summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2003-12-09 14:54:38 +0100
committerDarren Tucker <dtucker@zip.com.au>2003-12-09 14:54:38 +0100
commit5cd9d443ef70e5c8bf8cc21bc6cc81298e18e863 (patch)
tree54167b9fb2c0509c109986dbb75ac4fc72bd10f2
parent - (dtucker) [ssh-keyscan.c] Sync RCSIDs, missed in SSH_SSFDMAX change below. (diff)
downloadopenssh-5cd9d443ef70e5c8bf8cc21bc6cc81298e18e863.tar.xz
openssh-5cd9d443ef70e5c8bf8cc21bc6cc81298e18e863.zip
- dtucker@cvs.openbsd.org 2003/12/09 13:52:55
[moduli.c] Prevent ssh-keygen -T from outputting moduli with a generator of 0, since they can't be used for Diffie-Hellman. Assistance and ok djm@
Diffstat
-rw-r--r--ChangeLog6
-rw-r--r--moduli.c11
2 files changed, 15 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index 6d38e3cd9..6e87bfbb4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -23,6 +23,10 @@
- markus@cvs.openbsd.org 2003/12/08 11:00:47
[kexgexc.c]
print requested group size in debug; ok djm
+ - dtucker@cvs.openbsd.org 2003/12/09 13:52:55
+ [moduli.c]
+ Prevent ssh-keygen -T from outputting moduli with a generator of 0, since
+ they can't be used for Diffie-Hellman. Assistance and ok djm@
- (dtucker) [ssh-keyscan.c] Sync RCSIDs, missed in SSH_SSFDMAX change below.
20031208
@@ -1562,4 +1566,4 @@
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
Report from murple@murple.net, diagnosis from dtucker@zip.com.au
-$Id: ChangeLog,v 1.3138 2003/12/09 13:52:37 dtucker Exp $
+$Id: ChangeLog,v 1.3139 2003/12/09 13:54:38 dtucker Exp $
diff --git a/moduli.c b/moduli.c
index 17c7281c5..371319d0f 100644
--- a/moduli.c
+++ b/moduli.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: moduli.c,v 1.3 2003/12/07 06:34:18 djm Exp $ */
+/* $OpenBSD: moduli.c,v 1.4 2003/12/09 13:52:55 dtucker Exp $ */
/*
* Copyright 1994 Phil Karn <karn@qualcomm.com>
* Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
@@ -550,6 +550,15 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
continue;
}
+ /*
+ * Primes with no known generator are useless for DH, so
+ * skip those.
+ */
+ if (generator_known == 0) {
+ debug2("%10u: no known generator", count_in);
+ continue;
+ }
+
count_possible++;
/*
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-30 09:20:45 +0100