diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2016-05-02 10:26:04 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2016-05-02 20:39:32 +1000 |
| commit | 0e8eeec8e75f6d0eaf33317376f773160018a9c7 (patch) | |
| tree | 1fe3e4d977c9df10597c2a5dec1b6b0a8ab8afbe /ssh_api.c | |
| parent | 57464e3934ba53ad8590ee3ccd840f693407fc1e (diff) | |
upstream commit
add support for additional fixed DH groups from
draft-ietf-curdle-ssh-kex-sha2-03
diffie-hellman-group14-sha256 (2K group)
diffie-hellman-group16-sha512 (4K group)
diffie-hellman-group18-sha512 (8K group)
based on patch from Mark D. Baushke and Darren Tucker
ok markus@
Upstream-ID: ac00406ada4f0dfec41585ca0839f039545bc46f
Diffstat (limited to 'ssh_api.c')
| -rw-r--r-- | ssh_api.c | 8 |
1 files changed, 7 insertions, 1 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh_api.c,v 1.5 2015/12/04 16:41:28 markus Exp $ */ | 1 | /* $OpenBSD: ssh_api.c,v 1.6 2016/05/02 10:26:04 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2012 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2012 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -103,6 +103,9 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) | |||
| 103 | #ifdef WITH_OPENSSL | 103 | #ifdef WITH_OPENSSL |
| 104 | ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; | 104 | ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; |
| 105 | ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; | 105 | ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; |
| 106 | ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server; | ||
| 107 | ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server; | ||
| 108 | ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server; | ||
| 106 | ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; | 109 | ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; |
| 107 | ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; | 110 | ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; |
| 108 | # ifdef OPENSSL_HAS_ECC | 111 | # ifdef OPENSSL_HAS_ECC |
| @@ -117,6 +120,9 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) | |||
| 117 | #ifdef WITH_OPENSSL | 120 | #ifdef WITH_OPENSSL |
| 118 | ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; | 121 | ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; |
| 119 | ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; | 122 | ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; |
| 123 | ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client; | ||
| 124 | ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client; | ||
| 125 | ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client; | ||
| 120 | ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; | 126 | ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; |
| 121 | ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; | 127 | ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; |
| 122 | # ifdef OPENSSL_HAS_ECC | 128 | # ifdef OPENSSL_HAS_ECC |