Attachment #2808 for bug #2515




	return (dh);
}

/* rfc3526 group 5 "1536-bit MODP Group" */
DH *
dh_new_group1(void)
{

	return (dh_new_group_asc(gen, group1));
}

/* rfc3526 group 14 "2048-bit MODP Group" */
DH *
dh_new_group14(void)
{

	return (dh_new_group_asc(gen, group14));
}

/* rfc3526 group 16 "4096-bit MODP Group" */
 * 4k bit fallback group used by DH-GEX if moduli file cannot be read.
 * Source: MODP group 16 from RFC3526.
 */
DH *
dh_new_group16(void)
{
	static char *gen = "2", *group16 =
	    "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"

	    "93B4EA98" "8D8FDDC1" "86FFB7DC" "90A6C08F" "4DF435C9" "34063199"
	    "FFFFFFFF" "FFFFFFFF";

	return (dh_new_group_asc(gen, group16));
}

/* rfc3526 group 18 "8192-bit MODP Group" */
DH *
dh_new_group18(void)
{
	static char *gen = "2", *group16 =
	    "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
	    "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
	    "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
	    "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
	    "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D"
	    "C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F"
	    "83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D"
	    "670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B"
	    "E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9"
	    "DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510"
	    "15728E5A" "8AAAC42D" "AD33170D" "04507A33" "A85521AB" "DF1CBA64"
	    "ECFB8504" "58DBEF0A" "8AEA7157" "5D060C7D" "B3970F85" "A6E1E4C7"
	    "ABF5AE8C" "DB0933D7" "1E8C94E0" "4A25619D" "CEE3D226" "1AD2EE6B"
	    "F12FFA06" "D98A0864" "D8760273" "3EC86A64" "521F2B18" "177B200C"
	    "BBE11757" "7A615D6C" "770988C0" "BAD946E2" "08E24FA0" "74E5AB31"
	    "43DB5BFC" "E0FD108E" "4B82D120" "A9210801" "1A723C12" "A787E6D7"
	    "88719A10" "BDBA5B26" "99C32718" "6AF4E23C" "1A946834" "B6150BDA"
	    "2583E9CA" "2AD44CE8" "DBBBC2DB" "04DE8EF9" "2E8EFC14" "1FBECAA6"
	    "287C5947" "4E6BC05D" "99B2964F" "A090C3A2" "233BA186" "515BE7ED"
	    "1F612970" "CEE2D7AF" "B81BDD76" "2170481C" "D0069127" "D5B05AA9"
	    "93B4EA98" "8D8FDDC1" "86FFB7DC" "90A6C08F" "4DF435C9" "34028492"
	    "36C3FAB4" "D27C7026" "C1D4DCB2" "602646DE" "C9751E76" "3DBA37BD"
	    "F8FF9406" "AD9E530E" "E5DB382F" "413001AE" "B06A53ED" "9027D831"
	    "179727B0" "865A8918" "DA3EDBEB" "CF9B14ED" "44CE6CBA" "CED4BB1B"
	    "DB7F1447" "E6CC254B" "33205151" "2BD7AF42" "6FB8F401" "378CD2BF"
	    "5983CA01" "C64B92EC" "F032EA15" "D1721D03" "F482D7CE" "6E74FEF6"
	    "D55E702F" "46980C82" "B5A84031" "900B1C9E" "59E7C97F" "BEC7E8F3"
	    "23A97A7E" "36CC88BE" "0F1D45B7" "FF585AC5" "4BD407B2" "2B4154AA"
	    "CC8F6D7E" "BF48E1D8" "14CC5ED2" "0F8037E0" "A79715EE" "F29BE328"
	    "06A1D58B" "B7C5DA76" "F550AA3D" "8A1FBFF0" "EB19CCB1" "A313D55C"
	    "DA56C9EC" "2EF29632" "387FE8D7" "6E3C0468" "043E8F66" "3F4860EE"
	    "12BF2D5B" "0B7474D6" "E694F91E" "6DBE1159" "74A3926F" "12FEE5E4"
	    "38777CB6" "A932DF8C" "D8BEC4D0" "73B931BA" "3BC832B6" "8D9DD300"
	    "741FA7BF" "8AFC47ED" "2576F693" "6BA42466" "3AAB639C" "5AE4F568"
	    "3423B474" "2BF1C978" "238F16CB" "E39D652D" "E3FDB8BE" "FC848AD9"
	    "22222E04" "A4037C07" "13EB57A8" "1A23F0C7" "3473FC64" "6CEA306B"
	    "4BCBC886" "2F8385DD" "FA9D4B7F" "A2C087E8" "79683303" "ED5BDD3A"
	    "062B3CF5" "B3A278A6" "6D2A13F8" "3F44F82D" "DF310EE0" "74AB6A36"
	    "4597E899" "A0255DC1" "64F31CC5" "0846851D" "F9AB4819" "5DED7EA1"
	    "B1D510BD" "7EE74D73" "FAF36BC3" "1ECFA268" "359046F4" "EB879F92"
	    "4009438B" "481C6CD7" "889A002E" "D5EE382B" "C9190DA6" "FC026E47"
	    "9558E447" "5677E9AA" "9E3050E2" "765694DF" "C81F56E8" "80B96E71"
	    "60C980DD" "98EDD3DF" "FFFFFFFF" "FFFFFFFF";

