mirror of
https://github.com/libssh2/libssh2.git
synced 2026-01-27 00:18:12 +03:00
wincng: fix DH_GEX_MAXGROUP set higher than supported
In 1c3a03ebc3 #493,
`LIBSSH2_DH_GEX_MAXGROUP` was introduced to specify
crypto-backend-specific modulus sizes. Unfortunately, the max size for
the wincng DH modulus was defined to 8192, probably because this is the
value most other backends support.
According to Microsoft documentation [1], `BCryptGenerateKeyPair`
currently only supports up to 4096-bit keys when the selected algorithm
is `BCRYPT_DH_ALGORITHM`. Requesting larger keys when calling
`BCryptGenerateKeyPair` in `_libssh2_dh_key_pair` always results in
`STATUS_INVALID_PARAMETER` being returned and ultimately key exchange
failing.
When attempting to connect to any server that offers 8192 bit DH, this
causes key exchange to always fail when using the wincng backend.
Reducing `LIBSSH2_DH_GEX_MAXGROUP` to 4096 fixes the issue.
[1] https://learn.microsoft.com/en-us/windows/win32/api/bcrypt/nf-bcrypt-bcryptgeneratekeypair
Closes #1372
This commit is contained in:
binary1248
committed by
Viktor Szakats
Viktor Szakats
parent
323a14b2ca
commit
4858467199
@@ -476,7 +476,7 @@ struct _libssh2_wincng_bignum {
|
||||
diffie-hellman-group-exchange-sha1 */
|
||||
#define LIBSSH2_DH_GEX_MINGROUP 2048
|
||||
#define LIBSSH2_DH_GEX_OPTGROUP 4096
|
||||
#define LIBSSH2_DH_GEX_MAXGROUP 8192
|
||||
#define LIBSSH2_DH_GEX_MAXGROUP 4096
|
||||
|
||||
#define LIBSSH2_DH_MAX_MODULUS_BITS 16384
|
||||
|
||||
|
||||
Reference in New Issue
Block a user