summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--dh.c83
-rw-r--r--dh.h4
-rw-r--r--kex.c7
-rw-r--r--kex.h12
-rw-r--r--kexdh.c9
-rw-r--r--kexdhc.c10
-rw-r--r--kexdhs.c10
-rw-r--r--monitor.c5
-rw-r--r--myproposal.h15
-rw-r--r--ssh-keyscan.c5
-rw-r--r--ssh_api.c8
-rw-r--r--sshconnect2.c5
-rw-r--r--sshd.c5
13 files changed, 146 insertions, 32 deletions
diff --git a/dh.c b/dh.c
index 20f819131..167d3714e 100644
--- a/dh.c
+++ b/dh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh.c,v 1.59 2016/03/31 05:24:06 dtucker Exp $ */ 1/* $OpenBSD: dh.c,v 1.60 2016/05/02 10:26:04 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Niels Provos. All rights reserved. 3 * Copyright (c) 2000 Niels Provos. All rights reserved.
4 * 4 *
@@ -314,6 +314,7 @@ dh_new_group(BIGNUM *gen, BIGNUM *modulus)
314 return (dh); 314 return (dh);
315} 315}
316 316
317/* rfc2409 "Second Oakley Group" (1024 bits) */
317DH * 318DH *
318dh_new_group1(void) 319dh_new_group1(void)
319{ 320{
@@ -328,6 +329,7 @@ dh_new_group1(void)
328 return (dh_new_group_asc(gen, group1)); 329 return (dh_new_group_asc(gen, group1));
329} 330}
330 331
332/* rfc3526 group 14 "2048-bit MODP Group" */
331DH * 333DH *
332dh_new_group14(void) 334dh_new_group14(void)
333{ 335{
@@ -347,12 +349,9 @@ dh_new_group14(void)
347 return (dh_new_group_asc(gen, group14)); 349 return (dh_new_group_asc(gen, group14));
348} 350}
349 351
350/* 352/* rfc3526 group 16 "4096-bit MODP Group" */
351 * 4k bit fallback group used by DH-GEX if moduli file cannot be read.
352 * Source: MODP group 16 from RFC3526.
353 */
354DH * 353DH *
355dh_new_group_fallback(int max) 354dh_new_group16(void)
356{ 355{
357 static char *gen = "2", *group16 = 356 static char *gen = "2", *group16 =
358 "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1" 357 "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
@@ -378,12 +377,75 @@ dh_new_group_fallback(int max)
378 "93B4EA98" "8D8FDDC1" "86FFB7DC" "90A6C08F" "4DF435C9" "34063199" 377 "93B4EA98" "8D8FDDC1" "86FFB7DC" "90A6C08F" "4DF435C9" "34063199"
379 "FFFFFFFF" "FFFFFFFF"; 378 "FFFFFFFF" "FFFFFFFF";
380 379
381 if (max < 4096) { 380 return (dh_new_group_asc(gen, group16));
382 debug3("requested max size %d, using 2k bit group 14", max); 381}
382
383/* rfc3526 group 18 "8192-bit MODP Group" */
384DH *
385dh_new_group18(void)
386{
387 static char *gen = "2", *group16 =
388 "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
389 "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
390 "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
391 "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
392 "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D"
393 "C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F"
394 "83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D"
395 "670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B"
396 "E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9"
397 "DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510"
398 "15728E5A" "8AAAC42D" "AD33170D" "04507A33" "A85521AB" "DF1CBA64"
