protocol/kex: fix preferred prime size calculation

mscdex · Jul 8, 2021 · 6d8692d · 6d8692d
1 parent 27795a3
commit 6d8692d
Showing 1 changed file with 10 additions and 8 deletions.
diff --git a/lib/protocol/kex.js b/lib/protocol/kex.js
@@ -1776,16 +1776,18 @@ function onKEXPayload(state, payload) {
 }
 
 function dhEstimate(neg) {
+  const csCipher = CIPHER_INFO[neg.cs.cipher];
+  const scCipher = CIPHER_INFO[neg.sc.cipher];
+  // XXX: if OpenSSH's `umac-*` MACs are ever supported, their key lengths will
+  // also need to be considered when calculating `bits`
   const bits = Math.max(
     0,
-    (neg.cs.cipher.sslName === 'des-ede3-cbc' ? 14 : neg.cs.cipher.keyLen),
-    neg.cs.cipher.blockLen,
-    neg.cs.cipher.ivLen,
-    neg.cs.mac.actualLen,
-    (neg.sc.cipher.sslName === 'des-ede3-cbc' ? 14 : neg.sc.cipher.keyLen),
-    neg.sc.cipher.blockLen,
-    neg.sc.cipher.ivLen,
-    neg.sc.mac.actualLen
+    (csCipher.sslName === 'des-ede3-cbc' ? 14 : csCipher.keyLen),
+    csCipher.blockLen,
+    csCipher.ivLen,
+    (scCipher.sslName === 'des-ede3-cbc' ? 14 : scCipher.keyLen),
+    scCipher.blockLen,
+    scCipher.ivLen
   ) * 8;
   if (bits <= 112)
     return 2048;