1 files changed, 73 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/libssh/files/CVE-2016-0739.patch b/meta-oe/recipes-support/libssh/files/CVE-2016-0739.patch
new file mode 100644
index 000000000..ebe012c33
--- /dev/null
+++ b/meta-oe/recipes-support/libssh/files/CVE-2016-0739.patch
@@ -0,0 +1,73 @@
+From f8d0026c65fc8a55748ae481758e2cf376c26c86 Mon Sep 17 00:00:00 2001
+From: Aris Adamantiadis <aris@0xbadc0de.be>
+Date: Tue, 9 Feb 2016 15:09:27 +0100
+Subject: [PATCH] dh: Fix CVE-2016-0739
+Due to a byte/bit confusion, the DH secret was too short. This file was
+completely reworked and will be commited in a future version.
+Upstream-Status: Backport
+Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ src/dh.c | 22 +++++++++++++++++-----
+ 1 file changed, 17 insertions(+), 5 deletions(-)
+diff --git a/src/dh.c b/src/dh.c
+index e489a1d..d27b66e 100644
+--- a/src/dh.c
+++ b/src/dh.c
+@@ -227,15 +227,21 @@ void ssh_crypto_finalize(void) {
+ }
+ 
+ int dh_generate_x(ssh_session session) {
+  int keysize;
+  if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) {
+    keysize = 1023;
+  } else {
+    keysize = 2047;
+  }
+   session->next_crypto->x = bignum_new();
+   if (session->next_crypto->x == NULL) {
+     return -1;
+   }
+ 
+ #ifdef HAVE_LIBGCRYPT
+-  bignum_rand(session->next_crypto->x, 128);
+  bignum_rand(session->next_crypto->x, keysize);
+ #elif defined HAVE_LIBCRYPTO
+-  bignum_rand(session->next_crypto->x, 128, 0, -1);
+  bignum_rand(session->next_crypto->x, keysize, -1, 0);
+ #endif
+ 
+   /* not harder than this */
+@@ -248,15 +254,21 @@ int dh_generate_x(ssh_session session) {
+ 
+ /* used by server */
+ int dh_generate_y(ssh_session session) {
+-    session->next_crypto->y = bignum_new();
+  int keysize;
+  if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) {
+    keysize = 1023;
+  } else {
+    keysize = 2047;
+  }
+  session->next_crypto->y = bignum_new();
+   if (session->next_crypto->y == NULL) {
+     return -1;
+   }
+ 
+ #ifdef HAVE_LIBGCRYPT
+-  bignum_rand(session->next_crypto->y, 128);
+  bignum_rand(session->next_crypto->y, keysize);
+ #elif defined HAVE_LIBCRYPTO
+-  bignum_rand(session->next_crypto->y, 128, 0, -1);
+  bignum_rand(session->next_crypto->y, keysize, -1, 0);
+ #endif
+ 
+   /* not harder than this */
+-- 
+1.9.1

diff --git a/meta-oe/recipes-support/libssh/files/CVE-2016-0739.patch b/meta-oe/recipes-support/libssh/files/CVE-2016-0739.patch new file mode 100644 index 000000000..ebe012c33 --- /dev/null +++ b/meta-oe/recipes-support/libssh/files/CVE-2016-0739.patch
@@ -0,0 +1,73 @@
	1	From f8d0026c65fc8a55748ae481758e2cf376c26c86 Mon Sep 17 00:00:00 2001
	2	From: Aris Adamantiadis <aris@0xbadc0de.be>
	3	Date: Tue, 9 Feb 2016 15:09:27 +0100
	4	Subject: [PATCH] dh: Fix CVE-2016-0739
	5
	6	Due to a byte/bit confusion, the DH secret was too short. This file was
	7	completely reworked and will be commited in a future version.
	8
	9	Upstream-Status: Backport
	10
	11	Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
	12	Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
	13	Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
	14	---
	15	src/dh.c \| 22 +++++++++++++++++-----
	16	1 file changed, 17 insertions(+), 5 deletions(-)
	17
	18	diff --git a/src/dh.c b/src/dh.c
	19	index e489a1d..d27b66e 100644
	20	--- a/src/dh.c
	21	+++ b/src/dh.c
	22	@@ -227,15 +227,21 @@ void ssh_crypto_finalize(void) {
	23	}
	24
	25	int dh_generate_x(ssh_session session) {
	26	+ int keysize;
	27	+ if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) {
	28	+ keysize = 1023;
	29	+ } else {
	30	+ keysize = 2047;
	31	+ }
	32	session->next_crypto->x = bignum_new();
	33	if (session->next_crypto->x == NULL) {
	34	return -1;
	35	}
	36
	37	#ifdef HAVE_LIBGCRYPT
	38	- bignum_rand(session->next_crypto->x, 128);
	39	+ bignum_rand(session->next_crypto->x, keysize);
	40	#elif defined HAVE_LIBCRYPTO
	41	- bignum_rand(session->next_crypto->x, 128, 0, -1);
	42	+ bignum_rand(session->next_crypto->x, keysize, -1, 0);
	43	#endif
	44
	45	/* not harder than this */
	46	@@ -248,15 +254,21 @@ int dh_generate_x(ssh_session session) {
	47
	48	/* used by server */
	49	int dh_generate_y(ssh_session session) {
	50	- session->next_crypto->y = bignum_new();
	51	+ int keysize;
	52	+ if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) {
	53	+ keysize = 1023;
	54	+ } else {
	55	+ keysize = 2047;
	56	+ }
	57	+ session->next_crypto->y = bignum_new();
	58	if (session->next_crypto->y == NULL) {
	59	return -1;
	60	}
	61
	62	#ifdef HAVE_LIBGCRYPT
	63	- bignum_rand(session->next_crypto->y, 128);
	64	+ bignum_rand(session->next_crypto->y, keysize);
	65	#elif defined HAVE_LIBCRYPTO
	66	- bignum_rand(session->next_crypto->y, 128, 0, -1);
	67	+ bignum_rand(session->next_crypto->y, keysize, -1, 0);
	68	#endif
	69
	70	/* not harder than this */
	71	--
	72	1.9.1
	73