- dtucker@cvs.openbsd.org 2003/12/09 13:52:55
[moduli.c]
Prevent ssh-keygen -T from outputting moduli with a generator of 0, since
they can't be used for Diffie-Hellman. Assistance and ok djm@
diff --git a/ChangeLog b/ChangeLog
index 6d38e3c..6e87bfb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -23,6 +23,10 @@
- markus@cvs.openbsd.org 2003/12/08 11:00:47
[kexgexc.c]
print requested group size in debug; ok djm
+ - dtucker@cvs.openbsd.org 2003/12/09 13:52:55
+ [moduli.c]
+ Prevent ssh-keygen -T from outputting moduli with a generator of 0, since
+ they can't be used for Diffie-Hellman. Assistance and ok djm@
- (dtucker) [ssh-keyscan.c] Sync RCSIDs, missed in SSH_SSFDMAX change below.
20031208
@@ -1562,4 +1566,4 @@
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
Report from murple@murple.net, diagnosis from dtucker@zip.com.au
-$Id: ChangeLog,v 1.3138 2003/12/09 13:52:37 dtucker Exp $
+$Id: ChangeLog,v 1.3139 2003/12/09 13:54:38 dtucker Exp $
diff --git a/moduli.c b/moduli.c
index 17c7281..371319d 100644
--- a/moduli.c
+++ b/moduli.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: moduli.c,v 1.3 2003/12/07 06:34:18 djm Exp $ */
+/* $OpenBSD: moduli.c,v 1.4 2003/12/09 13:52:55 dtucker Exp $ */
/*
* Copyright 1994 Phil Karn <karn@qualcomm.com>
* Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
@@ -550,6 +550,15 @@
continue;
}
+ /*
+ * Primes with no known generator are useless for DH, so
+ * skip those.
+ */
+ if (generator_known == 0) {
+ debug2("%10u: no known generator", count_in);
+ continue;
+ }
+
count_possible++;
/*