shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-04 20:30:38 +09:00
Code Issues Packages Projects Releases Wiki Activity

dh: Fix CVE-2016-0739

Browse Source 
Due to a byte/bit confusion, the DH secret was too short. This file was
completely reworked and will be commited in a future version.

Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Aris Adamantiadis
2016-02-09 15:09:27 +01:00
committed by Andreas Schneider
parent 6b608e70ee
commit f8d0026c65
1 changed files with 17 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/dh.c
View File

@@ -227,15 +227,21 @@ void ssh_crypto_finalize(void) {
}
int dh_generate_x(ssh_session session) {
int keysize;
if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) {
keysize = 1023;
} else {
keysize = 2047;
}
session->next_crypto->x = bignum_new();
if (session->next_crypto->x == NULL) {
return -1;
}
#ifdef HAVE_LIBGCRYPT
bignum_rand(session->next_crypto->x, 128);
bignum_rand(session->next_crypto->x, keysize);
#elif defined HAVE_LIBCRYPTO
bignum_rand(session->next_crypto->x, 128, 0, -1);
bignum_rand(session->next_crypto->x, keysize, -1, 0);
#endif
/* not harder than this */
@@ -248,15 +254,21 @@ int dh_generate_x(ssh_session session) {
/* used by server */
int dh_generate_y(ssh_session session) {
session->next_crypto->y = bignum_new();
int keysize;
if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) {
keysize = 1023;
} else {
keysize = 2047;
}
session->next_crypto->y = bignum_new();
if (session->next_crypto->y == NULL) {
return -1;
}
#ifdef HAVE_LIBGCRYPT
bignum_rand(session->next_crypto->y, 128);
bignum_rand(session->next_crypto->y, keysize);
#elif defined HAVE_LIBCRYPTO
bignum_rand(session->next_crypto->y, 128, 0, -1);
bignum_rand(session->next_crypto->y, keysize, -1, 0);
#endif
/* not harder than this */