|
Petr Lautrbach |
08fe9e |
diff --git a/compat.c b/compat.c
|
|
Petr Lautrbach |
08fe9e |
index 2709dc5..7412a54 100644
|
|
Petr Lautrbach |
08fe9e |
--- a/compat.c
|
|
Petr Lautrbach |
08fe9e |
+++ b/compat.c
|
|
Petr Lautrbach |
08fe9e |
@@ -167,6 +167,7 @@ compat_datafellows(const char *version)
|
|
Petr Lautrbach |
08fe9e |
SSH_BUG_SCANNER },
|
|
Petr Lautrbach |
08fe9e |
{ "Probe-*",
|
|
Petr Lautrbach |
08fe9e |
SSH_BUG_PROBE },
|
|
Petr Lautrbach |
08fe9e |
+ { "Cisco-*", SSH_BUG_MAX4096DH },
|
|
Petr Lautrbach |
08fe9e |
{ NULL, 0 }
|
|
Petr Lautrbach |
08fe9e |
};
|
|
Petr Lautrbach |
08fe9e |
|
|
Petr Lautrbach |
08fe9e |
diff --git a/compat.h b/compat.h
|
|
Petr Lautrbach |
08fe9e |
index a6c3f3d..d8def7d 100644
|
|
Petr Lautrbach |
08fe9e |
--- a/compat.h
|
|
Petr Lautrbach |
08fe9e |
+++ b/compat.h
|
|
Petr Lautrbach |
08fe9e |
@@ -60,6 +60,7 @@
|
|
Petr Lautrbach |
08fe9e |
#define SSH_NEW_OPENSSH 0x04000000
|
|
Petr Lautrbach |
08fe9e |
#define SSH_BUG_DYNAMIC_RPORT 0x08000000
|
|
Petr Lautrbach |
08fe9e |
#define SSH_BUG_CURVE25519PAD 0x10000000
|
|
Petr Lautrbach |
08fe9e |
+#define SSH_BUG_MAX4096DH 0x20000000
|
|
Petr Lautrbach |
08fe9e |
|
|
Petr Lautrbach |
08fe9e |
void enable_compat13(void);
|
|
Petr Lautrbach |
08fe9e |
void enable_compat20(void);
|
|
Petr Lautrbach |
08fe9e |
diff --git a/kexgexc.c b/kexgexc.c
|
|
Petr Lautrbach |
08fe9e |
index 355b7ba..0a91bdd 100644
|
|
Petr Lautrbach |
08fe9e |
--- a/kexgexc.c
|
|
Petr Lautrbach |
08fe9e |
+++ b/kexgexc.c
|
|
Petr Lautrbach |
08fe9e |
@@ -58,20 +58,37 @@ kexgex_client(Kex *kex)
|
|
Petr Lautrbach |
08fe9e |
int min, max, nbits;
|
|
Petr Lautrbach |
08fe9e |
DH *dh;
|
|
Petr Lautrbach |
08fe9e |
|
|
Petr Lautrbach |
08fe9e |
+ min = DH_GRP_MIN;
|
|
Petr Lautrbach |
08fe9e |
+ max = DH_GRP_MAX;
|
|
Petr Lautrbach |
08fe9e |
+
|
|
Petr Lautrbach |
08fe9e |
+ /* Servers with MAX4096DH need a preferred size (nbits) <= 4096.
|
|
Petr Lautrbach |
08fe9e |
+ * We need to also ensure that min < nbits < max */
|
|
Petr Lautrbach |
08fe9e |
+
|
|
Petr Lautrbach |
08fe9e |
+ if (datafellows & SSH_BUG_MAX4096DH) {
|
|
Petr Lautrbach |
08fe9e |
+ /* The largest min for these servers is 4096 */
|
|
Petr Lautrbach |
08fe9e |
+ min = MIN(min, 4096);
|
|
Petr Lautrbach |
08fe9e |
+ }
|
|
Petr Lautrbach |
08fe9e |
+
|
|
Petr Lautrbach |
08fe9e |
nbits = dh_estimate(kex->dh_need * 8);
|
|
Petr Lautrbach |
08fe9e |
+ nbits = MIN(nbits, max);
|
|
Petr Lautrbach |
08fe9e |
+ nbits = MAX(nbits, min);
|
|
Petr Lautrbach |
08fe9e |
+
|
|
Petr Lautrbach |
08fe9e |
+ if (datafellows & SSH_BUG_MAX4096DH) {
|
|
Petr Lautrbach |
08fe9e |
+ /* Cannot have a nbits > 4096 for these servers */
|
|
Petr Lautrbach |
08fe9e |
+ nbits = MIN(nbits, 4096);
|
|
Petr Lautrbach |
08fe9e |
+ /* nbits has to be powers of two */
|
|
Petr Lautrbach |
08fe9e |
+ if (nbits == 3072)
|
|
Petr Lautrbach |
08fe9e |
+ nbits = 4096;
|
|
Petr Lautrbach |
08fe9e |
+ }
|
|
Petr Lautrbach |
08fe9e |
|
|
Petr Lautrbach |
08fe9e |
if (datafellows & SSH_OLD_DHGEX) {
|
|
Petr Lautrbach |
08fe9e |
/* Old GEX request */
|
|
Petr Lautrbach |
08fe9e |
packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST_OLD);
|
|
Petr Lautrbach |
08fe9e |
packet_put_int(nbits);
|
|
Petr Lautrbach |
08fe9e |
- min = DH_GRP_MIN;
|
|
Petr Lautrbach |
08fe9e |
- max = DH_GRP_MAX;
|
|
Petr Lautrbach |
08fe9e |
|
|
Petr Lautrbach |
08fe9e |
debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD(%u) sent", nbits);
|
|
Petr Lautrbach |
08fe9e |
} else {
|
|
Petr Lautrbach |
08fe9e |
/* New GEX request */
|
|
Petr Lautrbach |
08fe9e |
- min = DH_GRP_MIN;
|
|
Petr Lautrbach |
08fe9e |
- max = DH_GRP_MAX;
|
|
Petr Lautrbach |
08fe9e |
packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST);
|
|
Petr Lautrbach |
08fe9e |
packet_put_int(min);
|
|
Petr Lautrbach |
08fe9e |
packet_put_int(nbits);
|