From 48584671994811168ce5d14aa701c97b2e53ca31 Mon Sep 17 00:00:00 2001
From: binary1248 <binary1248@hotmail.com>
Date: Thu, 25 Apr 2024 04:00:46 +0200
Subject: [PATCH] wincng: fix `DH_GEX_MAXGROUP` set higher than supported

In 1c3a03ebc3166cf69735111aba2b8cee57cdba51 #493,
`LIBSSH2_DH_GEX_MAXGROUP` was introduced to specify
crypto-backend-specific modulus sizes. Unfortunately, the max size for
the wincng DH modulus was defined to 8192, probably because this is the
value most other backends support.

According to Microsoft documentation [1], `BCryptGenerateKeyPair`
currently only supports up to 4096-bit keys when the selected algorithm
is `BCRYPT_DH_ALGORITHM`. Requesting larger keys when calling
`BCryptGenerateKeyPair` in `_libssh2_dh_key_pair` always results in
`STATUS_INVALID_PARAMETER` being returned and ultimately key exchange
failing.

When attempting to connect to any server that offers 8192 bit DH, this
causes key exchange to always fail when using the wincng backend.
Reducing `LIBSSH2_DH_GEX_MAXGROUP` to 4096 fixes the issue.

[1] https://learn.microsoft.com/en-us/windows/win32/api/bcrypt/nf-bcrypt-bcryptgeneratekeypair

Closes #1372
---
 src/wincng.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/wincng.h b/src/wincng.h
index d41f37f5..e3ee1742 100644
--- a/src/wincng.h
+++ b/src/wincng.h
@@ -476,7 +476,7 @@ struct _libssh2_wincng_bignum {
    diffie-hellman-group-exchange-sha1 */
 #define LIBSSH2_DH_GEX_MINGROUP     2048
 #define LIBSSH2_DH_GEX_OPTGROUP     4096
-#define LIBSSH2_DH_GEX_MAXGROUP     8192
+#define LIBSSH2_DH_GEX_MAXGROUP     4096
 
 #define LIBSSH2_DH_MAX_MODULUS_BITS 16384