The SSH server code in Peter Gutmann's cryptlib ignores the minimum value in the SSH2_MSG_KEX_DH_GEX_REQUEST message and unconditionally uses the requested value. Group sizes are limited to CRYPT_MAX_PKCSIZE aka 4096 bits:
status = length = \ readHSPacketSSH2( sessionInfoPtr, SSH_MSG_KEXDH_GEX_REQUEST_OLD, ID_SIZE + UINT32_SIZE );
if( cryptStatusError( status ) ) return( status ); sMemConnect( &stream, sessionInfoPtr->receiveBuffer, length ); streamBookmarkSet( &stream, keyexInfoLength );
if( sessionInfoPtr->sessionSSH->packetType == SSH_MSG_KEXDH_GEX_REQUEST_NEW )
{
/* It's a { min_length, length, max_length } sequence, save a copy and get the length value */ readUint32( &stream ); keySize = readUint32( &stream ); status = readUint32( &stream );
}
else
{
/* It's a straight length, save a copy and get the length value */ status = keySize = readUint32( &stream );
}
if( !cryptStatusError( status ) ) status = streamBookmarkComplete( &stream, &keyexInfoPtr, &keyexInfoLength, keyexInfoLength ); sMemDisconnect( &stream );
if( cryptStatusError( status ) )
{ retExt( status, ( status, SESSION_ERRINFO, "Invalid ephemeral DH key data request packet" ) );
} ANALYSER_HINT( keyexInfoPtr != NULL );
if( keySize < bytesToBits( MIN_PKCSIZE ) || \ keySize > bytesToBits( CRYPT_MAX_PKCSIZE ) )
{ retExt( CRYPT_ERROR_BADDATA, ( CRYPT_ERROR_BADDATA, SESSION_ERRINFO, "Client requested invalid ephemeral DH key size %d bits, " "should be %d...%d", keySize, bytesToBits( MIN_PKCSIZE ), bytesToBits( CRYPT_MAX_PKCSIZE ) ) );
}
The SSH server code in Peter Gutmann's cryptlib ignores the minimum value in the SSH2_MSG_ KEX_DH_ GEX_REQUEST message and unconditionally uses the requested value. Group sizes are limited to CRYPT_MAX_PKCSIZE aka 4096 bits:
status = length = \
readHSPacketS SH2( sessionInfoPtr, SSH_MSG_ KEXDH_GEX_ REQUEST_ OLD,
ID_SIZE + UINT32_SIZE );
return( status );
sMemConnect( &stream, sessionInfoPtr- >receiveBuffer, length );
streamBookmark Set( &stream, keyexInfoLength ); >sessionSSH- >packetType == SSH_MSG_ KEXDH_GEX_ REQUEST_ NEW )
and get the length value */
readUint32( &stream );
keySize = readUint32( &stream );
status = readUint32( &stream );
status = keySize = readUint32( &stream );
status = streamBookmarkC omplete( &stream, &keyexInfoPtr,
&keyexInfoL ength, keyexInfoLength );
sMemDisconnect ( &stream );
retExt( status,
( status, SESSION_ERRINFO,
" Invalid ephemeral DH key data request packet" ) );
ANALYSER_ HINT( keyexInfoPtr != NULL );
keySize > bytesToBits( CRYPT_MAX_PKCSIZE ) )
retExt( CRYPT_ERROR_ BADDATA,
( CRYPT_ERROR_ BADDATA, SESSION_ERRINFO,
" Client requested invalid ephemeral DH key size %d bits, "
" should be %d...%d", keySize,
bytesToBi ts( MIN_PKCSIZE ),
bytesToBi ts( CRYPT_MAX_PKCSIZE ) ) );
if( cryptStatusError( status ) )
if( sessionInfoPtr-
{
/* It's a { min_length, length, max_length } sequence, save a copy
}
else
{
/* It's a straight length, save a copy and get the length value */
}
if( !cryptStatusError( status ) )
if( cryptStatusError( status ) )
{
}
if( keySize < bytesToBits( MIN_PKCSIZE ) || \
{
}