mirror of https://github.com/wolfSSL/wolfssh.git
Fuzz Test Fix
Fixed an issue where a too large GEX prime group size would cause problems generating the shared secret. 1. Moved the #defines for setting the default DH min/preferred/max values to internal.h. 2. Based the DH e value on the DH max size. 3. Check that the received prime group size is not greater than the max.pull/257/head
parent
aa04a31822
commit
fde4640e88
|
@ -52,15 +52,6 @@ static const char sshProtoIdStr[] = "SSH-2.0-wolfSSHv"
|
||||||
LIBWOLFSSH_VERSION_STRING
|
LIBWOLFSSH_VERSION_STRING
|
||||||
"\r\n";
|
"\r\n";
|
||||||
static const char OpenSSH[] = "SSH-2.0-OpenSSH";
|
static const char OpenSSH[] = "SSH-2.0-OpenSSH";
|
||||||
#ifndef WOLFSSH_DEFAULT_GEXDH_MIN
|
|
||||||
#define WOLFSSH_DEFAULT_GEXDH_MIN 1024
|
|
||||||
#endif
|
|
||||||
#ifndef WOLFSSH_DEFAULT_GEXDH_PREFERRED
|
|
||||||
#define WOLFSSH_DEFAULT_GEXDH_PREFERRED 3072
|
|
||||||
#endif
|
|
||||||
#ifndef WOLFSSH_DEFAULT_GEXDH_MAX
|
|
||||||
#define WOLFSSH_DEFAULT_GEXDH_MAX 8192
|
|
||||||
#endif
|
|
||||||
|
|
||||||
|
|
||||||
const char* GetErrorString(int err)
|
const char* GetErrorString(int err)
|
||||||
|
@ -290,6 +281,9 @@ const char* GetErrorString(int err)
|
||||||
case WS_MISSING_CALLBACK:
|
case WS_MISSING_CALLBACK:
|
||||||
return "missing a callback function";
|
return "missing a callback function";
|
||||||
|
|
||||||
|
case WS_DH_SIZE_E:
|
||||||
|
return "DH prime group size larger than expected";
|
||||||
|
|
||||||
default:
|
default:
|
||||||
return "Unknown error code";
|
return "Unknown error code";
|
||||||
}
|
}
|
||||||
|
@ -3046,6 +3040,8 @@ static int DoKexDhGexGroup(WOLFSSH* ssh,
|
||||||
if (ret == WS_SUCCESS) {
|
if (ret == WS_SUCCESS) {
|
||||||
begin = *idx;
|
begin = *idx;
|
||||||
ret = GetMpint(&primeGroupSz, &primeGroup, buf, len, &begin);
|
ret = GetMpint(&primeGroupSz, &primeGroup, buf, len, &begin);
|
||||||
|
if (ret == WS_SUCCESS && primeGroupSz > (MAX_KEX_KEY_SZ + 1))
|
||||||
|
ret = WS_DH_SIZE_E;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ret == WS_SUCCESS)
|
if (ret == WS_SUCCESS)
|
||||||
|
|
|
@ -112,8 +112,9 @@ enum WS_ErrorCodes {
|
||||||
WS_CHANGE_AUTH_E = -1072, /* Changing auth type attempt */
|
WS_CHANGE_AUTH_E = -1072, /* Changing auth type attempt */
|
||||||
WS_WINDOW_FULL = -1073,
|
WS_WINDOW_FULL = -1073,
|
||||||
WS_MISSING_CALLBACK = -1074, /* Callback is missing */
|
WS_MISSING_CALLBACK = -1074, /* Callback is missing */
|
||||||
|
WS_DH_SIZE_E = -1075, /* DH prime larger than expected */
|
||||||
|
|
||||||
WS_LAST_E = -1074 /* Update this to indicate last error */
|
WS_LAST_E = -1075 /* Update this to indicate last error */
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -142,9 +142,18 @@ enum {
|
||||||
/* This is from RFC 4253 section 6.1. */
|
/* This is from RFC 4253 section 6.1. */
|
||||||
#define MAX_PACKET_SZ 35000
|
#define MAX_PACKET_SZ 35000
|
||||||
#endif
|
#endif
|
||||||
|
#ifndef WOLFSSH_DEFAULT_GEXDH_MIN
|
||||||
|
#define WOLFSSH_DEFAULT_GEXDH_MIN 1024
|
||||||
|
#endif
|
||||||
|
#ifndef WOLFSSH_DEFAULT_GEXDH_PREFERRED
|
||||||
|
#define WOLFSSH_DEFAULT_GEXDH_PREFERRED 3072
|
||||||
|
#endif
|
||||||
|
#ifndef WOLFSSH_DEFAULT_GEXDH_MAX
|
||||||
|
#define WOLFSSH_DEFAULT_GEXDH_MAX 8192
|
||||||
|
#endif
|
||||||
#ifndef MAX_KEX_KEY_SZ
|
#ifndef MAX_KEX_KEY_SZ
|
||||||
/* This is based on the 3072-bit DH key that is the preferred size. */
|
/* This is based on the 8192-bit DH key that is the max size. */
|
||||||
#define MAX_KEX_KEY_SZ (3072 / 8)
|
#define MAX_KEX_KEY_SZ (WOLFSSH_DEFAULT_GEXDH_MAX / 8)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
WOLFSSH_LOCAL byte NameToId(const char*, word32);
|
WOLFSSH_LOCAL byte NameToId(const char*, word32);
|
||||||
|
|
Loading…
Reference in New Issue