Add RFC8268 / RFC3126 Diffie-Hellman group{15,16,17,18}.

These are a new set of larger integer Diffie-Hellman fixed groups, using SHA-512 as the hash.
2025-07-02 03:52:49 -05:00 · 2022-08-29 07:44:39 +01:00
parent b88057d09d
commit 031d86ed5b
7 changed files with 230 additions and 13 deletions
--- a/ssh/transport2.c
+++ b/ssh/transport2.c
@ -508,7 +508,7 @@ static void ssh2_write_kexinit_lists(
    bool warn;

    int n_preferred_kex;
-    const ssh_kexes *preferred_kex[KEX_MAX + 1]; /* +1 for GSSAPI */
+    const ssh_kexes *preferred_kex[KEX_MAX + 2]; /* +2 for GSSAPI */
    int n_preferred_hk;
    int preferred_hk[HK_MAX];
    int n_preferred_ciphers;
@ -523,14 +523,32 @@ static void ssh2_write_kexinit_lists(
     * Set up the preferred key exchange. (NULL => warn below here)
     */
    n_preferred_kex = 0;
-    if (can_gssapi_keyex)
+    if (can_gssapi_keyex) {
+        preferred_kex[n_preferred_kex++] = &ssh_gssk5_sha2_kex;
        preferred_kex[n_preferred_kex++] = &ssh_gssk5_sha1_kex;
+    }
    for (i = 0; i < KEX_MAX; i++) {
        switch (conf_get_int_int(conf, CONF_ssh_kexlist, i)) {
          case KEX_DHGEX:
            preferred_kex[n_preferred_kex++] =
                &ssh_diffiehellman_gex;
            break;
+          case KEX_DHGROUP18:
+            preferred_kex[n_preferred_kex++] =
+                &ssh_diffiehellman_group18;
+            break;
+          case KEX_DHGROUP17:
+            preferred_kex[n_preferred_kex++] =
+                &ssh_diffiehellman_group17;
+            break;
+          case KEX_DHGROUP16:
+            preferred_kex[n_preferred_kex++] =
+                &ssh_diffiehellman_group16;
+            break;
+          case KEX_DHGROUP15:
+            preferred_kex[n_preferred_kex++] =
+                &ssh_diffiehellman_group15;
+            break;
          case KEX_DHGROUP14:
            preferred_kex[n_preferred_kex++] =
                &ssh_diffiehellman_group14;