From e23b639d42acf7f2d4934090817cee0774752213 Mon Sep 17 00:00:00 2001
From: Alon Bar-Lev <alon.barlev@gmail.com>
Date: Mon, 23 Nov 2015 10:42:51 +0200
Subject: [PATCH] [SSHD-596] Support dhg14 by runtime DH key size detection

Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
---
 .../org/apache/sshd/common/kex/BuiltinDHFactories.java   | 9 +++++++--
 .../java/org/apache/sshd/common/util/SecurityUtils.java  | 8 ++++++++
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/sshd-core/src/main/java/org/apache/sshd/common/kex/BuiltinDHFactories.java b/sshd-core/src/main/java/org/apache/sshd/common/kex/BuiltinDHFactories.java
index b26971439..0015c4022 100644
--- a/sshd-core/src/main/java/org/apache/sshd/common/kex/BuiltinDHFactories.java
+++ b/sshd-core/src/main/java/org/apache/sshd/common/kex/BuiltinDHFactories.java
@@ -51,6 +51,11 @@ public DHG create(Object... params) throws Exception {
             }
             return new DHG(BuiltinDigests.sha1, new BigInteger(DHGroupData.getP1()), new BigInteger(DHGroupData.getG()));
         }
+
+        @Override
+        public boolean isSupported() {
+            return SecurityUtils.isDHOakelyGroupSupported(1024);
+        }
     },
     dhg14(Constants.DIFFIE_HELLMAN_GROUP14_SHA1) {
         @Override
@@ -62,8 +67,8 @@ public DHG create(Object... params) throws Exception {
         }
 
         @Override
-        public boolean isSupported() {
-            return SecurityUtils.isBouncyCastleRegistered();
+        public boolean isSupported() {  // avoid "Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive)"
+            return SecurityUtils.isDHOakelyGroupSupported(2048);
         }
     },
     dhgex(Constants.DIFFIE_HELLMAN_GROUP_EXCHANGE_SHA1) {
diff --git a/sshd-core/src/main/java/org/apache/sshd/common/util/SecurityUtils.java b/sshd-core/src/main/java/org/apache/sshd/common/util/SecurityUtils.java
index 21d874a12..51c427bd3 100644
--- a/sshd-core/src/main/java/org/apache/sshd/common/util/SecurityUtils.java
+++ b/sshd-core/src/main/java/org/apache/sshd/common/util/SecurityUtils.java
@@ -132,6 +132,14 @@ public static boolean isDHGroupExchangeSupported() {
         return getMaxDHGroupExchangeKeySize() > 0;
     }
 
+    /**
+     * @return {@code true} if Oakely Diffie-Hellman Group Exchange is supported
+     * @see #getMaxDHGroupExchangeKeySize()
+     */
+    public static boolean isDHOakelyGroupSupported(int keySize) {
+        return getMaxDHGroupExchangeKeySize() >= keySize;
+    }
+
     /**
      * @return The maximum supported Diffie-Hellman Group Exchange key size,
      * or non-positive if not supported