Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / fdfbf4580de09d84a974211715e14f88a5704b8e^! / .
commitfdfbf4580de09d84a974211715e14f88a5704b8e[log] [tgz]
authordtucker@openbsd.org <dtucker@openbsd.org>Thu Mar 31 05:24:06 2016 +0000
committerDamien Miller <djm@mindrot.org>Fri Apr 01 23:57:14 2016 +1100
tree37111a431abb3fa50fc2b5af83e2b34fb18a3e94
parent0235a5fa67fcac51adb564cba69011a535f86f6b [diff]
upstream commit

Remove fallback from moduli to "primes" file that was
 deprecated in 2001 and fix log messages referring to primes file.  Based on
 patch from xnox at ubuntu.com via bz#2559.  "kill it" deraadt@

Upstream-ID: 0d4f8c70e2fa7431a83b95f8ca81033147ba8713

diff --git a/dh.c b/dh.c
index 7f68321..20f8191 100644
--- a/dh.c
+++ b/dh.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.c,v 1.58 2016/02/28 22:27:00 djm Exp $ */
+/* $OpenBSD: dh.c,v 1.59 2016/03/31 05:24:06 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  *
@@ -30,6 +30,7 @@
 #include <openssl/bn.h>
 #include <openssl/dh.h>
 
+#include <errno.h>
 #include <stdarg.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -151,10 +152,9 @@
 	int linenum;
 	struct dhgroup dhg;
 
-	if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL &&
-	    (f = fopen(_PATH_DH_PRIMES, "r")) == NULL) {
-		logit("WARNING: %s does not exist, using fixed modulus",
-		    _PATH_DH_MODULI);
+	if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL) {
+		logit("WARNING: could open open %s (%s), using fixed modulus",
+		    _PATH_DH_MODULI, strerror(errno));
 		return (dh_new_group_fallback(max));
 	}
 
@@ -182,7 +182,7 @@
 
 	if (bestcount == 0) {
 		fclose(f);
-		logit("WARNING: no suitable primes in %s", _PATH_DH_PRIMES);
+		logit("WARNING: no suitable primes in %s", _PATH_DH_MODULI);
 		return (dh_new_group_fallback(max));
 	}
 
@@ -203,7 +203,7 @@
 	fclose(f);
 	if (linenum != which+1) {
 		logit("WARNING: line %d disappeared in %s, giving up",
-		    which, _PATH_DH_PRIMES);
+		    which, _PATH_DH_MODULI);
 		return (dh_new_group_fallback(max));
 	}
 

diff --git a/pathnames.h b/pathnames.h
index ec89fc6..f5e11ab 100644
--- a/pathnames.h
+++ b/pathnames.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: pathnames.h,v 1.24 2013/12/06 13:39:49 markus Exp $ */
+/* $OpenBSD: pathnames.h,v 1.25 2016/03/31 05:24:06 dtucker Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -42,8 +42,6 @@
 #define _PATH_HOST_ED25519_KEY_FILE	SSHDIR "/ssh_host_ed25519_key"
 #define _PATH_HOST_RSA_KEY_FILE		SSHDIR "/ssh_host_rsa_key"
 #define _PATH_DH_MODULI			SSHDIR "/moduli"
-/* Backwards compatibility */
-#define _PATH_DH_PRIMES			SSHDIR "/primes"
 
 #ifndef _PATH_SSH_PROGRAM
 #define _PATH_SSH_PROGRAM		"/usr/bin/ssh"