399 "ECFB8504" "58DBEF0A" "8AEA7157" "5D060C7D" "B3970F85" "A6E1E4C7"
400 "ABF5AE8C" "DB0933D7" "1E8C94E0" "4A25619D" "CEE3D226" "1AD2EE6B"
401 "F12FFA06" "D98A0864" "D8760273" "3EC86A64" "521F2B18" "177B200C"
402 "BBE11757" "7A615D6C" "770988C0" "BAD946E2" "08E24FA0" "74E5AB31"
403 "43DB5BFC" "E0FD108E" "4B82D120" "A9210801" "1A723C12" "A787E6D7"
404 "88719A10" "BDBA5B26" "99C32718" "6AF4E23C" "1A946834" "B6150BDA"
405 "2583E9CA" "2AD44CE8" "DBBBC2DB" "04DE8EF9" "2E8EFC14" "1FBECAA6"
406 "287C5947" "4E6BC05D" "99B2964F" "A090C3A2" "233BA186" "515BE7ED"
407 "1F612970" "CEE2D7AF" "B81BDD76" "2170481C" "D0069127" "D5B05AA9"
408 "93B4EA98" "8D8FDDC1" "86FFB7DC" "90A6C08F" "4DF435C9" "34028492"
409 "36C3FAB4" "D27C7026" "C1D4DCB2" "602646DE" "C9751E76" "3DBA37BD"
410 "F8FF9406" "AD9E530E" "E5DB382F" "413001AE" "B06A53ED" "9027D831"
411 "179727B0" "865A8918" "DA3EDBEB" "CF9B14ED" "44CE6CBA" "CED4BB1B"
412 "DB7F1447" "E6CC254B" "33205151" "2BD7AF42" "6FB8F401" "378CD2BF"
413 "5983CA01" "C64B92EC" "F032EA15" "D1721D03" "F482D7CE" "6E74FEF6"
414 "D55E702F" "46980C82" "B5A84031" "900B1C9E" "59E7C97F" "BEC7E8F3"
415 "23A97A7E" "36CC88BE" "0F1D45B7" "FF585AC5" "4BD407B2" "2B4154AA"
416 "CC8F6D7E" "BF48E1D8" "14CC5ED2" "0F8037E0" "A79715EE" "F29BE328"
417 "06A1D58B" "B7C5DA76" "F550AA3D" "8A1FBFF0" "EB19CCB1" "A313D55C"
418 "DA56C9EC" "2EF29632" "387FE8D7" "6E3C0468" "043E8F66" "3F4860EE"
419 "12BF2D5B" "0B7474D6" "E694F91E" "6DBE1159" "74A3926F" "12FEE5E4"
420 "38777CB6" "A932DF8C" "D8BEC4D0" "73B931BA" "3BC832B6" "8D9DD300"
421 "741FA7BF" "8AFC47ED" "2576F693" "6BA42466" "3AAB639C" "5AE4F568"
422 "3423B474" "2BF1C978" "238F16CB" "E39D652D" "E3FDB8BE" "FC848AD9"
423 "22222E04" "A4037C07" "13EB57A8" "1A23F0C7" "3473FC64" "6CEA306B"
424 "4BCBC886" "2F8385DD" "FA9D4B7F" "A2C087E8" "79683303" "ED5BDD3A"
425 "062B3CF5" "B3A278A6" "6D2A13F8" "3F44F82D" "DF310EE0" "74AB6A36"
426 "4597E899" "A0255DC1" "64F31CC5" "0846851D" "F9AB4819" "5DED7EA1"
427 "B1D510BD" "7EE74D73" "FAF36BC3" "1ECFA268" "359046F4" "EB879F92"
428 "4009438B" "481C6CD7" "889A002E" "D5EE382B" "C9190DA6" "FC026E47"
429 "9558E447" "5677E9AA" "9E3050E2" "765694DF" "C81F56E8" "80B96E71"
430 "60C980DD" "98EDD3DF" "FFFFFFFF" "FFFFFFFF";
431
432 return (dh_new_group_asc(gen, group16));
433}
434
435/* Select fallback group used by DH-GEX if moduli file cannot be read. */
436DH *
437dh_new_group_fallback(int max)
438{
439 debug3("%s: requested max size %d", __func__, max);
440 if (max < 3072) {
441 debug3("using 2k bit group 14");
383 return dh_new_group14(); 442 return dh_new_group14();
443 } else if (max < 6144) {
444 debug3("using 4k bit group 16");
445 return dh_new_group16();
384 } 446 }
385 debug3("using 4k bit group 16"); 447 debug3("using 8k bit group 18");
386 return (dh_new_group_asc(gen, group16)); 448 return dh_new_group18();
387} 449}
388 450
389/* 451/*
@@ -393,7 +455,6 @@ dh_new_group_fallback(int max)
393 * Management Part 1 (rev 3) limited by the recommended maximum value 455 * Management Part 1 (rev 3) limited by the recommended maximum value
394 * from RFC4419 section 3. 456 * from RFC4419 section 3.
