Add support for diffie-hellman-group-exchange-sha256. Tested against a

patched OpenSSH server.  This is controlled by the same user settings
as diffie-hellman-group-exchange-sha1, which may not be optimal, especially
given that they're both referred to as dh-gex-sha1 in saved sessions.

[originally from svn r6272]

diff --git a/Recipe b/Recipe
index a82a969c6a388235f63834bd116d756a779ac4d6..6b9f200f084e154e7e4384e3af35b3a56e4038bd 100644 (file)
--- a/Recipe
+++ b/Recipe
@@ -213,7 +213,7 @@ NONSSH   = telnet raw rlogin ldisc pinger
 # SSH back end (putty, plink, pscp, psftp).
 SSH      = ssh sshcrc sshdes sshmd5 sshrsa sshrand sshsha sshblowf
          + sshdh sshcrcda sshpubk sshzlib sshdss x11fwd portfwd
-         + sshaes sshsh512 sshbn wildcard pinger ssharcf
+         + sshaes sshsh256 sshsh512 sshbn wildcard pinger ssharcf
 WINSSH   = SSH winnoise winpgntc
 UXSSH    = SSH uxnoise uxagentc
 MACSSH   = SSH macnoise

diff --git a/ssh.c b/ssh.c
index 91bfa8842ec7a548ec22566f77b05c9797cf9fd0..75610c6799b744d9b80762894f9a4bcbb8482436 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -705,7 +705,7 @@ struct ssh_tag {
     void *cs_comp_ctx, *sc_comp_ctx;
     const struct ssh_kex *kex;
     const struct ssh_signkey *hostkey;
-    unsigned char v2_session_id[20];
+    unsigned char v2_session_id[32];
     int v2_session_id_len;
     void *kex_ctx;
 
@@ -4994,7 +4994,7 @@ static int do_ssh2_transport(Ssh ssh, void *vin, int inlen,
        char *hostkeydata, *sigdata, *keystr, *fingerprint;
        int hostkeylen, siglen;
        void *hkey;                    /* actual host key */
-       unsigned char exchange_hash[20];
+       unsigned char exchange_hash[32];
        int n_preferred_kex;
        const struct ssh_kexes *preferred_kex[KEX_MAX];
        int n_preferred_ciphers;

diff --git a/sshdh.c b/sshdh.c
index 8d98462590753d753e6241cdb1f4953c3e638361..48f277a7cf31eaf02a2a34f5a6f8ebce7b22d5ee 100644 (file)
--- a/sshdh.c
+++ b/sshdh.c
@@ -74,12 +74,18 @@ const struct ssh_kexes ssh_diffiehellman_group14 = {
     group14_list
 };
 
+static const struct ssh_kex ssh_diffiehellman_gex_sha256 = {
+    "diffie-hellman-group-exchange-sha256", NULL,
+    NULL, NULL, 0, 0, &ssh_sha256
+};
+
 static const struct ssh_kex ssh_diffiehellman_gex_sha1 = {
     "diffie-hellman-group-exchange-sha1", NULL,
     NULL, NULL, 0, 0, &ssh_sha1
 };
 
 static const struct ssh_kex *const gex_list[] = {
+    &ssh_diffiehellman_gex_sha256,
     &ssh_diffiehellman_gex_sha1
 };