From 5cd9d443ef70e5c8bf8cc21bc6cc81298e18e863 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 10 Dec 2003 00:54:38 +1100 Subject: [PATCH] - dtucker@cvs.openbsd.org 2003/12/09 13:52:55 [moduli.c] Prevent ssh-keygen -T from outputting moduli with a generator of 0, since they can't be used for Diffie-Hellman. Assistance and ok djm@ --- ChangeLog | 6 +++++- moduli.c | 11 ++++++++++- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6d38e3cd9..6e87bfbb4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,10 @@ - markus@cvs.openbsd.org 2003/12/08 11:00:47 [kexgexc.c] print requested group size in debug; ok djm + - dtucker@cvs.openbsd.org 2003/12/09 13:52:55 + [moduli.c] + Prevent ssh-keygen -T from outputting moduli with a generator of 0, since + they can't be used for Diffie-Hellman. Assistance and ok djm@ - (dtucker) [ssh-keyscan.c] Sync RCSIDs, missed in SSH_SSFDMAX change below. 20031208 @@ -1562,4 +1566,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.3138 2003/12/09 13:52:37 dtucker Exp $ +$Id: ChangeLog,v 1.3139 2003/12/09 13:54:38 dtucker Exp $ diff --git a/moduli.c b/moduli.c index 17c7281c5..371319d0f 100644 --- a/moduli.c +++ b/moduli.c @@ -1,4 +1,4 @@ -/* $OpenBSD: moduli.c,v 1.3 2003/12/07 06:34:18 djm Exp $ */ +/* $OpenBSD: moduli.c,v 1.4 2003/12/09 13:52:55 dtucker Exp $ */ /* * Copyright 1994 Phil Karn * Copyright 1996-1998, 2003 William Allen Simpson @@ -550,6 +550,15 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, continue; } + /* + * Primes with no known generator are useless for DH, so + * skip those. + */ + if (generator_known == 0) { + debug2("%10u: no known generator", count_in); + continue; + } + count_possible++; /*