upstream commit
Cap DH-GEX group size at 4kbits for Cisco implementations.
Some of them will choke when asked for preferred sizes >4k instead of
returning the 4k group that they do have. bz#2209, ok djm@
Upstream-ID: 54b863a19713446b7431f9d06ad0532b4fcfef8d
diff --git a/kexgexc.c b/kexgexc.c
index 3f20491..71ff133 100644
--- a/kexgexc.c
+++ b/kexgexc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexc.c,v 1.21 2015/04/13 02:04:08 djm Exp $ */
+/* $OpenBSD: kexgexc.c,v 1.22 2015/05/26 23:23:40 dtucker Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -28,6 +28,7 @@
#ifdef WITH_OPENSSL
+#include <sys/param.h>
#include <sys/types.h>
#include <openssl/dh.h>
@@ -65,6 +66,8 @@
kex->min = DH_GRP_MIN;
kex->max = DH_GRP_MAX;
kex->nbits = nbits;
+ if (datafellows & SSH_BUG_DHGEX_LARGE)
+ kex->nbits = MIN(kex->nbits, 4096);
/* New GEX request */
if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REQUEST)) != 0 ||
(r = sshpkt_put_u32(ssh, kex->min)) != 0 ||