kex.c: group16-sha512 and group18-sha512 support #457 (#468)

Files: kex.c Notes: Added key exchange group16-sha512 and group18-sha512. As a result did the following: Abstracted diffie_hellman_sha256() to diffie_hellman_sha_algo() which is now algorithm agnostic and takes the algorithm as a parameter since we needed sha512 support. Unfortunately it required some helper functions but they are simple. Deleted diffie_hellman_sha1() Deleted diffie_hellman_sha1 specific macro Cleaned up some formatting Defined sha384 in os400 and wincng backends Defined LIBSSH2_DH_MAX_MODULUS_BITS to abort the connection if we receive too large of p from the server doing sha1 key exchange. Reorder the default key exchange list to match OpenSSH and improve security Credit: Will Cosgrove
2025-08-05 20:55:47 +03:00 · 2020-09-23 13:20:00 -07:00
parent 9ae9ff30cb
commit f553dcc95d
5 changed files with 575 additions and 862 deletions
--- a/include/libssh2.h
+++ b/include/libssh2.h
@@ -239,6 +239,8 @@ typedef off_t libssh2_struct_stat_size;
 #define LIBSSH2_DH_GEX_OPTGROUP     4096
 #define LIBSSH2_DH_GEX_MAXGROUP     8192

+#define LIBSSH2_DH_MAX_MODULUS_BITS 16384
+
 /* Defaults for pty requests */
 #define LIBSSH2_TERM_WIDTH      80
 #define LIBSSH2_TERM_HEIGHT     24