From 76eea4ab4e658670ca6e76dd1e6d17f262208b57 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Sun, 26 Jan 2014 09:37:25 +1100
Subject:    - dtucker@cvs.openbsd.org 2014/01/25 10:12:50      [cipher.c
 cipher.h kex.c kex.h kexgexc.c]      Add a special case for the DH group size
 for 3des-cbc, which has an      effective strength much lower than the key
 size.  This causes problems      with some cryptlib implementations, which
 don't support group sizes larger      than 4k but also don't use the largest
 group size it does support as      specified in the RFC.  Based on a patch
 from Petr Lautrbach at Redhat,      reduced by me with input from Markus.  ok
 djm@ markus@

---
 cipher.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'cipher.c')

diff --git a/cipher.c b/cipher.c
index 76e6c596..2476e653 100644
--- a/cipher.c
+++ b/cipher.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.c,v 1.93 2013/12/06 13:34:54 markus Exp $ */
+/* $OpenBSD: cipher.c,v 1.94 2014/01/25 10:12:50 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -141,6 +141,14 @@ cipher_keylen(const Cipher *c)
 	return (c->key_len);
 }
 
+u_int
+cipher_seclen(const Cipher *c)
+{
+	if (strcmp("3des-cbc", c->name) == 0)
+		return 14;
+	return cipher_keylen(c);
+}
+
 u_int
 cipher_authlen(const Cipher *c)
 {
-- 
cgit v1.2.1