search for: dh_new_group14

On 09/22/2017 03:22 PM, Daniel Kahn Gillmor wrote: > On Thu 2017-09-21 18:12:44 -0400, Joseph S Testa II wrote: >> I gotta say... having a fallback mechanism here seems pretty >> strange. The entire point of the group exchange is to use a dynamic >> group and not a static one. > > fwiw, i think dynamic groups for DHE key exchange is intrinsically > problematic

New version of Calysto reports a warning that looks like a bug to me: ------------------------------------------ Possible NULL-ptr deref (vc27053): @/work/projects/llvm/tools/Calysto/IfaceSpecs/clib.c:1823 Bug: ?? Explanation: choose_dh (dh.c:111) calls fopen twice (@120). If the first call to fopen fails (returns NULL), but the second one succeeds, fgets (@129) is called with f==NULL.

...u want to be more paranoid: > > DH * > dh_new_group_fallback(int max) > { > debug3("%s: requested max size %d", __func__, max); > if (max <= 2048) { > debug3("using 2k bit group 14"); > return dh_new_group14(); > } else if (max <= 4096) { > debug3("using 4k bit group 16"); > return dh_new_group16(); > } > debug3("using 8k bit group 18"); > return dh_new_group18(); > } This wouldn...

On 09/24/2017 12:21 AM, Mark D. Baushke wrote: > I suggest you upgrade to a more recent edition of the OpenSSH software. > The most recent release is OpenSSH 7.5 and OpenSSH 7.6 will be released > very soon. This problem is in v7.5 and v7.6. See dh.c:436. > OpenSSH 6.6 was first released on October 6, 2014. I brought up v6.6 to give an example that older clients wouldn't be

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |