diff -U0 openssh-6.4p1/ChangeLog.3des-dh-size openssh-6.4p1/ChangeLog

--- openssh-6.4p1/ChangeLog.3des-dh-size	2014-01-28 14:15:25.178358616 +0100

+++ openssh-6.4p1/ChangeLog	2014-01-28 14:18:24.678444650 +0100

@@ -0,0 +1,15 @@

+20140126

+ - OpenBSD CVS Sync

+   - dtucker@cvs.openbsd.org 2014/01/25 10:12:50

+     [cipher.c cipher.h kex.c kex.h kexgexc.c]

+     Add a special case for the DH group size for 3des-cbc, which has an

+     effective strength much lower than the key size.  This causes problems

+     with some cryptlib implementations, which don't support group sizes larger

+     than 4k but also don't use the largest group size it does support as

+     specified in the RFC.  Based on a patch from Petr Lautrbach at Redhat,

+     reduced by me with input from Markus.  ok djm@ markus@

+   - markus@cvs.openbsd.org 2014/01/25 20:35:37

+     [kex.c]

+     dh_need needs to be set to max(seclen, blocksize, ivlen, mac_len)

+     ok dtucker@, noted by mancha

+

diff -up openssh-6.4p1/cipher.c.3des-dh-size openssh-6.4p1/cipher.c

--- openssh-6.4p1/cipher.c.3des-dh-size	2014-01-28 14:15:25.101359008 +0100

+++ openssh-6.4p1/cipher.c	2014-01-28 14:17:48.119630792 +0100

@@ -1,4 +1,4 @@

-/* $OpenBSD: cipher.c,v 1.89 2013/05/17 00:13:13 djm Exp $ */

+/* $OpenBSD: cipher.c,v 1.94 2014/01/25 10:12:50 dtucker Exp $ */

 /*

  * Author: Tatu Ylonen <ylo@cs.hut.fi>

  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland

@@ -144,6 +144,14 @@ cipher_keylen(const Cipher *c)

 }

 u_int

+cipher_seclen(const Cipher *c)

+{

+	if (strcmp("3des-cbc", c->name) == 0)

+		return 14;

+	return cipher_keylen(c);

+}

+

+u_int

 cipher_authlen(const Cipher *c)

 {

 	return (c->auth_len);

diff -up openssh-6.4p1/cipher.h.3des-dh-size openssh-6.4p1/cipher.h

--- openssh-6.4p1/cipher.h.3des-dh-size	2014-01-28 14:15:25.178358616 +0100

+++ openssh-6.4p1/cipher.h	2014-01-28 14:17:17.858784879 +0100

@@ -1,4 +1,4 @@

-/* $OpenBSD: cipher.h,v 1.40 2013/04/19 01:06:50 djm Exp $ */

+/* $OpenBSD: cipher.h,v 1.44 2014/01/25 10:12:50 dtucker Exp $ */

 /*

  * Author: Tatu Ylonen <ylo@cs.hut.fi>

@@ -95,6 +95,7 @@ void	 cipher_cleanup(CipherContext *);

 int	 cipher_set_key_string(CipherContext *, const Cipher *, const char *, int);

 u_int	 cipher_blocksize(const Cipher *);

 u_int	 cipher_keylen(const Cipher *);

+u_int	 cipher_seclen(const Cipher *);

 u_int	 cipher_authlen(const Cipher *);

 u_int	 cipher_ivlen(const Cipher *);

 u_int	 cipher_is_cbc(const Cipher *);

diff -up openssh-6.4p1/kex.c.3des-dh-size openssh-6.4p1/kex.c

--- openssh-6.4p1/kex.c.3des-dh-size	2014-01-28 14:15:25.165358682 +0100

+++ openssh-6.4p1/kex.c	2014-01-28 14:19:22.038152586 +0100

@@ -1,4 +1,4 @@

-/* $OpenBSD: kex.c,v 1.91 2013/05/17 00:13:13 djm Exp $ */

+/* $OpenBSD: kex.c,v 1.97 2014/01/25 20:35:37 markus Exp $ */

 /*

  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.

