From: dtucker@openbsd.org <dtucker@openbsd.org>
Date: Tue, 3 Dec 2024 16:27:53 +0000 (+0000)
Subject: upstream: Remove fallback to compiled-in gropup for dhgex when the
X-Git-Tag: V_10_0_P1~118
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=97eb247f40167f44324e88a537d5b4fe771a63b2;p=thirdparty%2Fopenssh-portable.git

upstream: Remove fallback to compiled-in gropup for dhgex when the

moduli file exists, but does not contain moduli within the client-requested
range. The fallback behaviour remains for the case where the moduli file does
not exist (typically, running tests prior to installing). From bz#2793, based
in part on patch from Joe Testa, ok djm@

OpenBSD-Commit-ID: b1a8c5dbbedf249b42474679ebaf14db7332b1ab
---

diff --git a/dh.c b/dh.c
index ce2eb4725..168dea1dd 100644
--- a/dh.c
+++ b/dh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.c,v 1.74 2021/04/03 06:18:40 djm Exp $ */
+/* $OpenBSD: dh.c,v 1.75 2024/12/03 16:27:53 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  *
@@ -197,9 +197,9 @@ choose_dh(int min, int wantbits, int max)
 
 	if (bestcount == 0) {
 		fclose(f);
-		logit("WARNING: no suitable primes in %s",
-		    get_moduli_filename());
-		return (dh_new_group_fallback(max));
+		logit("WARNING: no suitable primes (size %d/%d/%d) in %s",
+		    min, wantbits, max, get_moduli_filename());
+		return NULL;
 	}
 	which = arc4random_uniform(bestcount);