simon-git: putty (master): Simon Tatham
Commits to Tartarus CVS repository.
tartarus-commits at lists.tartarus.org
Thu Sep 10 08:14:19 BST 2015
TL;DR:
43be90e Split ssh2_cipher's keylen field into two.
Repository: git://git.tartarus.org/simon/putty.git
On the web: http://tartarus.org/~simon-git/gitweb/?p=putty.git
Branch updated: master
Committer: Simon Tatham <anakin at pobox.com>
Date: 2015-09-10 08:14:19
commit 43be90e287996e1be6f92f5a426475df25c16e10
web diff http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commitdiff;h=43be90e287996e1be6f92f5a426475df25c16e10;hp=b08895f02cc34f2a3f5e1281f929fe33a0dff657
Author: Simon Tatham <anakin at pobox.com>
Date: Thu Sep 10 08:10:52 2015 +0100
Split ssh2_cipher's keylen field into two.
The revamp of key generation in commit e460f3083 made the assumption
that you could decide how many bytes of key material to generate by
converting cipher->keylen from bits to bytes. This is a good
assumption for all ciphers except DES/3DES: since the SSH DES key
setup ignores one bit in every byte of key material it's given, you
need more bytes than its keylen field would have you believe. So
currently the DES ciphers aren't being keyed correctly.
The original keylen field is used for deciding how big a DH group to
request, and on that basis I think it still makes sense to keep it
reflecting the true entropy of a cipher key. So it turns out we need
two _separate_ key length fields per cipher - one for the real
entropy, and one for the much more obvious purpose of knowing how much
data to ask for from ssh2_mkkey.
A compensatory advantage, though, is that we can now measure the
latter directly in bytes rather than bits, so we no longer have to
faff about with dividing by 8 and rounding up.
ssh.c | 12 ++++++------
ssh.h | 14 +++++++++++++-
sshaes.c | 14 +++++++-------
ssharcf.c | 4 ++--
sshblowf.c | 4 ++--
sshccp.c | 2 +-
sshdes.c | 8 ++++----
7 files changed, 35 insertions(+), 23 deletions(-)
More information about the tartarus-commits
mailing list