	return (dh_new_group_asc(gen, group16));
}

/* Select fallback group used by DH-GEX if moduli file cannot be read. */
DH *
dh_new_group_fallback(int max)
{
	debug3("%s: requested max size %d", __func__, max);
	if (max < 3072) {
		debug3("using 2k bit group 14");
		return dh_new_group14();
	} else if (max < 6144) {
		debug3("using 4k bit group 16");
		return dh_new_group16();
	}
	debug3("using 8k bit group 18");
	return dh_new_group18();
}

/*

 * Management Part 1 (rev 3) limited by the recommended maximum value
 * from RFC4419 section 3.
 */

u_int
dh_estimate(int bits)
{

Lines 37-42 DH dh_new_group_asc(const char , const char *); Link Here

(-)a/dh.h (+2 lines)
37	DH dh_new_group(BIGNUM , BIGNUM *);	37	DH dh_new_group(BIGNUM , BIGNUM *);
38	DH *dh_new_group1(void);	38	DH *dh_new_group1(void);
39	DH *dh_new_group14(void);	39	DH *dh_new_group14(void);
		40	DH *dh_new_group16(void);
		41	DH *dh_new_group18(void);
40	DH *dh_new_group_fallback(int);	42	DH *dh_new_group_fallback(int);
41		43
42	int dh_gen_key(DH *, int);	44	int dh_gen_key(DH *, int);

Lines 88-94 struct kexalg { Link Here

(-)a/kex.c (-1 / +4 lines)
88	static const struct kexalg kexalgs[] = {	88	static const struct kexalg kexalgs[] = {
89	#ifdef WITH_OPENSSL	89	#ifdef WITH_OPENSSL
90	{ KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 },	90	{ KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 },
91	{ KEX_DH14, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 },	91	{ KEX_DH14_SHA1, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 },
		92	{ KEX_DH14_SHA256, KEX_DH_GRP14_SHA256, 0, SSH_DIGEST_SHA256 },
		93	{ KEX_DH16_SHA512, KEX_DH_GRP16_SHA512, 0, SSH_DIGEST_SHA512 },
		94	{ KEX_DH18_SHA512, KEX_DH_GRP18_SHA512, 0, SSH_DIGEST_SHA512 },
92	{ KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 },	95	{ KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 },
93	#ifdef HAVE_EVP_SHA256	96	#ifdef HAVE_EVP_SHA256
94	{ KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 },	97	{ KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 },

