upstream commit

relax bits needed check to allow diffie-hellman-group1-sha1 key exchange to complete for chacha20-poly1305 was selected as symmetric cipher; ok markus
author: djm@openbsd.org <djm@openbsd.org> 2015-03-26 06:59:28 +0000
committer: Damien Miller <djm@mindrot.org> 2015-03-27 12:02:23 +1100
commit: b8afbe2c1aaf573565e4da775261dfafc8b1ba9c (patch)
tree: 7384d33a9a0b200970e998810c9476f3d2d1efb5
parent: 47842f71e31da130555353c1d57a1e5a8937f1c0 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/dh.c b/dh.c
index a260240fd..1e5388d7f 100644
--- a/dh.c
+++ b/dh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.c,v 1.55 2015/01/20 23:14:00 deraadt Exp $ */
+/* $OpenBSD: dh.c,v 1.56 2015/03/26 06:59:28 djm Exp $ */
 /*
 * Copyright (c) 2000 Niels Provos.  All rights reserved.
 *
@@ -261,7 +261,7 @@ dh_gen_key(DH *dh, int need)
        if (need < 0 || dh->p == NULL ||
            (pbits = BN_num_bits(dh->p)) <= 0 ||
-            need > INT_MAX / 2 || 2 * need >= pbits)
+            need > INT_MAX / 2 || 2 * need > pbits)
                return SSH_ERR_INVALID_ARGUMENT;
        dh->length = MIN(need * 2, pbits - 1);
        if (DH_generate_key(dh) == 0 ||
author	djm@openbsd.org <djm@openbsd.org>	2015-03-26 06:59:28 +0000
committer	Damien Miller <djm@mindrot.org>	2015-03-27 12:02:23 +1100
commit	b8afbe2c1aaf573565e4da775261dfafc8b1ba9c (patch)
tree	7384d33a9a0b200970e998810c9476f3d2d1efb5
parent	47842f71e31da130555353c1d57a1e5a8937f1c0 (diff)

diff --git a/dh.c b/dh.c index a260240fd..1e5388d7f 100644 --- a/dh.c +++ b/dh.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: dh.c,v 1.55 2015/01/20 23:14:00 deraadt Exp $ */	1	/* $OpenBSD: dh.c,v 1.56 2015/03/26 06:59:28 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000 Niels Provos. All rights reserved.	3	* Copyright (c) 2000 Niels Provos. All rights reserved.
4	*	4	*
@@ -261,7 +261,7 @@ dh_gen_key(DH *dh, int need)
261		261
262	if (need < 0 \|\| dh->p == NULL \|\|	262	if (need < 0 \|\| dh->p == NULL \|\|
263	(pbits = BN_num_bits(dh->p)) <= 0 \|\|	263	(pbits = BN_num_bits(dh->p)) <= 0 \|\|
264	need > INT_MAX / 2 \|\| 2 * need >= pbits)	264	need > INT_MAX / 2 \|\| 2 * need > pbits)
265	return SSH_ERR_INVALID_ARGUMENT;	265	return SSH_ERR_INVALID_ARGUMENT;
266	dh->length = MIN(need * 2, pbits - 1);	266	dh->length = MIN(need * 2, pbits - 1);
267	if (DH_generate_key(dh) == 0 \|\|	267	if (DH_generate_key(dh) == 0 \|\|