Bug 1023

Summary:

Add support for dhgex-sha256

Product:

Portable OpenSSH

Reporter:

Damien Miller <djm>

Component:

sshd

Assignee:

Damien Miller <djm>

Status:

CLOSED FIXED

Severity:

enhancement

Priority:

Version:

-current

Hardware:

All

OS:

OpenBSD

Bug Depends on:

Bug Blocks:

1155

Attachments:

Description	Flags
Patch to -current 20050421	none
Revised diff	none
Patch to add dhgex-sha512 to PuTTY	none
New diffie-hellman-group-exchange-sha256 exchange	none
Again, with md-sha256.c	none
Revised diff	none
Patch against CVS 20051105	none

Description Damien Miller 2005-04-21 11:22:02 AEST

This is a patch to add support for diffie-hellman-group-exchange-sha512, a
variant of diffie-hellman-group-exchange-sha1 that computes the exchange hash
and the key derivation PRF with SHA512 instead of SHA1.

This removes the (largely acedemic) 160-bit bottleneck that prevented ciphers
with longer keys from being fully utilised.

Note that this patch requires a modified OpenSSL to build (set evp.h's
EVP_MAX_MD_SIZE to 64 and rebuild - NB this breaks bincompat). It could be
cajoled into working with OpenSSL CVS HEAD with some minor changes.

Comment 1 Damien Miller 2005-04-21 11:23:03 AEST

Created attachment 886 [details]
Patch to -current 20050421

Comment 2 Damien Miller 2005-05-11 13:32:25 AEST

Created attachment 906 [details]
Revised diff

Fix bad kex method name in proposal. Interop tested against patched putty.

Comment 3 Damien Miller 2005-05-11 13:33:35 AEST

Created attachment 907 [details]
Patch to add dhgex-sha512 to PuTTY

This is the patch for PuTTY that I wrote for testing.

Comment 4 Damien Miller 2005-07-17 18:31:46 AEST

Change of plan: do SHA256 instead of SHA512. Our longest-keyed cipher is 256
bits long and it not likely to get any bigger. Also, SHA512 requires 64-bit math
- this doesn't affect us, but others do care. 

Best of all, SHA256 will fit into all OpenSSL versions' EVP_MAX_MD_SIZE without
modification.

Comment 5 Damien Miller 2005-07-17 18:33:05 AEST

Created attachment 939 [details]
New diffie-hellman-group-exchange-sha256 exchange

Update to -current, go from SHA512 to SHA256

Comment 6 Damien Miller 2005-07-17 18:47:46 AEST

Created attachment 940 [details]
Again, with md-sha256.c

Doh! that was missing a critical file. Respin.

Comment 7 Damien Miller 2005-07-23 12:33:15 AEST

Created attachment 942 [details]
Revised diff

Shrink the diff a little by remembering the EVP_MD for the KEX

Comment 8 Damien Miller 2005-11-05 14:42:40 AEDT

Created attachment 1019 [details]
Patch against CVS 20051105

This patch applied against -current CVS as of 20051105. It is a fair bit small as the parts removing the hardcoded assumptions that the hash will always be SHA1 have been committed already.

This will therefore not apply against 4.2 or earlier releases.

Comment 9 Damien Miller 2006-03-12 16:01:05 AEDT

This has been committed and will be in OpenSSH 4.4

Comment 10 Darren Tucker 2006-09-28 19:25:33 AEST

With the release of 4.4, we believe that this bug is now closed.  For information about the release please see http://www.openssh.com/txt/release-4.4 .