upstream commit
add support for additional fixed DH groups from
draft-ietf-curdle-ssh-kex-sha2-03
diffie-hellman-group14-sha256 (2K group)
diffie-hellman-group16-sha512 (4K group)
diffie-hellman-group18-sha512 (8K group)
based on patch from Mark D. Baushke and Darren Tucker
ok markus@
Upstream-ID: ac00406ada4f0dfec41585ca0839f039545bc46f
diff --git a/kex.h b/kex.h
index 131b8d9..c351955 100644
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.77 2016/05/02 08:49:03 djm Exp $ */
+/* $OpenBSD: kex.h,v 1.78 2016/05/02 10:26:04 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -51,7 +51,10 @@
#define KEX_COOKIE_LEN 16
#define KEX_DH1 "diffie-hellman-group1-sha1"
-#define KEX_DH14 "diffie-hellman-group14-sha1"
+#define KEX_DH14_SHA1 "diffie-hellman-group14-sha1"
+#define KEX_DH14_SHA256 "diffie-hellman-group14-sha256"
+#define KEX_DH16_SHA512 "diffie-hellman-group16-sha512"
+#define KEX_DH18_SHA512 "diffie-hellman-group18-sha512"
#define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1"
#define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256"
#define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256"
@@ -88,6 +91,9 @@
enum kex_exchange {
KEX_DH_GRP1_SHA1,
KEX_DH_GRP14_SHA1,
+ KEX_DH_GRP14_SHA256,
+ KEX_DH_GRP16_SHA512,
+ KEX_DH_GRP18_SHA512,
KEX_DH_GEX_SHA1,
KEX_DH_GEX_SHA256,
KEX_ECDH_SHA2,
@@ -190,7 +196,7 @@
int kexc25519_client(struct ssh *);
int kexc25519_server(struct ssh *);
-int kex_dh_hash(const char *, const char *,
+int kex_dh_hash(int, const char *, const char *,
const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *);