diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2016-05-02 10:26:04 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2016-05-02 20:39:32 +1000 |
| commit | 0e8eeec8e75f6d0eaf33317376f773160018a9c7 (patch) | |
| tree | 1fe3e4d977c9df10597c2a5dec1b6b0a8ab8afbe /kexdh.c | |
| parent | 57464e3934ba53ad8590ee3ccd840f693407fc1e (diff) | |
upstream commit
add support for additional fixed DH groups from
draft-ietf-curdle-ssh-kex-sha2-03
diffie-hellman-group14-sha256 (2K group)
diffie-hellman-group16-sha512 (4K group)
diffie-hellman-group18-sha512 (8K group)
based on patch from Mark D. Baushke and Darren Tucker
ok markus@
Upstream-ID: ac00406ada4f0dfec41585ca0839f039545bc46f
Diffstat (limited to 'kexdh.c')
| -rw-r--r-- | kexdh.c | 9 |
1 files changed, 5 insertions, 4 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kexdh.c,v 1.25 2015/01/19 20:16:15 markus Exp $ */ | 1 | /* $OpenBSD: kexdh.c,v 1.26 2016/05/02 10:26:04 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -43,6 +43,7 @@ | |||
| 43 | 43 | ||
| 44 | int | 44 | int |
| 45 | kex_dh_hash( | 45 | kex_dh_hash( |
| 46 | int hash_alg, | ||
| 46 | const char *client_version_string, | 47 | const char *client_version_string, |
| 47 | const char *server_version_string, | 48 | const char *server_version_string, |
| 48 | const u_char *ckexinit, size_t ckexinitlen, | 49 | const u_char *ckexinit, size_t ckexinitlen, |
| @@ -56,7 +57,7 @@ kex_dh_hash( | |||
| 56 | struct sshbuf *b; | 57 | struct sshbuf *b; |
| 57 | int r; | 58 | int r; |
| 58 | 59 | ||
| 59 | if (*hashlen < ssh_digest_bytes(SSH_DIGEST_SHA1)) | 60 | if (*hashlen < ssh_digest_bytes(hash_alg)) |
| 60 | return SSH_ERR_INVALID_ARGUMENT; | 61 | return SSH_ERR_INVALID_ARGUMENT; |
| 61 | if ((b = sshbuf_new()) == NULL) | 62 | if ((b = sshbuf_new()) == NULL) |
| 62 | return SSH_ERR_ALLOC_FAIL; | 63 | return SSH_ERR_ALLOC_FAIL; |
| @@ -79,12 +80,12 @@ kex_dh_hash( | |||
| 79 | #ifdef DEBUG_KEX | 80 | #ifdef DEBUG_KEX |
| 80 | sshbuf_dump(b, stderr); | 81 | sshbuf_dump(b, stderr); |
| 81 | #endif | 82 | #endif |
| 82 | if (ssh_digest_buffer(SSH_DIGEST_SHA1, b, hash, *hashlen) != 0) { | 83 | if (ssh_digest_buffer(hash_alg, b, hash, *hashlen) != 0) { |
| 83 | sshbuf_free(b); | 84 | sshbuf_free(b); |
| 84 | return SSH_ERR_LIBCRYPTO_ERROR; | 85 | return SSH_ERR_LIBCRYPTO_ERROR; |
| 85 | } | 86 | } |
| 86 | sshbuf_free(b); | 87 | sshbuf_free(b); |
| 87 | *hashlen = ssh_digest_bytes(SSH_DIGEST_SHA1); | 88 | *hashlen = ssh_digest_bytes(hash_alg); |
| 88 | #ifdef DEBUG_KEX | 89 | #ifdef DEBUG_KEX |
| 89 | dump_digest("hash", hash, *hashlen); | 90 | dump_digest("hash", hash, *hashlen); |
| 90 | #endif | 91 | #endif |