Lines 51-57 Link Here

(-)a/kex.h (-2 / +8 lines)
51	#define KEX_COOKIE_LEN 16	51	#define KEX_COOKIE_LEN 16
52		52
53	#define KEX_DH1 "diffie-hellman-group1-sha1"	53	#define KEX_DH1 "diffie-hellman-group1-sha1"
54	#define KEX_DH14 "diffie-hellman-group14-sha1"	54	#define KEX_DH14_SHA1 "diffie-hellman-group14-sha1"
		55	#define KEX_DH14_SHA256 "diffie-hellman-group14-sha256"
		56	#define KEX_DH16_SHA512 "diffie-hellman-group16-sha512"
		57	#define KEX_DH18_SHA512 "diffie-hellman-group18-sha512"
55	#define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1"	58	#define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1"
56	#define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256"	59	#define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256"
57	#define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256"	60	#define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256"
Lines 88-93 enum kex_modes { Link Here
88	enum kex_exchange {	91	enum kex_exchange {
89	KEX_DH_GRP1_SHA1,	92	KEX_DH_GRP1_SHA1,
90	KEX_DH_GRP14_SHA1,	93	KEX_DH_GRP14_SHA1,
		94	KEX_DH_GRP14_SHA256,
		95	KEX_DH_GRP16_SHA512,
		96	KEX_DH_GRP18_SHA512,
91	KEX_DH_GEX_SHA1,	97	KEX_DH_GEX_SHA1,
92	KEX_DH_GEX_SHA256,	98	KEX_DH_GEX_SHA256,
93	KEX_ECDH_SHA2,	99	KEX_ECDH_SHA2,
Lines 190-196 int kexecdh_server(struct ssh *); Link Here
190	int kexc25519_client(struct ssh *);	196	int kexc25519_client(struct ssh *);
191	int kexc25519_server(struct ssh *);	197	int kexc25519_server(struct ssh *);
192		198
193	int kex_dh_hash(const char , const char ,	199	int kex_dh_hash(int, const char , const char ,
194	const u_char , size_t, const u_char , size_t, const u_char *, size_t,	200	const u_char , size_t, const u_char , size_t, const u_char *, size_t,
195	const BIGNUM , const BIGNUM , const BIGNUM , u_char , size_t *);	201	const BIGNUM , const BIGNUM , const BIGNUM , u_char , size_t *);
196		202





int
kex_dh_hash(
    int hash_alg,
    const char *client_version_string,
    const char *server_version_string,
    const u_char *ckexinit, size_t ckexinitlen,

	struct sshbuf *b;
	int r;

	if (*hashlen < ssh_digest_bytes(hash_alg))
		return SSH_ERR_INVALID_ARGUMENT;
	if ((b = sshbuf_new()) == NULL)
		return SSH_ERR_ALLOC_FAIL;

#ifdef DEBUG_KEX
	sshbuf_dump(b, stderr);
#endif
	if (ssh_digest_buffer(hash_alg, b, hash, *hashlen) != 0) {
		sshbuf_free(b);
		return SSH_ERR_LIBCRYPTO_ERROR;
	}
	sshbuf_free(b);
	*hashlen = ssh_digest_bytes(hash_alg);
#ifdef DEBUG_KEX
	dump_digest("hash", hash, *hashlen);
#endif

