47 2015/04/10 05:16:50 dtucker Exp $ */
+/* $OpenBSD: compat.h,v 1.48 2015/05/26 23:23:40 dtucker Exp $ */
  
  /*
   * Copyright (c) 1999, 2000, 2001 Markus Friedl.  All rights reserved.
@@ -61,6 +61,7 @@
  #define SSH_BUG_DYNAMIC_RPORT  0x08000000
  #define SSH_BUG_CURVE25519PAD  0x10000000
  #define SSH_BUG_HOSTKEYS       0x20000000
+#define SSH_BUG_DHGEX_LARGE    0x40000000
  
  void     enable_compat13(void);
  void     enable_compat20(void);
diff --git a/kexgexc.c b/kexgexc.c

index 3f20491c4374dbe6e32e5a344a18ff55da406de2..71ff13352a4c5eeda299696b91e05b0d6fc16416 100644 (file)
--- a/kexgexc.c
+++ b/kexgexc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexc.c,v 1.21 2015/04/13 02:04:08 djm Exp $ */
+/* $OpenBSD: kexgexc.c,v 1.22 2015/05/26 23:23:40 dtucker Exp $ */
  /*
   * Copyright (c) 2000 Niels Provos.  All rights reserved.
   * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -28,6 +28,7 @@
  
  #ifdef WITH_OPENSSL
  
+#include <sys/param.h>
  #include <sys/types.h>
  
  #include <openssl/dh.h>
@@ -65,6 +66,8 @@ kexgex_client(struct ssh *ssh)
         kex->min = DH_GRP_MIN;
         kex->max = DH_GRP_MAX;
         kex->nbits = nbits;
+       if (datafellows & SSH_BUG_DHGEX_LARGE)
+               kex->nbits = MIN(kex->nbits, 4096);
         /* New GEX request */
         if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REQUEST)) != 0 ||
             (r = sshpkt_put_u32(ssh, kex->min)) != 0 ||
author	dtucker@openbsd.org <dtucker@openbsd.org>
	Tue, 26 May 2015 23:23:40 +0000 (23:23 +0000)
committer	Damien Miller <djm@mindrot.org>
	Wed, 27 May 2015 03:47:19 +0000 (13:47 +1000)
compat.c		patch \| blob \| blame \| history
compat.h		patch \| blob \| blame \| history
kexgexc.c		patch \| blob \| blame \| history