395 */ 457 */
396
397u_int 458u_int
398dh_estimate(int bits) 459dh_estimate(int bits)
399{ 460{
diff --git a/dh.h b/dh.h
index e191cfd8a..bcd485cf9 100644
--- a/dh.h
+++ b/dh.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh.h,v 1.14 2015/10/16 22:32:22 djm Exp $ */ 1/* $OpenBSD: dh.h,v 1.15 2016/05/02 10:26:04 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000 Niels Provos. All rights reserved. 4 * Copyright (c) 2000 Niels Provos. All rights reserved.
@@ -37,6 +37,8 @@ DH *dh_new_group_asc(const char *, const char *);
37DH *dh_new_group(BIGNUM *, BIGNUM *); 37DH *dh_new_group(BIGNUM *, BIGNUM *);
38DH *dh_new_group1(void); 38DH *dh_new_group1(void);
39DH *dh_new_group14(void); 39DH *dh_new_group14(void);
40DH *dh_new_group16(void);
41DH *dh_new_group18(void);
40DH *dh_new_group_fallback(int); 42DH *dh_new_group_fallback(int);
41 43
42int dh_gen_key(DH *, int); 44int dh_gen_key(DH *, int);
diff --git a/kex.c b/kex.c
index d371f47c4..430cd8868 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kex.c,v 1.117 2016/02/08 10:57:07 djm Exp $ */ 1/* $OpenBSD: kex.c,v 1.118 2016/05/02 10:26:04 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -88,7 +88,10 @@ struct kexalg {
88static const struct kexalg kexalgs[] = { 88static const struct kexalg kexalgs[] = {
89#ifdef WITH_OPENSSL 89#ifdef WITH_OPENSSL
90 { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, 90 { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 },
91 { KEX_DH14, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 }, 91 { KEX_DH14_SHA1, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 },
92 { KEX_DH14_SHA256, KEX_DH_GRP14_SHA256, 0, SSH_DIGEST_SHA256 },
93 { KEX_DH16_SHA512, KEX_DH_GRP16_SHA512, 0, SSH_DIGEST_SHA512 },
94 { KEX_DH18_SHA512, KEX_DH_GRP18_SHA512, 0, SSH_DIGEST_SHA512 },
92 { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 }, 95 { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 },
93#ifdef HAVE_EVP_SHA256 96#ifdef HAVE_EVP_SHA256
94 { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 }, 97 { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 },
diff --git a/kex.h b/kex.h
index 131b8d93d..c35195568 100644
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: kex.h,v 1.77 2016/05/02 08:49:03 djm Exp $ */ 1/* $OpenBSD: kex.h,v 1.78 2016/05/02 10:26:04 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -51,7 +51,10 @@
51#define KEX_COOKIE_LEN 16 51#define KEX_COOKIE_LEN 16
52 52
53#define KEX_DH1 "diffie-hellman-group1-sha1" 53#define KEX_DH1 "diffie-hellman-group1-sha1"
54#define KEX_DH14 "diffie-hellman-group14-sha1" 54#define KEX_DH14_SHA1 "diffie-hellman-group14-sha1"
55#define KEX_DH14_SHA256 "diffie-hellman-group14-sha256"
56#define KEX_DH16_SHA512 "diffie-hellman-group16-sha512"
57#define KEX_DH18_SHA512 "diffie-hellman-group18-sha512"
55#define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1" 58#define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1"
56#define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256" 59#define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256"
57#define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256" 60#define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256"
@@ -88,6 +91,9 @@ enum kex_modes {
88enum kex_exchange { 91enum kex_exchange {
89 KEX_DH_GRP1_SHA1, 92 KEX_DH_GRP1_SHA1,
90 KEX_DH_GRP14_SHA1, 93 KEX_DH_GRP14_SHA1,
94 KEX_DH_GRP14_SHA256,
95 KEX_DH_GRP16_SHA512,
96 KEX_DH_GRP18_SHA512,
91 KEX_DH_GEX_SHA1, 97 KEX_DH_GEX_SHA1,
92 KEX_DH_GEX_SHA256, 98 KEX_DH_GEX_SHA256,
93 KEX_ECDH_SHA2, 99 KEX_ECDH_SHA2,
@@ -190,7 +196,7 @@ int kexecdh_server(struct ssh *);
190int kexc25519_client(struct ssh *); 196int kexc25519_client(struct ssh *);
191int kexc25519_server(struct ssh *); 197int kexc25519_server(struct ssh *);
192 198
193int kex_dh_hash(const char *, const char *, 199int kex_dh_hash(int, const char *, const char *,
194 const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, 200 const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
195 const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *); 201 const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *);
196 202
diff --git a/kexdh.c b/kexdh.c
index feea6697d..0bf0dc138 100644
