diff options
Diffstat (limited to 'meta-oe/recipes-support/libssh/files/CVE-2016-0739.patch')
-rw-r--r-- | meta-oe/recipes-support/libssh/files/CVE-2016-0739.patch | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/libssh/files/CVE-2016-0739.patch b/meta-oe/recipes-support/libssh/files/CVE-2016-0739.patch new file mode 100644 index 000000000..ebe012c33 --- /dev/null +++ b/meta-oe/recipes-support/libssh/files/CVE-2016-0739.patch | |||
@@ -0,0 +1,73 @@ | |||
1 | From f8d0026c65fc8a55748ae481758e2cf376c26c86 Mon Sep 17 00:00:00 2001 | ||
2 | From: Aris Adamantiadis <aris@0xbadc0de.be> | ||
3 | Date: Tue, 9 Feb 2016 15:09:27 +0100 | ||
4 | Subject: [PATCH] dh: Fix CVE-2016-0739 | ||
5 | |||
6 | Due to a byte/bit confusion, the DH secret was too short. This file was | ||
7 | completely reworked and will be commited in a future version. | ||
8 | |||
9 | Upstream-Status: Backport | ||
10 | |||
11 | Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> | ||
12 | Reviewed-by: Andreas Schneider <asn@cryptomilk.org> | ||
13 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
14 | --- | ||
15 | src/dh.c | 22 +++++++++++++++++----- | ||
16 | 1 file changed, 17 insertions(+), 5 deletions(-) | ||
17 | |||
18 | diff --git a/src/dh.c b/src/dh.c | ||
19 | index e489a1d..d27b66e 100644 | ||
20 | --- a/src/dh.c | ||
21 | +++ b/src/dh.c | ||
22 | @@ -227,15 +227,21 @@ void ssh_crypto_finalize(void) { | ||
23 | } | ||
24 | |||
25 | int dh_generate_x(ssh_session session) { | ||
26 | + int keysize; | ||
27 | + if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) { | ||
28 | + keysize = 1023; | ||
29 | + } else { | ||
30 | + keysize = 2047; | ||
31 | + } | ||
32 | session->next_crypto->x = bignum_new(); | ||
33 | if (session->next_crypto->x == NULL) { | ||
34 | return -1; | ||
35 | } | ||
36 | |||
37 | #ifdef HAVE_LIBGCRYPT | ||
38 | - bignum_rand(session->next_crypto->x, 128); | ||
39 | + bignum_rand(session->next_crypto->x, keysize); | ||
40 | #elif defined HAVE_LIBCRYPTO | ||
41 | - bignum_rand(session->next_crypto->x, 128, 0, -1); | ||
42 | + bignum_rand(session->next_crypto->x, keysize, -1, 0); | ||
43 | #endif | ||
44 | |||
45 | /* not harder than this */ | ||
46 | @@ -248,15 +254,21 @@ int dh_generate_x(ssh_session session) { | ||
47 | |||
48 | /* used by server */ | ||
49 | int dh_generate_y(ssh_session session) { | ||
50 | - session->next_crypto->y = bignum_new(); | ||
51 | + int keysize; | ||
52 | + if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) { | ||
53 | + keysize = 1023; | ||
54 | + } else { | ||
55 | + keysize = 2047; | ||
56 | + } | ||
57 | + session->next_crypto->y = bignum_new(); | ||
58 | if (session->next_crypto->y == NULL) { | ||
59 | return -1; | ||
60 | } | ||
61 | |||
62 | #ifdef HAVE_LIBGCRYPT | ||
63 | - bignum_rand(session->next_crypto->y, 128); | ||
64 | + bignum_rand(session->next_crypto->y, keysize); | ||
65 | #elif defined HAVE_LIBCRYPTO | ||
66 | - bignum_rand(session->next_crypto->y, 128, 0, -1); | ||
67 | + bignum_rand(session->next_crypto->y, keysize, -1, 0); | ||
68 | #endif | ||
69 | |||
70 | /* not harder than this */ | ||
71 | -- | ||
72 | 1.9.1 | ||
73 | |||