- dtucker@cvs.openbsd.org 2003/12/09 13:52:55

     [moduli.c]
     Prevent ssh-keygen -T from outputting moduli with a generator of 0, since
     they can't be used for Diffie-Hellman.  Assistance and ok djm@

2 files changed, 15 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index 6d38e3cd9..6e87bfbb4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -23,6 +23,10 @@
    - markus@cvs.openbsd.org 2003/12/08 11:00:47
      [kexgexc.c]
      print requested group size in debug; ok djm
+   - dtucker@cvs.openbsd.org 2003/12/09 13:52:55
+     [moduli.c]
+     Prevent ssh-keygen -T from outputting moduli with a generator of 0, since
+     they can't be used for Diffie-Hellman.  Assistance and ok djm@
  - (dtucker) [ssh-keyscan.c] Sync RCSIDs, missed in SSH_SSFDMAX change below.
 
 20031208
@@ -1562,4 +1566,4 @@
  - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
    Report from murple@murple.net, diagnosis from dtucker@zip.com.au
 
-$Id: ChangeLog,v 1.3138 2003/12/09 13:52:37 dtucker Exp $
+$Id: ChangeLog,v 1.3139 2003/12/09 13:54:38 dtucker Exp $
diff --git a/moduli.c b/moduli.c
index 17c7281c5..371319d0f 100644
--- a/moduli.c
+++ b/moduli.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: moduli.c,v 1.3 2003/12/07 06:34:18 djm Exp $ */
+/* $OpenBSD: moduli.c,v 1.4 2003/12/09 13:52:55 dtucker Exp $ */
 /*
  * Copyright 1994 Phil Karn <karn@qualcomm.com>
  * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
@@ -550,6 +550,15 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
                         continue;
                 }
 
+                /*
+                 * Primes with no known generator are useless for DH, so
+                 * skip those.
+                 */
+                if (generator_known == 0) {
+                        debug2("%10u: no known generator", count_in);
+                        continue;
+                }
+
                 count_possible++;
 
                 /*