Lines 63-70 kexdh_client(struct ssh *ssh) Link Here

(-)a/kexdhc.c (+8 lines)
63	kex->dh = dh_new_group1();	63	kex->dh = dh_new_group1();
64	break;	64	break;
65	case KEX_DH_GRP14_SHA1:	65	case KEX_DH_GRP14_SHA1:
		66	case KEX_DH_GRP14_SHA256:
66	kex->dh = dh_new_group14();	67	kex->dh = dh_new_group14();
67	break;	68	break;
		69	case KEX_DH_GRP16_SHA512:
		70	kex->dh = dh_new_group16();
		71	break;
		72	case KEX_DH_GRP18_SHA512:
		73	kex->dh = dh_new_group18();
		74	break;
68	default:	75	default:
69	r = SSH_ERR_INVALID_ARGUMENT;	76	r = SSH_ERR_INVALID_ARGUMENT;
70	goto out;	77	goto out;
Lines 164-169 input_kex_dh(int type, u_int32_t seq, void *ctxt) Link Here
164	/* calc and verify H */	171	/* calc and verify H */
165	hashlen = sizeof(hash);	172	hashlen = sizeof(hash);
166	if ((r = kex_dh_hash(	173	if ((r = kex_dh_hash(
		174	kex->hash_alg,
167	kex->client_version_string,	175	kex->client_version_string,
168	kex->server_version_string,	176	kex->server_version_string,
169	sshbuf_ptr(kex->my), sshbuf_len(kex->my),	177	sshbuf_ptr(kex->my), sshbuf_len(kex->my),

Lines 63-70 kexdh_server(struct ssh *ssh) Link Here

(-)a/kexdhs.c (+8 lines)
63	kex->dh = dh_new_group1();	63	kex->dh = dh_new_group1();
64	break;	64	break;
65	case KEX_DH_GRP14_SHA1:	65	case KEX_DH_GRP14_SHA1:
		66	case KEX_DH_GRP14_SHA256:
66	kex->dh = dh_new_group14();	67	kex->dh = dh_new_group14();
67	break;	68	break;
		69	case KEX_DH_GRP16_SHA512:
		70	kex->dh = dh_new_group16();
		71	break;
		72	case KEX_DH_GRP18_SHA512:
		73	kex->dh = dh_new_group18();
		74	break;
68	default:	75	default:
69	r = SSH_ERR_INVALID_ARGUMENT;	76	r = SSH_ERR_INVALID_ARGUMENT;
70	goto out;	77	goto out;
Lines 158-163 input_kex_dh_init(int type, u_int32_t seq, void *ctxt) Link Here
158	/* calc H */	165	/* calc H */
159	hashlen = sizeof(hash);	166	hashlen = sizeof(hash);
160	if ((r = kex_dh_hash(	167	if ((r = kex_dh_hash(
		168	kex->hash_alg,
161	kex->client_version_string,	169	kex->client_version_string,
162	kex->server_version_string,	170	kex->server_version_string,
163	sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),	171	sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),

Lines 1855-1860 monitor_apply_keystate(struct monitor *pmonitor) Link Here

(-)a/monitor.c (+3 lines)
1855	#ifdef WITH_OPENSSL	1855	#ifdef WITH_OPENSSL
1856	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;	1856	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
1857	kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;	1857	kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
		1858	kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server;
		1859	kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server;
		1860	kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server;
1858	kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;	1861	kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
1859	kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;	1862	kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
1860	# ifdef OPENSSL_HAS_ECC	1863	# ifdef OPENSSL_HAS_ECC




#endif

#ifdef HAVE_EVP_SHA256
# define KEX_SHA2_METHODS \
	"diffie-hellman-group-exchange-sha256," \
	"diffie-hellman-group16-sha512," \
	"diffie-hellman-group18-sha512,"
# define KEX_SHA2_GROUP14 \
	"diffie-hellman-group14-sha256,"
#define	SHA2_HMAC_MODES \
	"hmac-sha2-256," \
	"hmac-sha2-512,"
#else
# define KEX_SHA2_METHODS
# define KEX_SHA2_GROUP14
# define SHA2_HMAC_MODES
#endif


#define KEX_COMMON_KEX \
	KEX_CURVE25519_METHODS \
	KEX_ECDH_METHODS \
	KEX_SHA2_METHODS

#define KEX_SERVER_KEX KEX_COMMON_KEX \
	KEX_SHA2_GROUP14 \
	"diffie-hellman-group14-sha1" \

