From 8975ddf11b17bf58191c653a0173d91e50e942c7 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 17 Dec 2003 16:33:53 +1100 Subject: [PATCH] - markus@cvs.openbsd.org 2003/12/16 15:51:54 [dh.c] use <= instead of < in dh_estimate; ok provos/hshoexer; do not return < DH_GRP_MIN --- ChangeLog | 6 +++++- dh.c | 8 +++----- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3593792c1..5c63b2aa2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -29,6 +29,10 @@ application layer keep alive (ServerAliveInterval ServerAliveCountMax) for ssh(1), similar to the sshd(8) option; ok beck@; with help from jmc and dtucker@ + - markus@cvs.openbsd.org 2003/12/16 15:51:54 + [dh.c] + use <= instead of < in dh_estimate; ok provos/hshoexer; + do not return < DH_GRP_MIN 20031209 - (dtucker) OpenBSD CVS Sync @@ -1598,4 +1602,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.3146 2003/12/17 05:33:10 djm Exp $ +$Id: ChangeLog,v 1.3147 2003/12/17 05:33:53 djm Exp $ diff --git a/dh.c b/dh.c index c924efee0..c7a3e18be 100644 --- a/dh.c +++ b/dh.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: dh.c,v 1.25 2003/09/18 13:02:21 miod Exp $"); +RCSID("$OpenBSD: dh.c,v 1.26 2003/12/16 15:51:54 markus Exp $"); #include "xmalloc.h" @@ -279,11 +279,9 @@ int dh_estimate(int bits) { - if (bits < 64) - return (512); /* O(2**63) */ - if (bits < 128) + if (bits <= 128) return (1024); /* O(2**86) */ - if (bits < 192) + if (bits <= 192) return (2048); /* O(2**116) */ return (4096); /* O(2**156) */ }