Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

primes: min and max should be inclusive #649

Merged
merged 1 commit into from Apr 24, 2016
Merged

Conversation

@damz
Copy link
Contributor

@damz damz commented Dec 24, 2015

As seen in the OpenSSH source code, the min and max values of the diffie-hellman-group-exchange-* key exchange types are supposed to be inclusive.

In the current state of the code and a standard /etc/ssh/moduli file, OpenSSH client sends min=1024, max=8192, prefer=8192, but paramiko returns one of the 7680 bits prime instead of one of the 8192 bits ones.

As far as I can see, the whole ModulusPack is untested, so not adding explicit tests for this.

As seen in the [OpenSSH source code][1], the min and max values
of the 'diffie-hellman-group-exchange-*' key exchange types are
supposed to be inclusive.

In the current state of the code and a standard /etc/ssh/moduli
file, OpenSSH client sends min=1024, max=8192, prefer=8192,
but paramiko returns one of the 7680 bits prime instead of one
of the 8192 bits ones.

[1]: https://github.com/openssh/openssh-portable/blob/master/kexgexc.c#L111
@bitprophet bitprophet added this to the 1.17 milestone Dec 31, 2015
@bitprophet
Copy link
Member

@bitprophet bitprophet commented Dec 31, 2015

Huh. Nice catch, thanks :)

@bitprophet bitprophet merged commit 10f5ef9 into paramiko:master Apr 24, 2016
1 check passed
1 check passed
continuous-integration/travis-ci/pr The Travis CI build passed
Details
bitprophet added a commit that referenced this pull request Apr 24, 2016
dkhapun pushed a commit to cyberx-labs/paramiko that referenced this pull request Jun 7, 2018
primes: min and max should be inclusive
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants
You can’t perform that action at this time.