summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordtucker@openbsd.org <dtucker@openbsd.org>2016-03-31 05:24:06 +0000
committerDamien Miller <djm@mindrot.org>2016-04-01 23:57:14 +1100
commitfdfbf4580de09d84a974211715e14f88a5704b8e (patch)
tree37111a431abb3fa50fc2b5af83e2b34fb18a3e94
parent0235a5fa67fcac51adb564cba69011a535f86f6b (diff)
upstream commit
Remove fallback from moduli to "primes" file that was deprecated in 2001 and fix log messages referring to primes file. Based on patch from xnox at ubuntu.com via bz#2559. "kill it" deraadt@ Upstream-ID: 0d4f8c70e2fa7431a83b95f8ca81033147ba8713
Diffstat
-rw-r--r--dh.c14
-rw-r--r--pathnames.h4
2 files changed, 8 insertions, 10 deletions
diff --git a/dh.c b/dh.c
index 7f68321d4..20f819131 100644
--- a/dh.c
+++ b/dh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh.c,v 1.58 2016/02/28 22:27:00 djm Exp $ */ 1/* $OpenBSD: dh.c,v 1.59 2016/03/31 05:24:06 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Niels Provos. All rights reserved. 3 * Copyright (c) 2000 Niels Provos. All rights reserved.
4 * 4 *
@@ -30,6 +30,7 @@
30#include <openssl/bn.h> 30#include <openssl/bn.h>
31#include <openssl/dh.h> 31#include <openssl/dh.h>
32 32
33#include <errno.h>
33#include <stdarg.h> 34#include <stdarg.h>
34#include <stdio.h> 35#include <stdio.h>
35#include <stdlib.h> 36#include <stdlib.h>
@@ -151,10 +152,9 @@ choose_dh(int min, int wantbits, int max)
151 int linenum; 152 int linenum;
152 struct dhgroup dhg; 153 struct dhgroup dhg;
153 154
154 if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL && 155 if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL) {
155 (f = fopen(_PATH_DH_PRIMES, "r")) == NULL) { 156 logit("WARNING: could open open %s (%s), using fixed modulus",
156 logit("WARNING: %s does not exist, using fixed modulus", 157 _PATH_DH_MODULI, strerror(errno));
157 _PATH_DH_MODULI);
158 return (dh_new_group_fallback(max)); 158 return (dh_new_group_fallback(max));
159 } 159 }
160 160
@@ -182,7 +182,7 @@ choose_dh(int min, int wantbits, int max)
182 182
183 if (bestcount == 0) { 183 if (bestcount == 0) {
184 fclose(f); 184 fclose(f);
185 logit("WARNING: no suitable primes in %s", _PATH_DH_PRIMES); 185 logit("WARNING: no suitable primes in %s", _PATH_DH_MODULI);
186 return (dh_new_group_fallback(max)); 186 return (dh_new_group_fallback(max));
187 } 187 }
188 188
@@ -203,7 +203,7 @@ choose_dh(int min, int wantbits, int max)
203 fclose(f); 203 fclose(f);
204 if (linenum != which+1) { 204 if (linenum != which+1) {
205 logit("WARNING: line %d disappeared in %s, giving up", 205 logit("WARNING: line %d disappeared in %s, giving up",
206 which, _PATH_DH_PRIMES); 206 which, _PATH_DH_MODULI);
207 return (dh_new_group_fallback(max)); 207 return (dh_new_group_fallback(max));
208 } 208 }
209 209
diff --git a/pathnames.h b/pathnames.h
index ec89fc666..f5e11ab15 100644
--- a/pathnames.h
+++ b/pathnames.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: pathnames.h,v 1.24 2013/12/06 13:39:49 markus Exp $ */ 1/* $OpenBSD: pathnames.h,v 1.25 2016/03/31 05:24:06 dtucker Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -42,8 +42,6 @@
42#define _PATH_HOST_ED25519_KEY_FILE SSHDIR "/ssh_host_ed25519_key" 42#define _PATH_HOST_ED25519_KEY_FILE SSHDIR "/ssh_host_ed25519_key"
43#define _PATH_HOST_RSA_KEY_FILE SSHDIR "/ssh_host_rsa_key" 43#define _PATH_HOST_RSA_KEY_FILE SSHDIR "/ssh_host_rsa_key"
44#define _PATH_DH_MODULI SSHDIR "/moduli" 44#define _PATH_DH_MODULI SSHDIR "/moduli"
45/* Backwards compatibility */
46#define _PATH_DH_PRIMES SSHDIR "/primes"
47 45
48#ifndef _PATH_SSH_PROGRAM 46#ifndef _PATH_SSH_PROGRAM
49#define _PATH_SSH_PROGRAM "/usr/bin/ssh" 47#define _PATH_SSH_PROGRAM "/usr/bin/ssh"
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-24 13:06:11 +0000