DH group selection for SHA2-512 bit HMAC.
Nickolay
nickolay at antlogic.com.ua
Fri May 31 23:37:32 EST 2013
Hi. I've got the following problem with our SSH client library:
- client connects to OpenSSH 5.9+ server and they choose hmac-sha2-512
with diffie-hellman-group-exchange-sha256.
- client sends MSG_KEX_DH_GEX_REQUEST DH group request with parameters
(1024, 1024, 8192).
I.e. minimum and preferred group size is 1024-bit,
- OpenSSH server in kexgexs.c:kexgex_server processes this message and
selects 1024-bit group, sending it back to client.
- however, later, when it goes to shared secret generation, in
dh.c:dh_gen_key code checks group size to be
2 * need >= BN_num_bits(dh->p), where need is set to 512 bit (by the
size of HMAC, i assume ), producing the error fatal("dh_gen_key: group
too small: %d (2*need %d)".
So, I think it would be more logical to check 'need' parameter somewhere
during group selection.
Or am I missing something?
Thanks!
--
Nickolay Olshevsky, AntLogic
Email: nickolay at antlogic.com.ua
http://antlogic.com.ua/
More information about the openssh-unix-dev
mailing list