This is an automated email from the ASF dual-hosted git repository.
lgoldstein pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git
commit 20e149455f32a6c633146baaacab883279658afb
Author: Lyor Goldstein <lgoldst...@apache.org>
AuthorDate: Tue Nov 10 18:54:15 2020 +0200
[SSHD-1100] Split DHGEXServer#chooseDH code into smaller methods
---
.../sshd/cli/client/SshClientCliSupport.java | 1 -
.../org/apache/sshd/server/kex/DHGEXServer.java | 53 ++++++++++++----------
2 files changed, 30 insertions(+), 24 deletions(-)
diff --git
a/sshd-cli/src/main/java/org/apache/sshd/cli/client/SshClientCliSupport.java
b/sshd-cli/src/main/java/org/apache/sshd/cli/client/SshClientCliSupport.java
index db26179..8947388 100644
--- a/sshd-cli/src/main/java/org/apache/sshd/cli/client/SshClientCliSupport.java
+++ b/sshd-cli/src/main/java/org/apache/sshd/cli/client/SshClientCliSupport.java
@@ -254,7 +254,6 @@ public abstract class SshClientCliSupport extends
CliSupport {
port = SshConstants.TO_EFFECTIVE_PORT.applyAsInt(port);
HostConfigEntry entry = resolveHost(client, login, host, port,
proxyJump);
- // TODO use a configurable wait time
ClientSession session = client.connect(entry, null, null)
.verify(CliClientModuleProperties.CONECT_TIMEOUT.getRequired(client))
.getSession();
diff --git
a/sshd-core/src/main/java/org/apache/sshd/server/kex/DHGEXServer.java
b/sshd-core/src/main/java/org/apache/sshd/server/kex/DHGEXServer.java
index 66fbf4a..3e23da2 100644
--- a/sshd-core/src/main/java/org/apache/sshd/server/kex/DHGEXServer.java
+++ b/sshd-core/src/main/java/org/apache/sshd/server/kex/DHGEXServer.java
@@ -269,14 +269,37 @@ public class DHGEXServer extends
AbstractDHServerKeyExchange {
}
protected DHG chooseDH(int min, int prf, int max) throws Exception {
+ ServerSession session = getServerSession();
+ List<Moduli.DhGroup> groups = loadModuliGroups(session);
+ List<Moduli.DhGroup> selected = selectModuliGroups(session, min, prf,
max, groups);
+ if (GenericUtils.isEmpty(selected)) {
+ log.warn("chooseDH({})[{}][prf={}, min={}, max={}] No suitable
primes found, defaulting to DHG1",
+ this, session, prf, min, max);
+ return getDH(new BigInteger(DHGroupData.getP1()), new
BigInteger(DHGroupData.getG()));
+ }
+
+ FactoryManager manager =
Objects.requireNonNull(session.getFactoryManager(), "No factory manager");
+ Factory<Random> factory =
Objects.requireNonNull(manager.getRandomFactory(), "No random factory");
+ Random random = Objects.requireNonNull(factory.create(), "No random
generator");
+ int which = random.random(selected.size());
+ Moduli.DhGroup group = selected.get(which);
+ if (log.isTraceEnabled()) {
+ log.trace("chooseDH({})[{}][prf={}, min={}, max={}] selected {}",
+ this, session, prf, min, max, group);
+ }
+
+ return getDH(group.getP(), group.getG());
+ }
+
+ protected List<Moduli.DhGroup> selectModuliGroups(
+ ServerSession session, int min, int prf, int max,
List<Moduli.DhGroup> groups)
+ throws Exception {
int maxDHGroupExchangeKeySize =
SecurityUtils.getMaxDHGroupExchangeKeySize();
min = Math.max(min, SecurityUtils.MIN_DHGEX_KEY_SIZE);
prf = Math.max(prf, SecurityUtils.MIN_DHGEX_KEY_SIZE);
prf = Math.min(prf, maxDHGroupExchangeKeySize);
max = Math.min(max, maxDHGroupExchangeKeySize);
- List<Moduli.DhGroup> groups = loadModuliGroups();
- Session session = getServerSession();
List<Moduli.DhGroup> selected = new ArrayList<>();
int bestSize = 0;
boolean traceEnabled = log.isTraceEnabled();
@@ -284,7 +307,7 @@ public class DHGEXServer extends
AbstractDHServerKeyExchange {
int size = group.getSize();
if ((size < min) || (size > max)) {
if (traceEnabled) {
- log.trace("chooseDH({})[{}] - skip group={} - size not in
range [{}-{}]",
+ log.trace("selectModuliGroups({})[{}] - skip group={} -
size not in range [{}-{}]",
this, session, group, min, max);
}
continue;
@@ -293,7 +316,7 @@ public class DHGEXServer extends
AbstractDHServerKeyExchange {
if (((size > prf) && (size < bestSize)) || ((size > bestSize) &&
(bestSize < prf))) {
bestSize = size;
if (traceEnabled) {
- log.trace("chooseDH({})[{}][prf={}, min={}, max={}] new
best size={} from group={}",
+ log.trace("selectModuliGroups({})[{}][prf={}, min={},
max={}] new best size={} from group={}",
this, session, prf, min, max, bestSize, group);
}
selected.clear();
@@ -301,33 +324,17 @@ public class DHGEXServer extends
AbstractDHServerKeyExchange {
if (size == bestSize) {
if (traceEnabled) {
- log.trace("chooseDH({})[{}][prf={}, min={}, max={}]
selected {}",
+ log.trace("selectModuliGroups({})[{}][prf={}, min={},
max={}] selected {}",
this, session, prf, min, max, group);
}
selected.add(group);
}
}
- if (selected.isEmpty()) {
- log.warn("chooseDH({})[{}][prf={}, min={}, max={}] No suitable
primes found, defaulting to DHG1",
- this, session, prf, min, max);
- return getDH(new BigInteger(DHGroupData.getP1()), new
BigInteger(DHGroupData.getG()));
- }
-
- FactoryManager manager =
Objects.requireNonNull(session.getFactoryManager(), "No factory manager");
- Factory<Random> factory =
Objects.requireNonNull(manager.getRandomFactory(), "No random factory");
- Random random = Objects.requireNonNull(factory.create(), "No random
generator");
- int which = random.random(selected.size());
- Moduli.DhGroup group = selected.get(which);
- if (traceEnabled) {
- log.trace("chooseDH({})[{}][prf={}, min={}, max={}] selected {}",
- this, session, prf, min, max, group);
- }
- return getDH(group.getP(), group.getG());
+ return selected;
}
- protected List<Moduli.DhGroup> loadModuliGroups() throws IOException {
- Session session = getServerSession();
+ protected List<Moduli.DhGroup> loadModuliGroups(ServerSession session)
throws IOException {
String moduliStr = CoreModuleProperties.MODULI_URL.getOrNull(session);
List<Moduli.DhGroup> groups = null;
if (!GenericUtils.isEmpty(moduliStr)) {