--- a/kexdh.c
+++ b/kexdh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexdh.c,v 1.25 2015/01/19 20:16:15 markus Exp $ */ 1/* $OpenBSD: kexdh.c,v 1.26 2016/05/02 10:26:04 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -43,6 +43,7 @@
43 43
44int 44int
45kex_dh_hash( 45kex_dh_hash(
46 int hash_alg,
46 const char *client_version_string, 47 const char *client_version_string,
47 const char *server_version_string, 48 const char *server_version_string,
48 const u_char *ckexinit, size_t ckexinitlen, 49 const u_char *ckexinit, size_t ckexinitlen,
@@ -56,7 +57,7 @@ kex_dh_hash(
56 struct sshbuf *b; 57 struct sshbuf *b;
57 int r; 58 int r;
58 59
59 if (*hashlen < ssh_digest_bytes(SSH_DIGEST_SHA1)) 60 if (*hashlen < ssh_digest_bytes(hash_alg))
60 return SSH_ERR_INVALID_ARGUMENT; 61 return SSH_ERR_INVALID_ARGUMENT;
61 if ((b = sshbuf_new()) == NULL) 62 if ((b = sshbuf_new()) == NULL)
62 return SSH_ERR_ALLOC_FAIL; 63 return SSH_ERR_ALLOC_FAIL;
@@ -79,12 +80,12 @@ kex_dh_hash(
79#ifdef DEBUG_KEX 80#ifdef DEBUG_KEX
80 sshbuf_dump(b, stderr); 81 sshbuf_dump(b, stderr);
81#endif 82#endif
82 if (ssh_digest_buffer(SSH_DIGEST_SHA1, b, hash, *hashlen) != 0) { 83 if (ssh_digest_buffer(hash_alg, b, hash, *hashlen) != 0) {
83 sshbuf_free(b); 84 sshbuf_free(b);
84 return SSH_ERR_LIBCRYPTO_ERROR; 85 return SSH_ERR_LIBCRYPTO_ERROR;
85 } 86 }
86 sshbuf_free(b); 87 sshbuf_free(b);
87 *hashlen = ssh_digest_bytes(SSH_DIGEST_SHA1); 88 *hashlen = ssh_digest_bytes(hash_alg);
88#ifdef DEBUG_KEX 89#ifdef DEBUG_KEX
89 dump_digest("hash", hash, *hashlen); 90 dump_digest("hash", hash, *hashlen);
90#endif 91#endif
diff --git a/kexdhc.c b/kexdhc.c
index af259f16a..ad3975f09 100644
--- a/kexdhc.c
+++ b/kexdhc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexdhc.c,v 1.18 2015/01/26 06:10:03 djm Exp $ */ 1/* $OpenBSD: kexdhc.c,v 1.19 2016/05/02 10:26:04 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -63,8 +63,15 @@ kexdh_client(struct ssh *ssh)
63 kex->dh = dh_new_group1(); 63 kex->dh = dh_new_group1();
64 break; 64 break;
65 case KEX_DH_GRP14_SHA1: 65 case KEX_DH_GRP14_SHA1:
66 case KEX_DH_GRP14_SHA256:
66 kex->dh = dh_new_group14(); 67 kex->dh = dh_new_group14();
67 break; 68 break;
69 case KEX_DH_GRP16_SHA512:
70 kex->dh = dh_new_group16();
71 break;
72 case KEX_DH_GRP18_SHA512:
73 kex->dh = dh_new_group18();
74 break;
68 default: 75 default:
69 r = SSH_ERR_INVALID_ARGUMENT; 76 r = SSH_ERR_INVALID_ARGUMENT;
70 goto out; 77 goto out;
@@ -164,6 +171,7 @@ input_kex_dh(int type, u_int32_t seq, void *ctxt)
164 /* calc and verify H */ 171 /* calc and verify H */
165 hashlen = sizeof(hash); 172 hashlen = sizeof(hash);
166 if ((r = kex_dh_hash( 173 if ((r = kex_dh_hash(
174 kex->hash_alg,
167 kex->client_version_string, 175 kex->client_version_string,
168 kex->server_version_string, 176 kex->server_version_string,
169 sshbuf_ptr(kex->my), sshbuf_len(kex->my), 177 sshbuf_ptr(kex->my), sshbuf_len(kex->my),
diff --git a/kexdhs.c b/kexdhs.c
index bf933e4c9..108f66427 100644
--- a/kexdhs.c
+++ b/kexdhs.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexdhs.c,v 1.23 2015/12/04 16:41:28 markus Exp $ */ 1/* $OpenBSD: kexdhs.c,v 1.24 2016/05/02 10:26:04 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -63,8 +63,15 @@ kexdh_server(struct ssh *ssh)
63 kex->dh = dh_new_group1(); 63 kex->dh = dh_new_group1();
64 break; 64 break;
65 case KEX_DH_GRP14_SHA1: 65 case KEX_DH_GRP14_SHA1:
66 case KEX_DH_GRP14_SHA256:
66 kex->dh = dh_new_group14(); 67 kex->dh = dh_new_group14();
67 break; 68 break;
69 case KEX_DH_GRP16_SHA512:
70 kex->dh = dh_new_group16();
71 break;
72 case KEX_DH_GRP18_SHA512:
73 kex->dh = dh_new_group18();
74 break;
68 default: 75 default:
69 r = SSH_ERR_INVALID_ARGUMENT; 76 r = SSH_ERR_INVALID_ARGUMENT;
70 goto out; 77 goto out;
@@ -158,6 +165,7 @@ input_kex_dh_init(int type, u_int32_t seq, void *ctxt)
158 /* calc H */ 165 /* calc H */
159 hashlen = sizeof(hash); 166 hashlen = sizeof(hash);
160 if ((r = kex_dh_hash( 167 if ((r = kex_dh_hash(
168 kex->hash_alg,
161 kex->client_version_string, 169 kex->client_version_string,
162 kex->server_version_string, 170 kex->server_version_string,
