From: djm@openbsd.org <djm@openbsd.org>
Date: Thu, 26 Mar 2015 06:59:28 +0000 (+0000)
Subject: upstream commit
X-Git-Tag: V_6_9_P1~143
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b8afbe2c1aaf573565e4da775261dfafc8b1ba9c;p=thirdparty%2Fopenssh-portable.git

upstream commit

relax bits needed check to allow
 diffie-hellman-group1-sha1 key exchange to complete for chacha20-poly1305 was
 selected as symmetric cipher; ok markus
---

diff --git a/dh.c b/dh.c
index a260240fd..1e5388d7f 100644
--- a/dh.c
+++ b/dh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.c,v 1.55 2015/01/20 23:14:00 deraadt Exp $ */
+/* $OpenBSD: dh.c,v 1.56 2015/03/26 06:59:28 djm Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  *
@@ -261,7 +261,7 @@ dh_gen_key(DH *dh, int need)
 
 	if (need < 0 || dh->p == NULL ||
 	    (pbits = BN_num_bits(dh->p)) <= 0 ||
-	    need > INT_MAX / 2 || 2 * need >= pbits)
+	    need > INT_MAX / 2 || 2 * need > pbits)
 		return SSH_ERR_INVALID_ARGUMENT;
 	dh->length = MIN(need * 2, pbits - 1);
 	if (DH_generate_key(dh) == 0 ||