From f675fc4948b2ec2c9ff86bcdd58e00947f0e319b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 15 Jun 2004 10:30:09 +1000 Subject: - djm@cvs.openbsd.org 2004/06/13 12:53:24 [dh.c dh.h kex.c kex.h kexdhc.c kexdhs.c monitor.c myproposal.h] [ssh-keyscan.c sshconnect2.c sshd.c] implement diffie-hellman-group14-sha1 kex method (trivial extension to existing diffie-hellman-group1-sha1); ok markus@ --- dh.c | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) (limited to 'dh.c') diff --git a/dh.c b/dh.c index afd1e05d0..176fb7469 100644 --- a/dh.c +++ b/dh.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: dh.c,v 1.29 2004/02/27 22:49:27 dtucker Exp $"); +RCSID("$OpenBSD: dh.c,v 1.30 2004/06/13 12:53:24 djm Exp $"); #include "xmalloc.h" @@ -115,8 +115,9 @@ choose_dh(int min, int wantbits, int max) if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL && (f = fopen(_PATH_DH_PRIMES, "r")) == NULL) { - logit("WARNING: %s does not exist, using old modulus", _PATH_DH_MODULI); - return (dh_new_group1()); + logit("WARNING: %s does not exist, using fixed modulus", + _PATH_DH_MODULI); + return (dh_new_group14()); } linenum = 0; @@ -169,7 +170,7 @@ choose_dh(int min, int wantbits, int max) return (dh_new_group(dhg.g, dhg.p)); } -/* diffie-hellman-group1-sha1 */ +/* diffie-hellman-groupN-sha1 */ int dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) @@ -272,6 +273,25 @@ dh_new_group1(void) return (dh_new_group_asc(gen, group1)); } +DH * +dh_new_group14(void) +{ + static char *gen = "2", *group14 = + "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1" + "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD" + "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245" + "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED" + "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D" + "C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F" + "83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D" + "670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B" + "E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9" + "DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510" + "15728E5A" "8AACAA68" "FFFFFFFF" "FFFFFFFF"; + + return (dh_new_group_asc(gen, group14)); +} + /* * Estimates the group order for a Diffie-Hellman group that has an * attack complexity approximately the same as O(2**bits). Estimate -- cgit v1.2.3 From 9a2bd1116bf3fdb236d8b10af1acb2e7e8fe6e60 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 12 Aug 2004 22:40:59 +1000 Subject: - djm@cvs.openbsd.org 2004/08/04 10:37:52 [dh.c] return group14 when no primes found - fixes hang on empty /etc/moduli; ok markus@ --- ChangeLog | 6 +++++- dh.c | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) (limited to 'dh.c') diff --git a/ChangeLog b/ChangeLog index 3d0347876..781a1aaba 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,10 @@ [auth.c auth1.c auth2.c cipher.c cipher.h key.c session.c ssh.c sshconnect1.c] more s/illegal/invalid/ + - djm@cvs.openbsd.org 2004/08/04 10:37:52 + [dh.c] + return group14 when no primes found - fixes hang on empty /etc/moduli; + ok markus@ 20040720 - (djm) OpenBSD CVS Sync @@ -1575,4 +1579,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3491 2004/08/12 12:40:24 dtucker Exp $ +$Id: ChangeLog,v 1.3492 2004/08/12 12:40:59 dtucker Exp $ diff --git a/dh.c b/dh.c index 176fb7469..044d869fb 100644 --- a/dh.c +++ b/dh.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: dh.c,v 1.30 2004/06/13 12:53:24 djm Exp $"); +RCSID("$OpenBSD: dh.c,v 1.31 2004/08/04 10:37:52 djm Exp $"); #include "xmalloc.h" @@ -145,7 +145,7 @@ choose_dh(int min, int wantbits, int max) if (bestcount == 0) { fclose(f); logit("WARNING: no suitable primes in %s", _PATH_DH_PRIMES); - return (NULL); + return (dh_new_group14()); } linenum = 0; -- cgit v1.2.3