  *

@@ -494,7 +494,7 @@ kex_choose_conf(Kex *kex)

 	char **my, **peer;

 	char **cprop, **sprop;

 	int nenc, nmac, ncomp;

-	u_int mode, ctos, need, authlen;

+	u_int mode, ctos, need, dh_need, authlen;

 	int first_kex_follows, type;

 	my   = kex_buf2prop(&kex->my, NULL);

@@ -545,20 +545,21 @@ kex_choose_conf(Kex *kex)

 	choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]);

 	choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],

 	    sprop[PROPOSAL_SERVER_HOST_KEY_ALGS]);

-	need = 0;

+	need = dh_need = 0;

 	for (mode = 0; mode < MODE_MAX; mode++) {

 		newkeys = kex->newkeys[mode];

-		if (need < newkeys->enc.key_len)

-			need = newkeys->enc.key_len;

-		if (need < newkeys->enc.block_size)

-			need = newkeys->enc.block_size;

-		if (need < newkeys->enc.iv_len)

-			need = newkeys->enc.iv_len;

-		if (need < newkeys->mac.key_len)

-			need = newkeys->mac.key_len;

+		need = MAX(need, newkeys->enc.key_len);

+		need = MAX(need, newkeys->enc.block_size);

+		need = MAX(need, newkeys->enc.iv_len);

+		need = MAX(need, newkeys->mac.key_len);

+		dh_need = MAX(dh_need, cipher_seclen(newkeys->enc.cipher));

+		dh_need = MAX(dh_need, newkeys->enc.block_size);

+		dh_need = MAX(dh_need, newkeys->enc.iv_len);

+		dh_need = MAX(dh_need, newkeys->mac.key_len);

 	}

 	/* XXX need runden? */

 	kex->we_need = need;

+	kex->dh_need = dh_need;

 	/* ignore the next message if the proposals do not match */

 	if (first_kex_follows && !proposals_match(my, peer) &&

diff -up openssh-6.4p1/kexgexc.c.3des-dh-size openssh-6.4p1/kexgexc.c

--- openssh-6.4p1/kexgexc.c.3des-dh-size	2014-01-28 14:15:25.165358682 +0100

+++ openssh-6.4p1/kexgexc.c	2014-01-28 14:19:09.718215323 +0100

@@ -1,4 +1,4 @@

-/* $OpenBSD: kexgexc.c,v 1.13 2013/05/17 00:13:13 djm Exp $ */

+/* $OpenBSD: kexgexc.c,v 1.16 2014/01/25 10:12:50 dtucker Exp $ */

 /*

  * Copyright (c) 2000 Niels Provos.  All rights reserved.

  * Copyright (c) 2001 Markus Friedl.  All rights reserved.

@@ -60,7 +60,7 @@ kexgex_client(Kex *kex)

 	int min, max, nbits;

 	DH *dh;

-	nbits = dh_estimate(kex->we_need * 8);

+	nbits = dh_estimate(kex->dh_need * 8);

 	if (datafellows & SSH_OLD_DHGEX) {

 		/* Old GEX request */

diff -up openssh-6.4p1/kex.h.3des-dh-size openssh-6.4p1/kex.h

--- openssh-6.4p1/kex.h.3des-dh-size	2014-01-28 14:15:25.142358799 +0100

+++ openssh-6.4p1/kex.h	2014-01-28 14:18:49.431318614 +0100

@@ -1,4 +1,4 @@

-/* $OpenBSD: kex.h,v 1.56 2013/07/19 07:37:48 markus Exp $ */

+/* $OpenBSD: kex.h,v 1.61 2014/01/25 10:12:50 dtucker Exp $ */

 /*

  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.

@@ -125,6 +125,7 @@ struct Kex {

 	u_int	session_id_len;

 	Newkeys	*newkeys[MODE_MAX];

 	u_int	we_need;

+	u_int	dh_need;

 	int	server;

 	char	*name;

 	int	hostkey_type;