summaryrefslogtreecommitdiff
path: root/ssh_api.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2016-05-02 10:26:04 +0000
committerDamien Miller <djm@mindrot.org>2016-05-02 20:39:32 +1000
commit0e8eeec8e75f6d0eaf33317376f773160018a9c7 (patch)
tree1fe3e4d977c9df10597c2a5dec1b6b0a8ab8afbe /ssh_api.c
parent57464e3934ba53ad8590ee3ccd840f693407fc1e (diff)
upstream commit
add support for additional fixed DH groups from draft-ietf-curdle-ssh-kex-sha2-03 diffie-hellman-group14-sha256 (2K group) diffie-hellman-group16-sha512 (4K group) diffie-hellman-group18-sha512 (8K group) based on patch from Mark D. Baushke and Darren Tucker ok markus@ Upstream-ID: ac00406ada4f0dfec41585ca0839f039545bc46f
Diffstat (limited to 'ssh_api.c')
-rw-r--r--ssh_api.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/ssh_api.c b/ssh_api.c
index f544f006b..acd0b83c1 100644
--- a/ssh_api.c
+++ b/ssh_api.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh_api.c,v 1.5 2015/12/04 16:41:28 markus Exp $ */ 1/* $OpenBSD: ssh_api.c,v 1.6 2016/05/02 10:26:04 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2012 Markus Friedl. All rights reserved. 3 * Copyright (c) 2012 Markus Friedl. All rights reserved.
4 * 4 *
@@ -103,6 +103,9 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params)
103#ifdef WITH_OPENSSL 103#ifdef WITH_OPENSSL
104 ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; 104 ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
105 ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; 105 ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
106 ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server;
107 ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server;
108 ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server;
106 ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; 109 ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
107 ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; 110 ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
108# ifdef OPENSSL_HAS_ECC 111# ifdef OPENSSL_HAS_ECC
@@ -117,6 +120,9 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params)
117#ifdef WITH_OPENSSL 120#ifdef WITH_OPENSSL
118 ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; 121 ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
119 ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; 122 ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
123 ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client;
124 ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client;
125 ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client;
120 ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; 126 ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
121 ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; 127 ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
122# ifdef OPENSSL_HAS_ECC 128# ifdef OPENSSL_HAS_ECC