File 0129-ssh-Increase-min-size-of-dh-keys.patch of Package erlang

Overview Repositories Revisions Requests Users Attributes Meta

File 0129-ssh-Increase-min-size-of-dh-keys.patch of Package erlang

From b682c4f9b39ecbfc9f565b28af86856eb70a576f Mon Sep 17 00:00:00 2001
From: Hans Nilsson <hans@erlang.org>
Date: Wed, 27 Apr 2022 08:53:02 +0200
Subject: [PATCH] ssh: Increase min size of dh keys

The OpenSSL 3.0 allowed min size has increased.
---
 lib/ssh/src/ssh_transport.erl | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl
index 6fa704b917..c8b8b99092 100644
--- a/lib/ssh/src/ssh_transport.erl
+++ b/lib/ssh/src/ssh_transport.erl
@@ -62,6 +62,8 @@
 -behaviour(ssh_dbg).
 -export([ssh_dbg_trace_points/0, ssh_dbg_flags/1, ssh_dbg_on/1, ssh_dbg_off/1, ssh_dbg_format/2]).
 
+-define(MIN_DH_KEY_SIZE, 400).
+
 %%% For test suites
 -export([pack/3, adjust_algs_for_peer_version/2]).
 
@@ -2164,10 +2166,10 @@ parallell_gen_key(Ssh = #ssh{keyex_key = {x, {G, P}},
     Ssh#ssh{keyex_key = {{Private, Public}, {G, P}}}.
 
 
-generate_key(ecdh = Algorithm, Args) ->
-    crypto:generate_key(Algorithm, Args);
-generate_key(Algorithm, Args) ->
-    {Public,Private} = crypto:generate_key(Algorithm, Args),
+generate_key(ecdh, Args) ->
+    crypto:generate_key(ecdh, Args);
+generate_key(dh, [P,G,Sz2]) ->
+    {Public,Private} = crypto:generate_key(dh, [P, G, max(Sz2,?MIN_DH_KEY_SIZE)] ),
     {crypto:bytes_to_integer(Public), crypto:bytes_to_integer(Private)}.
 
 
-- 
2.35.3

Places

File 0129-ssh-Increase-min-size-of-dh-keys.patch of Package erlang

Places