Attachment #3066 for bug #2793

View | Details | Raw Unified | Return to bug 2793
Collapse All | Expand All




       struct dhgroup dhg;

       if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL) {
               logit("ERROR: could not open %s (%s)",
                   _PATH_DH_MODULI, strerror(errno));
               return NULL;
       }

       linenum = 0;


       if (bestcount == 0) {
               fclose(f);
               logit("ERROR: no suitable primes in %s", _PATH_DH_MODULI);
               return NULL;
       }

       linenum = 0;

       }
       fclose(f);
       if (linenum != which+1) {
               logit("ERROR: line %d disappeared in %s, giving up",
                   which, _PATH_DH_MODULI);
               return NULL;
       }

       return (dh_new_group(dhg.g, dhg.p));

       return (dh_new_group_asc(gen, group16));
}

/* Select fallback group used by DH-GEX if moduli file cannot be read. */
DH *
dh_new_group_fallback(int max)
{
       debug3("%s: requested max size %d", __func__, max);
       if (max < 3072) {
               debug3("using 2k bit group 14");
               return dh_new_group14();
       } else if (max < 6144) {
               debug3("using 4k bit group 16");
               return dh_new_group16();
       }
       debug3("using 8k bit group 18");
       return dh_new_group18();
}

/*
 * Estimates the group order for a Diffie-Hellman group that has an
 * attack complexity approximately the same as O(2**bits).

Return to bug 2793

Lines 152-160 choose_dh(int min, int wantbits, int max) Link Here

(-)a/dh.c (-22 / +6 lines)
152	struct dhgroup dhg;	152	struct dhgroup dhg;
153		153
154	if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL) {	154	if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL) {
155	logit("WARNING: could not open %s (%s), using fixed modulus",	155	logit("ERROR: could not open %s (%s)",
156	_PATH_DH_MODULI, strerror(errno));	156	_PATH_DH_MODULI, strerror(errno));
157	return (dh_new_group_fallback(max));	157	return NULL;
158	}	158	}
159		159
160	linenum = 0;	160	linenum = 0;
Lines 181-188 choose_dh(int min, int wantbits, int max) Link Here
181		181
182	if (bestcount == 0) {	182	if (bestcount == 0) {
183	fclose(f);	183	fclose(f);
184	logit("WARNING: no suitable primes in %s", _PATH_DH_MODULI);	184	logit("ERROR: no suitable primes in %s", _PATH_DH_MODULI);
185	return (dh_new_group_fallback(max));	185	return NULL;
186	}	186	}
187		187
188	linenum = 0;	188	linenum = 0;
Lines 201-209 choose_dh(int min, int wantbits, int max) Link Here
201	}	201	}
202	fclose(f);	202	fclose(f);
203	if (linenum != which+1) {	203	if (linenum != which+1) {
204	logit("WARNING: line %d disappeared in %s, giving up",	204	logit("ERROR: line %d disappeared in %s, giving up",
205	which, _PATH_DH_MODULI);	205	which, _PATH_DH_MODULI);
206	return (dh_new_group_fallback(max));	206	return NULL;
207	}	207	}
208		208
209	return (dh_new_group(dhg.g, dhg.p));	209	return (dh_new_group(dhg.g, dhg.p));
Lines 431-452 dh_new_group18(void) Link Here
431	return (dh_new_group_asc(gen, group16));	431	return (dh_new_group_asc(gen, group16));
432	}	432	}
433		433
434	/* Select fallback group used by DH-GEX if moduli file cannot be read. */
435	DH *
436	dh_new_group_fallback(int max)
437	{
438	debug3("%s: requested max size %d", __func__, max);
439	if (max < 3072) {
440	debug3("using 2k bit group 14");
441	return dh_new_group14();
442	} else if (max < 6144) {
443	debug3("using 4k bit group 16");
444	return dh_new_group16();
445	}
446	debug3("using 8k bit group 18");
447	return dh_new_group18();
448	}
449
450	/*	434	/*
451	* Estimates the group order for a Diffie-Hellman group that has an	435	* Estimates the group order for a Diffie-Hellman group that has an
452	* attack complexity approximately the same as O(2**bits).	436	* attack complexity approximately the same as O(2**bits).