#define KEX_CLIENT_KEX KEX_COMMON_KEX \
	"diffie-hellman-group-exchange-sha1," \
	KEX_SHA2_GROUP14 \
	"diffie-hellman-group14-sha1"

#define	KEX_DEFAULT_PK_ALG	\

Lines 302-307 keygrab_ssh2(con *c) Link Here

(-)a/ssh-keyscan.c (+3 lines)
302	#ifdef WITH_OPENSSL	302	#ifdef WITH_OPENSSL
303	c->c_ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;	303	c->c_ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
304	c->c_ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;	304	c->c_ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
		305	c->c_ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client;
		306	c->c_ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client;
		307	c->c_ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client;
305	c->c_ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;	308	c->c_ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
306	c->c_ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;	309	c->c_ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
307	# ifdef OPENSSL_HAS_ECC	310	# ifdef OPENSSL_HAS_ECC

Lines 103-108 ssh_init(struct ssh *sshp, int is_server, struct kex_params kex_params) Link Here

(-)a/ssh_api.c (+6 lines)
103	#ifdef WITH_OPENSSL	103	#ifdef WITH_OPENSSL
104	ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;	104	ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
105	ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;	105	ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
		106	ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server;
		107	ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server;
		108	ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server;
106	ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;	109	ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
107	ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;	110	ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
108	# ifdef OPENSSL_HAS_ECC	111	# ifdef OPENSSL_HAS_ECC
Lines 117-122 ssh_init(struct ssh *sshp, int is_server, struct kex_params kex_params) Link Here
117	#ifdef WITH_OPENSSL	120	#ifdef WITH_OPENSSL
118	ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;	121	ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
119	ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;	122	ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
		123	ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client;
		124	ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client;
		125	ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client;
120	ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;	126	ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
121	ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;	127	ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
122	# ifdef OPENSSL_HAS_ECC	128	# ifdef OPENSSL_HAS_ECC

Lines 206-211 ssh_kex2(char host, struct sockaddr hostaddr, u_short port) Link Here

(-)a/sshconnect2.c (+3 lines)
206	#ifdef WITH_OPENSSL	206	#ifdef WITH_OPENSSL
207	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;	207	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
208	kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;	208	kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
		209	kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client;
		210	kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client;
		211	kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client;
209	kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;	212	kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
210	kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;	213	kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
211	# ifdef OPENSSL_HAS_ECC	214	# ifdef OPENSSL_HAS_ECC

Lines 2626-2631 do_ssh2_kex(void) Link Here

(-)a/sshd.c (+3 lines)
2626	#ifdef WITH_OPENSSL	2626	#ifdef WITH_OPENSSL
2627	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;	2627	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
2628	kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;	2628	kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
		2629	kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server;
		2630	kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server;
		2631	kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server;
2629	kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;	2632	kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
2630	kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;	2633	kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
2631	# ifdef OPENSSL_HAS_ECC	2634	# ifdef OPENSSL_HAS_ECC

