From fde4640e88be8fc1058084e574b53fce96717665 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Fri, 8 May 2020 08:47:43 -0700
Subject: [PATCH] Fuzz Test Fix Fixed an issue where a too large GEX prime
 group size would cause problems generating the shared secret. 1. Moved the
 #defines for setting the default DH min/preferred/max values to internal.h.
 2. Based the DH e value on the DH max size. 3. Check that the received prime
 group size is not greater than the max.

---
 src/internal.c     | 14 +++++---------
 wolfssh/error.h    |  3 ++-
 wolfssh/internal.h | 13 +++++++++++--
 3 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 213fdaa..8739e32 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -52,15 +52,6 @@ static const char sshProtoIdStr[] = "SSH-2.0-wolfSSHv"
                                     LIBWOLFSSH_VERSION_STRING
                                     "\r\n";
 static const char OpenSSH[] = "SSH-2.0-OpenSSH";
-#ifndef WOLFSSH_DEFAULT_GEXDH_MIN
-    #define WOLFSSH_DEFAULT_GEXDH_MIN 1024
-#endif
-#ifndef WOLFSSH_DEFAULT_GEXDH_PREFERRED
-    #define WOLFSSH_DEFAULT_GEXDH_PREFERRED 3072
-#endif
-#ifndef WOLFSSH_DEFAULT_GEXDH_MAX
-    #define WOLFSSH_DEFAULT_GEXDH_MAX 8192
-#endif
 
 
 const char* GetErrorString(int err)
@@ -290,6 +281,9 @@ const char* GetErrorString(int err)
         case WS_MISSING_CALLBACK:
             return "missing a callback function";
 
+        case WS_DH_SIZE_E:
+            return "DH prime group size larger than expected";
+
         default:
             return "Unknown error code";
     }
@@ -3046,6 +3040,8 @@ static int DoKexDhGexGroup(WOLFSSH* ssh,
     if (ret == WS_SUCCESS) {
         begin = *idx;
         ret = GetMpint(&primeGroupSz, &primeGroup, buf, len, &begin);
+        if (ret == WS_SUCCESS && primeGroupSz > (MAX_KEX_KEY_SZ + 1))
+            ret = WS_DH_SIZE_E;
     }
 
     if (ret == WS_SUCCESS)
diff --git a/wolfssh/error.h b/wolfssh/error.h
index a01e1af..bbbb7d7 100644
--- a/wolfssh/error.h
+++ b/wolfssh/error.h
@@ -112,8 +112,9 @@ enum WS_ErrorCodes {
     WS_CHANGE_AUTH_E        = -1072, /* Changing auth type attempt */
     WS_WINDOW_FULL          = -1073,
     WS_MISSING_CALLBACK     = -1074, /* Callback is missing */
+    WS_DH_SIZE_E            = -1075, /* DH prime larger than expected */
 
-    WS_LAST_E               = -1074  /* Update this to indicate last error */
+    WS_LAST_E               = -1075  /* Update this to indicate last error */
 };
 
 
diff --git a/wolfssh/internal.h b/wolfssh/internal.h
index 6dbee1c..e23080b 100644
--- a/wolfssh/internal.h
+++ b/wolfssh/internal.h
@@ -142,9 +142,18 @@ enum {
     /* This is from RFC 4253 section 6.1. */
     #define MAX_PACKET_SZ 35000
 #endif
+#ifndef WOLFSSH_DEFAULT_GEXDH_MIN
+    #define WOLFSSH_DEFAULT_GEXDH_MIN 1024
+#endif
+#ifndef WOLFSSH_DEFAULT_GEXDH_PREFERRED
+    #define WOLFSSH_DEFAULT_GEXDH_PREFERRED 3072
+#endif
+#ifndef WOLFSSH_DEFAULT_GEXDH_MAX
+    #define WOLFSSH_DEFAULT_GEXDH_MAX 8192
+#endif
 #ifndef MAX_KEX_KEY_SZ
-    /* This is based on the 3072-bit DH key that is the preferred size. */
-    #define MAX_KEX_KEY_SZ (3072 / 8)
+    /* This is based on the 8192-bit DH key that is the max size. */
+    #define MAX_KEX_KEY_SZ (WOLFSSH_DEFAULT_GEXDH_MAX / 8)
 #endif
 
 WOLFSSH_LOCAL byte NameToId(const char*, word32);