Google Git
Sign in
go / crypto / dc7f3af03ebbba4b0c90f8d95c682dba7d4c70f5
commitdc7f3af03ebbba4b0c90f8d95c682dba7d4c70f5[log] [tgz]
authorAdam Langley <agl@golang.org>Wed Oct 05 17:24:36 2016 -0700
committerAdam Langley <agl@golang.org>Mon Oct 10 21:14:46 2016 +0000
treeaffb8838d1cdb760aa3168988e1aa9850593ad57
parentd172538b2cfce0c13cee31e647d0367aa8cd2486 [diff]
ssh: bound DH public values to [2, p-2].

Previously this code bounded the values to [1, p-1]. This protects
against invalid values that could take lots of CPU time to calculate
with. But the standard bounding is [2, p-2] so mirror that.

Since the DH exchange is signed anyway, this is not a security fix.

Change-Id: Ibef01805a596a433b0699d7a09c076344fa8c070
Reviewed-on: https://go-review.googlesource.com/30590
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
1 file changed
tree: affb8838d1cdb760aa3168988e1aa9850593ad57
  1. acme/
  2. bcrypt/
  3. blowfish/
  4. bn256/
  5. cast5/
  6. curve25519/
  7. ed25519/
  8. hkdf/
  9. md4/
  10. nacl/
  11. ocsp/
  12. openpgp/
  13. otr/
  14. pbkdf2/
  15. pkcs12/
  16. poly1305/
  17. ripemd160/
  18. salsa20/
  19. scrypt/
  20. sha3/
  21. ssh/
  22. tea/
  23. twofish/
  24. xtea/
  25. xts/
  26. .gitattributes
  27. .gitignore
  28. AUTHORS
  29. codereview.cfg
  30. CONTRIBUTING.md
  31. CONTRIBUTORS
  32. LICENSE
  33. PATENTS
  34. README