Return to bug 2515

Lines 314-319 dh_new_group(BIGNUM gen, BIGNUM modulus) Link Here

(-)a/dh.c (-10 / +71 lines)
314	return (dh);	314	return (dh);
315	}	315	}
316		316
		317	/* rfc3526 group 5 "1536-bit MODP Group" */
317	DH *	318	DH *
318	dh_new_group1(void)	319	dh_new_group1(void)
319	{	320	{
Lines 328-333 dh_new_group1(void) Link Here
328	return (dh_new_group_asc(gen, group1));	329	return (dh_new_group_asc(gen, group1));
329	}	330	}
330		331
		332	/* rfc3526 group 14 "2048-bit MODP Group" */
331	DH *	333	DH *
332	dh_new_group14(void)	334	dh_new_group14(void)
333	{	335	{
Lines 347-358 dh_new_group14(void) Link Here
347	return (dh_new_group_asc(gen, group14));	349	return (dh_new_group_asc(gen, group14));
348	}	350	}
349		351
350	/*	352	/* rfc3526 group 16 "4096-bit MODP Group" */
351	* 4k bit fallback group used by DH-GEX if moduli file cannot be read.
352	* Source: MODP group 16 from RFC3526.
353	*/
354	DH *	353	DH *
355	dh_new_group_fallback(int max)	354	dh_new_group16(void)
356	{	355	{
357	static char gen = "2", group16 =	356	static char gen = "2", group16 =
358	"FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"	357	"FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
Lines 378-389 dh_new_group_fallback(int max) Link Here
378	"93B4EA98" "8D8FDDC1" "86FFB7DC" "90A6C08F" "4DF435C9" "34063199"	377	"93B4EA98" "8D8FDDC1" "86FFB7DC" "90A6C08F" "4DF435C9" "34063199"
379	"FFFFFFFF" "FFFFFFFF";	378	"FFFFFFFF" "FFFFFFFF";
380		379
381	if (max < 4096) {	380	return (dh_new_group_asc(gen, group16));
382	debug3("requested max size %d, using 2k bit group 14", max);	381	}
		382
		383	/* rfc3526 group 18 "8192-bit MODP Group" */
		384	DH *
		385	dh_new_group18(void)
		386	{
		387	static char gen = "2", group16 =
		388	"FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
		389	"29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
		390	"EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
		391	"E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
		392	"EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D"
		393	"C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F"
		394	"83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D"
		395	"670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B"
		396	"E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9"
		397	"DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510"
		398	"15728E5A" "8AAAC42D" "AD33170D" "04507A33" "A85521AB" "DF1CBA64"
		399	"ECFB8504" "58DBEF0A" "8AEA7157" "5D060C7D" "B3970F85" "A6E1E4C7"
		400	"ABF5AE8C" "DB0933D7" "1E8C94E0" "4A25619D" "CEE3D226" "1AD2EE6B"
		401	"F12FFA06" "D98A0864" "D8760273" "3EC86A64" "521F2B18" "177B200C"
		402	"BBE11757" "7A615D6C" "770988C0" "BAD946E2" "08E24FA0" "74E5AB31"
		403	"43DB5BFC" "E0FD108E" "4B82D120" "A9210801" "1A723C12" "A787E6D7"
		404	"88719A10" "BDBA5B26" "99C32718" "6AF4E23C" "1A946834" "B6150BDA"
