upstream: Remove fallback to compiled-in gropup for dhgex when the

moduli file exists, but does not contain moduli within the client-requested
range. The fallback behaviour remains for the case where the moduli file does
not exist (typically, running tests prior to installing). From bz#2793, based
in part on patch from Joe Testa, ok djm@

OpenBSD-Commit-ID: b1a8c5dbbedf249b42474679ebaf14db7332b1ab

diff --git a/dh.c b/dh.c
index ce2eb4725e65ca29d17994645dcb664928db5b12..168dea1dd6481c99ad81e0547bc79bbad8a6d9a6 100644 (file)
--- a/dh.c
+++ b/dh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.c,v 1.74 2021/04/03 06:18:40 djm Exp $ */
+/* $OpenBSD: dh.c,v 1.75 2024/12/03 16:27:53 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  *
@@ -197,9 +197,9 @@ choose_dh(int min, int wantbits, int max)
 
        if (bestcount == 0) {
                fclose(f);
-               logit("WARNING: no suitable primes in %s",
-                   get_moduli_filename());
-               return (dh_new_group_fallback(max));
+               logit("WARNING: no suitable primes (size %d/%d/%d) in %s",
+                   min, wantbits, max, get_moduli_filename());
+               return NULL;
        }
        which = arc4random_uniform(bestcount);