163 sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), 171 sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
diff --git a/monitor.c b/monitor.c
index dce920c23..8b3c27a76 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor.c,v 1.159 2016/05/02 08:49:03 djm Exp $ */ 1/* $OpenBSD: monitor.c,v 1.160 2016/05/02 10:26:04 djm Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -1860,6 +1860,9 @@ monitor_apply_keystate(struct monitor *pmonitor)
1860#ifdef WITH_OPENSSL 1860#ifdef WITH_OPENSSL
1861 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; 1861 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
1862 kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; 1862 kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
1863 kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server;
1864 kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server;
1865 kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server;
1863 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; 1866 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
1864 kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; 1867 kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
1865# ifdef OPENSSL_HAS_ECC 1868# ifdef OPENSSL_HAS_ECC
diff --git a/myproposal.h b/myproposal.h
index bdd05966f..597090164 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -67,13 +67,18 @@
67#endif 67#endif
68 68
69#ifdef HAVE_EVP_SHA256 69#ifdef HAVE_EVP_SHA256
70# define KEX_SHA256_METHODS \ 70# define KEX_SHA2_METHODS \
71 "diffie-hellman-group-exchange-sha256," 71 "diffie-hellman-group-exchange-sha256," \
72 "diffie-hellman-group16-sha512," \
73 "diffie-hellman-group18-sha512,"
74# define KEX_SHA2_GROUP14 \
75 "diffie-hellman-group14-sha256,"
72#define SHA2_HMAC_MODES \ 76#define SHA2_HMAC_MODES \
73 "hmac-sha2-256," \ 77 "hmac-sha2-256," \
74 "hmac-sha2-512," 78 "hmac-sha2-512,"
75#else 79#else
76# define KEX_SHA256_METHODS 80# define KEX_SHA2_METHODS
81# define KEX_SHA2_GROUP14
77# define SHA2_HMAC_MODES 82# define SHA2_HMAC_MODES
78#endif 83#endif
79 84
@@ -86,13 +91,15 @@
86#define KEX_COMMON_KEX \ 91#define KEX_COMMON_KEX \
87 KEX_CURVE25519_METHODS \ 92 KEX_CURVE25519_METHODS \
88 KEX_ECDH_METHODS \ 93 KEX_ECDH_METHODS \
89 KEX_SHA256_METHODS 94 KEX_SHA2_METHODS
90 95
91#define KEX_SERVER_KEX KEX_COMMON_KEX \ 96#define KEX_SERVER_KEX KEX_COMMON_KEX \
97 KEX_SHA2_GROUP14 \
92 "diffie-hellman-group14-sha1" \ 98 "diffie-hellman-group14-sha1" \
93 99
94#define KEX_CLIENT_KEX KEX_COMMON_KEX \ 100#define KEX_CLIENT_KEX KEX_COMMON_KEX \
95 "diffie-hellman-group-exchange-sha1," \ 101 "diffie-hellman-group-exchange-sha1," \
102 KEX_SHA2_GROUP14 \
96 "diffie-hellman-group14-sha1" 103 "diffie-hellman-group14-sha1"
97 104
98#define KEX_DEFAULT_PK_ALG \ 105#define KEX_DEFAULT_PK_ALG \
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 7fe61e4e1..c30d54e62 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keyscan.c,v 1.105 2016/02/15 09:47:49 dtucker Exp $ */ 1/* $OpenBSD: ssh-keyscan.c,v 1.106 2016/05/02 10:26:04 djm Exp $ */
2/* 2/*
3 * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. 3 * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
4 * 4 *
@@ -302,6 +302,9 @@ keygrab_ssh2(con *c)
302#ifdef WITH_OPENSSL 302#ifdef WITH_OPENSSL
303 c->c_ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; 303 c->c_ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
304 c->c_ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; 304 c->c_ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
305 c->c_ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client;
306 c->c_ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client;
307 c->c_ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client;
305 c->c_ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; 308 c->c_ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
306 c->c_ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; 309 c->c_ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
307# ifdef OPENSSL_HAS_ECC 310# ifdef OPENSSL_HAS_ECC
diff --git a/ssh_api.c b/ssh_api.c
index f544f006b..acd0b83c1 100644
--- a/ssh_api.c
