- markus@cvs.openbsd.org 2003/12/16 15:51:54

     [dh.c]
     use <= instead of < in dh_estimate; ok provos/hshoexer;
     do not return < DH_GRP_MIN

2 files changed, 8 insertions, 6 deletions

diff --git a/ChangeLog b/ChangeLog
index 3593792c1..5c63b2aa2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -29,6 +29,10 @@
      application layer keep alive (ServerAliveInterval ServerAliveCountMax)
      for ssh(1), similar to the sshd(8) option; ok beck@; with help from
      jmc and dtucker@
+   - markus@cvs.openbsd.org 2003/12/16 15:51:54
+     [dh.c]
+     use <= instead of < in dh_estimate; ok provos/hshoexer; 
+     do not return < DH_GRP_MIN
 
 20031209
  - (dtucker) OpenBSD CVS Sync
@@ -1598,4 +1602,4 @@
  - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
    Report from murple@murple.net, diagnosis from dtucker@zip.com.au
 
-$Id: ChangeLog,v 1.3146 2003/12/17 05:33:10 djm Exp $
+$Id: ChangeLog,v 1.3147 2003/12/17 05:33:53 djm Exp $
diff --git a/dh.c b/dh.c
index c924efee0..c7a3e18be 100644
--- a/dh.c
+++ b/dh.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: dh.c,v 1.25 2003/09/18 13:02:21 miod Exp $");
+RCSID("$OpenBSD: dh.c,v 1.26 2003/12/16 15:51:54 markus Exp $");
 
 #include "xmalloc.h"
 
@@ -279,11 +279,9 @@ int
 dh_estimate(int bits)
 {
 
-        if (bits < 64)
-                return (512);   /* O(2**63) */
-        if (bits < 128)
+        if (bits <= 128)
                 return (1024);  /* O(2**86) */
-        if (bits < 192)
+        if (bits <= 192)
                 return (2048);  /* O(2**116) */
         return (4096);          /* O(2**156) */
 }