Subject: Re: [SECURITY ADVISORY] Truncated Difffie-Hellman secret length

Re: [SECURITY ADVISORY] Truncated Difffie-Hellman secret length

From: George Garner (online) <ggarner_online_at_gmgsystemsinc.com>
Date: Thu, 25 Feb 2016 10:14:21 -0500

Delving a little further into the code, it would appear that you are only
using the macro _libssh2_bn_rand in the two locations that need to be fixed
so you could simply change the definition of _libssh2_bn_rand and revert
the previous patch.

- #define _libssh2_bn_rand(bn, bits, top, bottom) BN_rand(bn, bits, top,
bottom)
+ #define _libssh2_bn_rand(bn, bytes * 8 -1, top, bottom) BN_rand(bn, bits,
top, bottom)

This would also allow simplification of the algorithm on Windows because
BCryptGenRandom expects the length in bytes and you would no longer need to
convert from bits to bytes using ceil(). Because you are always
subtracting 1 from the number of bytes x 8, the number of bits will always
be odd.

_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2016-02-25