You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mina.apache.org by lg...@apache.org on 2015/11/24 12:51:23 UTC
mina-sshd git commit: [SSHD-596] Support dhg14 by runtime DH key size
detection similar to dhgex
Repository: mina-sshd
Updated Branches:
refs/heads/master 35dd66327 -> 0c89da89e
[SSHD-596] Support dhg14 by runtime DH key size detection similar to dhgex
Project: http://git-wip-us.apache.org/repos/asf/mina-sshd/repo
Commit: http://git-wip-us.apache.org/repos/asf/mina-sshd/commit/0c89da89
Tree: http://git-wip-us.apache.org/repos/asf/mina-sshd/tree/0c89da89
Diff: http://git-wip-us.apache.org/repos/asf/mina-sshd/diff/0c89da89
Branch: refs/heads/master
Commit: 0c89da89ef58279cf11650121acc697577c23755
Parents: 35dd663
Author: Alon Bar-Lev <al...@gmail.com>
Authored: Tue Nov 24 13:51:08 2015 +0200
Committer: Lyor Goldstein <lg...@vmware.com>
Committed: Tue Nov 24 13:51:08 2015 +0200
----------------------------------------------------------------------
.../org/apache/sshd/common/kex/BuiltinDHFactories.java | 9 +++++++--
.../java/org/apache/sshd/common/util/SecurityUtils.java | 10 ++++++++++
2 files changed, 17 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/0c89da89/sshd-core/src/main/java/org/apache/sshd/common/kex/BuiltinDHFactories.java
----------------------------------------------------------------------
diff --git a/sshd-core/src/main/java/org/apache/sshd/common/kex/BuiltinDHFactories.java b/sshd-core/src/main/java/org/apache/sshd/common/kex/BuiltinDHFactories.java
index b269714..9428ee7 100644
--- a/sshd-core/src/main/java/org/apache/sshd/common/kex/BuiltinDHFactories.java
+++ b/sshd-core/src/main/java/org/apache/sshd/common/kex/BuiltinDHFactories.java
@@ -51,6 +51,11 @@ public enum BuiltinDHFactories implements DHFactory {
}
return new DHG(BuiltinDigests.sha1, new BigInteger(DHGroupData.getP1()), new BigInteger(DHGroupData.getG()));
}
+
+ @Override // see https://tools.ietf.org/html/rfc4253#page-23
+ public boolean isSupported() {
+ return SecurityUtils.isDHOakelyGroupSupported(1024);
+ }
},
dhg14(Constants.DIFFIE_HELLMAN_GROUP14_SHA1) {
@Override
@@ -61,9 +66,9 @@ public enum BuiltinDHFactories implements DHFactory {
return new DHG(BuiltinDigests.sha1, new BigInteger(DHGroupData.getP14()), new BigInteger(DHGroupData.getG()));
}
- @Override
+ @Override // see https://tools.ietf.org/html/rfc4253#page-23
public boolean isSupported() {
- return SecurityUtils.isBouncyCastleRegistered();
+ return SecurityUtils.isDHOakelyGroupSupported(2048);
}
},
dhgex(Constants.DIFFIE_HELLMAN_GROUP_EXCHANGE_SHA1) {
http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/0c89da89/sshd-core/src/main/java/org/apache/sshd/common/util/SecurityUtils.java
----------------------------------------------------------------------
diff --git a/sshd-core/src/main/java/org/apache/sshd/common/util/SecurityUtils.java b/sshd-core/src/main/java/org/apache/sshd/common/util/SecurityUtils.java
index c2fbd38..4a7012f 100644
--- a/sshd-core/src/main/java/org/apache/sshd/common/util/SecurityUtils.java
+++ b/sshd-core/src/main/java/org/apache/sshd/common/util/SecurityUtils.java
@@ -152,6 +152,16 @@ public final class SecurityUtils {
}
/**
+ * @param keySize The expected key size
+ * @return {@code true} if Oakely Diffie-Hellman Group Exchange is supported
+ * for the specified key size
+ * @see #getMaxDHGroupExchangeKeySize()
+ */
+ public static boolean isDHOakelyGroupSupported(int keySize) {
+ return getMaxDHGroupExchangeKeySize() >= keySize;
+ }
+
+ /**
* @return The maximum supported Diffie-Hellman Group Exchange key size,
* or non-positive if not supported
*/