		405	"2583E9CA" "2AD44CE8" "DBBBC2DB" "04DE8EF9" "2E8EFC14" "1FBECAA6"
		406	"287C5947" "4E6BC05D" "99B2964F" "A090C3A2" "233BA186" "515BE7ED"
		407	"1F612970" "CEE2D7AF" "B81BDD76" "2170481C" "D0069127" "D5B05AA9"
		408	"93B4EA98" "8D8FDDC1" "86FFB7DC" "90A6C08F" "4DF435C9" "34028492"
		409	"36C3FAB4" "D27C7026" "C1D4DCB2" "602646DE" "C9751E76" "3DBA37BD"
		410	"F8FF9406" "AD9E530E" "E5DB382F" "413001AE" "B06A53ED" "9027D831"
		411	"179727B0" "865A8918" "DA3EDBEB" "CF9B14ED" "44CE6CBA" "CED4BB1B"
		412	"DB7F1447" "E6CC254B" "33205151" "2BD7AF42" "6FB8F401" "378CD2BF"
		413	"5983CA01" "C64B92EC" "F032EA15" "D1721D03" "F482D7CE" "6E74FEF6"
		414	"D55E702F" "46980C82" "B5A84031" "900B1C9E" "59E7C97F" "BEC7E8F3"
		415	"23A97A7E" "36CC88BE" "0F1D45B7" "FF585AC5" "4BD407B2" "2B4154AA"
		416	"CC8F6D7E" "BF48E1D8" "14CC5ED2" "0F8037E0" "A79715EE" "F29BE328"
		417	"06A1D58B" "B7C5DA76" "F550AA3D" "8A1FBFF0" "EB19CCB1" "A313D55C"
		418	"DA56C9EC" "2EF29632" "387FE8D7" "6E3C0468" "043E8F66" "3F4860EE"
		419	"12BF2D5B" "0B7474D6" "E694F91E" "6DBE1159" "74A3926F" "12FEE5E4"
		420	"38777CB6" "A932DF8C" "D8BEC4D0" "73B931BA" "3BC832B6" "8D9DD300"
		421	"741FA7BF" "8AFC47ED" "2576F693" "6BA42466" "3AAB639C" "5AE4F568"
		422	"3423B474" "2BF1C978" "238F16CB" "E39D652D" "E3FDB8BE" "FC848AD9"
		423	"22222E04" "A4037C07" "13EB57A8" "1A23F0C7" "3473FC64" "6CEA306B"
		424	"4BCBC886" "2F8385DD" "FA9D4B7F" "A2C087E8" "79683303" "ED5BDD3A"
		425	"062B3CF5" "B3A278A6" "6D2A13F8" "3F44F82D" "DF310EE0" "74AB6A36"
		426	"4597E899" "A0255DC1" "64F31CC5" "0846851D" "F9AB4819" "5DED7EA1"
		427	"B1D510BD" "7EE74D73" "FAF36BC3" "1ECFA268" "359046F4" "EB879F92"
		428	"4009438B" "481C6CD7" "889A002E" "D5EE382B" "C9190DA6" "FC026E47"
		429	"9558E447" "5677E9AA" "9E3050E2" "765694DF" "C81F56E8" "80B96E71"
		430	"60C980DD" "98EDD3DF" "FFFFFFFF" "FFFFFFFF";
		431
		432	return (dh_new_group_asc(gen, group16));
		433	}
		434
		435	/* Select fallback group used by DH-GEX if moduli file cannot be read. */
		436	DH *
		437	dh_new_group_fallback(int max)
		438	{
		439	debug3("%s: requested max size %d", __func__, max);
		440	if (max < 3072) {
		441	debug3("using 2k bit group 14");
383	return dh_new_group14();	442	return dh_new_group14();
		443	} else if (max < 6144) {
		444	debug3("using 4k bit group 16");
		445	return dh_new_group16();
384	}	446	}
385	debug3("using 4k bit group 16");	447	debug3("using 8k bit group 18");
386	return (dh_new_group_asc(gen, group16));	448	return dh_new_group18();
387	}	449	}
388		450
389	/*	451	/*
Lines 393-399 dh_new_group_fallback(int max) Link Here
393	* Management Part 1 (rev 3) limited by the recommended maximum value	455	* Management Part 1 (rev 3) limited by the recommended maximum value
394	* from RFC4419 section 3.	456	* from RFC4419 section 3.
395	*/	457	*/
396
397	u_int	458	u_int
398	dh_estimate(int bits)	459	dh_estimate(int bits)
399	{	460	{

