Attachment 3066 Details for Bug 2793 – Patch to remove the fallback mechanism.

[patch] Patch to remove the fallback mechanism.

dh_group_exchange_incorrect_fallback.diff (text/plain), 2.05 KB, created by Joe Testa on 2017-10-10 05:41:59 AEDT

(hide)

Description:

Filename:

MIME Type:

Creator: Joe Testa

Created: 2017-10-10 05:41:59 AEDT

Size: 2.05 KB

patch

obsolete

>diff --git a/dh.c b/dh.c
>index 4753124..be91ca4 100644
>--- a/dh.c
>+++ b/dh.c
>@@ -152,9 +152,9 @@ choose_dh(int min, int wantbits, int max)
>        struct dhgroup dhg;
> 
>        if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL) {
>-               logit("WARNING: could not open %s (%s), using fixed modulus",
>+               logit("ERROR: could not open %s (%s)",
>                    _PATH_DH_MODULI, strerror(errno));
>-               return (dh_new_group_fallback(max));
>+               return NULL;
>        }
> 
>        linenum = 0;
>@@ -181,8 +181,8 @@ choose_dh(int min, int wantbits, int max)
> 
>        if (bestcount == 0) {
>                fclose(f);
>-               logit("WARNING: no suitable primes in %s", _PATH_DH_MODULI);
>-               return (dh_new_group_fallback(max));
>+               logit("ERROR: no suitable primes in %s", _PATH_DH_MODULI);
>+               return NULL;
>        }
> 
>        linenum = 0;
>@@ -201,9 +201,9 @@ choose_dh(int min, int wantbits, int max)
>        }
>        fclose(f);
>        if (linenum != which+1) {
>-               logit("WARNING: line %d disappeared in %s, giving up",
>+               logit("ERROR: line %d disappeared in %s, giving up",
>                    which, _PATH_DH_MODULI);
>-               return (dh_new_group_fallback(max));
>+               return NULL;
>        }
> 
>        return (dh_new_group(dhg.g, dhg.p));
>@@ -431,22 +431,6 @@ dh_new_group18(void)
>        return (dh_new_group_asc(gen, group16));
> }
> 
>-/* Select fallback group used by DH-GEX if moduli file cannot be read. */
>-DH *
>-dh_new_group_fallback(int max)
>-{
>-       debug3("%s: requested max size %d", __func__, max);
>-       if (max < 3072) {
>-               debug3("using 2k bit group 14");
>-               return dh_new_group14();
>-       } else if (max < 6144) {
>-               debug3("using 4k bit group 16");
>-               return dh_new_group16();
>-       }
>-       debug3("using 8k bit group 18");
>-       return dh_new_group18();
>-}
>-
> /*
>  * Estimates the group order for a Diffie-Hellman group that has an
>  * attack complexity approximately the same as O(2**bits).
>

Actions: View | Diff

Attachments on bug 2793: 3066