summaryrefslogtreecommitdiffstats
path: root/cipher.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2014-01-25 23:37:25 +0100
committerDamien Miller <djm@mindrot.org>2014-01-25 23:37:25 +0100
commit76eea4ab4e658670ca6e76dd1e6d17f262208b57 (patch)
treecf69b6a4ae613af69f6a984a68e8e1e7ee268a93 /cipher.c
parent - (djm) [configure.ac] autoconf sets finds to 'yes' not '1', so test (diff)
downloadopenssh-76eea4ab4e658670ca6e76dd1e6d17f262208b57.tar.xz
openssh-76eea4ab4e658670ca6e76dd1e6d17f262208b57.zip
- dtucker@cvs.openbsd.org 2014/01/25 10:12:50
[cipher.c cipher.h kex.c kex.h kexgexc.c] Add a special case for the DH group size for 3des-cbc, which has an effective strength much lower than the key size. This causes problems with some cryptlib implementations, which don't support group sizes larger than 4k but also don't use the largest group size it does support as specified in the RFC. Based on a patch from Petr Lautrbach at Redhat, reduced by me with input from Markus. ok djm@ markus@
Diffstat (limited to 'cipher.c')
-rw-r--r--cipher.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/cipher.c b/cipher.c
index 76e6c5963..2476e6539 100644
--- a/cipher.c
+++ b/cipher.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.c,v 1.93 2013/12/06 13:34:54 markus Exp $ */
+/* $OpenBSD: cipher.c,v 1.94 2014/01/25 10:12:50 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -142,6 +142,14 @@ cipher_keylen(const Cipher *c)
}
u_int
+cipher_seclen(const Cipher *c)
+{
+ if (strcmp("3des-cbc", c->name) == 0)
+ return 14;
+ return cipher_keylen(c);
+}
+
+u_int
cipher_authlen(const Cipher *c)
{
return (c->auth_len);