+++ b/ssh_api.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh_api.c,v 1.5 2015/12/04 16:41:28 markus Exp $ */ 1/* $OpenBSD: ssh_api.c,v 1.6 2016/05/02 10:26:04 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2012 Markus Friedl. All rights reserved. 3 * Copyright (c) 2012 Markus Friedl. All rights reserved.
4 * 4 *
@@ -103,6 +103,9 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params)
103#ifdef WITH_OPENSSL 103#ifdef WITH_OPENSSL
104 ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; 104 ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
105 ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; 105 ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
106 ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server;
107 ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server;
108 ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server;
106 ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; 109 ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
107 ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; 110 ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
108# ifdef OPENSSL_HAS_ECC 111# ifdef OPENSSL_HAS_ECC
@@ -117,6 +120,9 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params)
117#ifdef WITH_OPENSSL 120#ifdef WITH_OPENSSL
118 ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; 121 ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
119 ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; 122 ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
123 ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client;
124 ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client;
125 ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client;
120 ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; 126 ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
121 ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; 127 ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
122# ifdef OPENSSL_HAS_ECC 128# ifdef OPENSSL_HAS_ECC
diff --git a/sshconnect2.c b/sshconnect2.c
index 1dddf75aa..945471f15 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect2.c,v 1.242 2016/05/02 08:49:03 djm Exp $ */ 1/* $OpenBSD: sshconnect2.c,v 1.243 2016/05/02 10:26:04 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2008 Damien Miller. All rights reserved. 4 * Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -206,6 +206,9 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
206#ifdef WITH_OPENSSL 206#ifdef WITH_OPENSSL
207 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; 207 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
208 kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; 208 kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
209 kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client;
210 kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client;
211 kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client;
209 kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; 212 kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
210 kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; 213 kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
211# ifdef OPENSSL_HAS_ECC 214# ifdef OPENSSL_HAS_ECC
diff --git a/sshd.c b/sshd.c
index 8b8af2494..47e046e24 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshd.c,v 1.467 2016/05/02 08:49:03 djm Exp $ */ 1/* $OpenBSD: sshd.c,v 1.468 2016/05/02 10:26:04 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2637,6 +2637,9 @@ do_ssh2_kex(void)
2637#ifdef WITH_OPENSSL 2637#ifdef WITH_OPENSSL
2638 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; 2638 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
2639 kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; 2639 kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
2640 kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server;
2641 kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server;
2642 kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server;
2640 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; 2643 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
2641 kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; 2644 kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
2642# ifdef OPENSSL_HAS_ECC 2645# ifdef OPENSSL_HAS_ECC