summary refs log tree commit diff
path: root/gnu/packages/patches/libssh-0.6.5-CVE-2016-0739.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/libssh-0.6.5-CVE-2016-0739.patch')
-rw-r--r--gnu/packages/patches/libssh-0.6.5-CVE-2016-0739.patch77
1 files changed, 77 insertions, 0 deletions
diff --git a/gnu/packages/patches/libssh-0.6.5-CVE-2016-0739.patch b/gnu/packages/patches/libssh-0.6.5-CVE-2016-0739.patch
new file mode 100644
index 0000000000..a5fdd7ffff
--- /dev/null
+++ b/gnu/packages/patches/libssh-0.6.5-CVE-2016-0739.patch
@@ -0,0 +1,77 @@
+Fix CVE-2016-0739 (Weak Diffie-Hellman secret generation in
+dh_generate_x() and dh_generate_y()).
+
+"Due to a byte/bit confusion, the DH secret was too short. This file was
+completely reworked and will be commited in a future version."
+Source:
+https://git.libssh.org/projects/libssh.git/commit/?id=f8d0026c65fc8a55748ae481758e2cf376c26c86
+
+This patch was created by upstream for libssh-0.7.3, but applied without
+modification to libssh-0.6.3 by Debian. In Guix, we apply it without
+modification to libssh-0.6.5.
+
+References:
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0739
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0739
+https://security-tracker.debian.org/tracker/CVE-2016-0739
+
+---
+ src/dh.c | 22 +++++++++++++++++-----
+ 1 file changed, 17 insertions(+), 5 deletions(-)
+
+diff --git a/src/dh.c b/src/dh.c
+index e489a1d..d27b66e 100644
+--- a/src/dh.c
++++ b/src/dh.c
+@@ -227,15 +227,21 @@ void ssh_crypto_finalize(void) {
+ }
+ 
+ int dh_generate_x(ssh_session session) {
++  int keysize;
++  if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) {
++    keysize = 1023;
++  } else {
++    keysize = 2047;
++  }
+   session->next_crypto->x = bignum_new();
+   if (session->next_crypto->x == NULL) {
+     return -1;
+   }
+ 
+ #ifdef HAVE_LIBGCRYPT
+-  bignum_rand(session->next_crypto->x, 128);
++  bignum_rand(session->next_crypto->x, keysize);
+ #elif defined HAVE_LIBCRYPTO
+-  bignum_rand(session->next_crypto->x, 128, 0, -1);
++  bignum_rand(session->next_crypto->x, keysize, -1, 0);
+ #endif
+ 
+   /* not harder than this */
+@@ -248,15 +254,21 @@ int dh_generate_x(ssh_session session) {
+ 
+ /* used by server */
+ int dh_generate_y(ssh_session session) {
+-    session->next_crypto->y = bignum_new();
++  int keysize;
++  if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) {
++    keysize = 1023;
++  } else {
++    keysize = 2047;
++  }
++  session->next_crypto->y = bignum_new();
+   if (session->next_crypto->y == NULL) {
+     return -1;
+   }
+ 
+ #ifdef HAVE_LIBGCRYPT
+-  bignum_rand(session->next_crypto->y, 128);
++  bignum_rand(session->next_crypto->y, keysize);
+ #elif defined HAVE_LIBCRYPTO
+-  bignum_rand(session->next_crypto->y, 128, 0, -1);
++  bignum_rand(session->next_crypto->y, keysize, -1, 0);
+ #endif
+ 
+   /* not harder than this */
+-- 
+cgit v0.12
+