Lines 43-48 Link Here

(-)a/kexdh.c (-3 / +4 lines)
43		43
44	int	44	int
45	kex_dh_hash(	45	kex_dh_hash(
		46	int hash_alg,
46	const char *client_version_string,	47	const char *client_version_string,
47	const char *server_version_string,	48	const char *server_version_string,
48	const u_char *ckexinit, size_t ckexinitlen,	49	const u_char *ckexinit, size_t ckexinitlen,
Lines 56-62 kex_dh_hash( Link Here
56	struct sshbuf *b;	57	struct sshbuf *b;
57	int r;	58	int r;
58		59
59	if (*hashlen < ssh_digest_bytes(SSH_DIGEST_SHA1))	60	if (*hashlen < ssh_digest_bytes(hash_alg))
60	return SSH_ERR_INVALID_ARGUMENT;	61	return SSH_ERR_INVALID_ARGUMENT;
61	if ((b = sshbuf_new()) == NULL)	62	if ((b = sshbuf_new()) == NULL)
62	return SSH_ERR_ALLOC_FAIL;	63	return SSH_ERR_ALLOC_FAIL;
Lines 79-90 kex_dh_hash( Link Here
79	#ifdef DEBUG_KEX	80	#ifdef DEBUG_KEX
80	sshbuf_dump(b, stderr);	81	sshbuf_dump(b, stderr);
81	#endif	82	#endif
82	if (ssh_digest_buffer(SSH_DIGEST_SHA1, b, hash, *hashlen) != 0) {	83	if (ssh_digest_buffer(hash_alg, b, hash, *hashlen) != 0) {
83	sshbuf_free(b);	84	sshbuf_free(b);
84	return SSH_ERR_LIBCRYPTO_ERROR;	85	return SSH_ERR_LIBCRYPTO_ERROR;
85	}	86	}
86	sshbuf_free(b);	87	sshbuf_free(b);
87	*hashlen = ssh_digest_bytes(SSH_DIGEST_SHA1);	88	*hashlen = ssh_digest_bytes(hash_alg);
88	#ifdef DEBUG_KEX	89	#ifdef DEBUG_KEX
89	dump_digest("hash", hash, *hashlen);	90	dump_digest("hash", hash, *hashlen);
90	#endif	91	#endif

Lines 67-79 Link Here

(-)a/myproposal.h (-4 / +11 lines)
67	#endif	67	#endif
68		68
69	#ifdef HAVE_EVP_SHA256	69	#ifdef HAVE_EVP_SHA256
70	# define KEX_SHA256_METHODS \	70	# define KEX_SHA2_METHODS \
71	"diffie-hellman-group-exchange-sha256,"	71	"diffie-hellman-group-exchange-sha256," \
		72	"diffie-hellman-group16-sha512," \
		73	"diffie-hellman-group18-sha512,"
		74	# define KEX_SHA2_GROUP14 \
		75	"diffie-hellman-group14-sha256,"
72	#define SHA2_HMAC_MODES \	76	#define SHA2_HMAC_MODES \
73	"hmac-sha2-256," \	77	"hmac-sha2-256," \
74	"hmac-sha2-512,"	78	"hmac-sha2-512,"
75	#else	79	#else
76	# define KEX_SHA256_METHODS	80	# define KEX_SHA2_METHODS
		81	# define KEX_SHA2_GROUP14
77	# define SHA2_HMAC_MODES	82	# define SHA2_HMAC_MODES
78	#endif	83	#endif
79		84
Lines 86-98 Link Here
86	#define KEX_COMMON_KEX \	91	#define KEX_COMMON_KEX \
87	KEX_CURVE25519_METHODS \	92	KEX_CURVE25519_METHODS \
88	KEX_ECDH_METHODS \	93	KEX_ECDH_METHODS \
89	KEX_SHA256_METHODS	94	KEX_SHA2_METHODS
90		95
91	#define KEX_SERVER_KEX KEX_COMMON_KEX \	96	#define KEX_SERVER_KEX KEX_COMMON_KEX \
		97	KEX_SHA2_GROUP14 \
92	"diffie-hellman-group14-sha1" \	98	"diffie-hellman-group14-sha1" \
93		99
94	#define KEX_CLIENT_KEX KEX_COMMON_KEX \	100	#define KEX_CLIENT_KEX KEX_COMMON_KEX \
95	"diffie-hellman-group-exchange-sha1," \	101	"diffie-hellman-group-exchange-sha1," \
		102	KEX_SHA2_GROUP14 \
96	"diffie-hellman-group14-sha1"	103	"diffie-hellman-group14-sha1"
97		104
98	#define KEX_DEFAULT_PK_ALG \	105	#define KEX_DEFAULT_PK_ALG \