dh-gex: Fall back to known primes when the moduli file is not readable

Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-03-21 14:56:16 +01:00 · 2019-03-21 14:56:16 +01:00 · 67beaf363f
--- a/include/libssh/dh.h
+++ b/include/libssh/dh.h
@ -67,5 +67,6 @@ int ssh_client_dh_init(ssh_session session);
 void ssh_server_dh_init(ssh_session session);
 #endif /* WITH_SERVER */
 int ssh_server_dh_process_init(ssh_session session, ssh_buffer packet);
+int ssh_fallback_group(uint32_t pmax, bignum *p, bignum *g);

 #endif /* DH_H_ */
--- a/src/dh-gex.c
+++ b/src/dh-gex.c
@ -479,7 +479,7 @@ static int ssh_retrieve_dhgroup(uint32_t pmin,
        SSH_LOG(SSH_LOG_WARNING,
                "Unable to open moduli file: %s",
                strerror(errno));
-        return SSH_ERROR;
+        return ssh_fallback_group(pmax, p, g);
    }

    *size = 0;
--- a/src/dh.c
+++ b/src/dh.c
@ -555,6 +555,33 @@ static SSH_PACKET_CALLBACK(ssh_packet_server_dh_init){
    return SSH_PACKET_USED;
 }

+/** @internal
+ * @brief Choose a fallback group for the DH Group exchange if the
+ * moduli file is not readable
+ * @param[in] pmax maximum requestsd group size
+ * @param[out] modulus
+ * @param[out] generator
+ * @returns SSH_OK on success, SSH_ERROR otherwise
+ */
+int ssh_fallback_group(uint32_t pmax,
+                       bignum *modulus,
+                       bignum *generator)
+{
+    *modulus = NULL;
+    *generator = NULL;
+
+    if (pmax < 3072) {
+        *modulus = ssh_dh_group14;
+    } else if (pmax < 6144) {
+        *modulus = ssh_dh_group16;
+    } else {
+        *modulus = ssh_dh_group18;
+    }
+    *generator = ssh_dh_generator;
+
+    return SSH_OK;
+}
+
 #endif /* WITH_SERVER */

 /**