upstream: Add ModuliFile keyword to sshd_config to specify the

location of the "moduli" file containing the groups for DH-GEX.  This will
allow us to run tests against arbitrary moduli files without having to
install them. ok djm@

OpenBSD-Commit-ID: 8df99d60b14ecaaa28f3469d01fc7f56bff49f66

1 files changed, 18 insertions, 5 deletions

diff --git a/dh.c b/dh.c
index b5bb35e4..82590f68 100644
--- a/dh.c
+++ b/dh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.c,v 1.72 2020/10/18 11:32:01 djm Exp $ */
+/* $OpenBSD: dh.c,v 1.73 2021/03/12 04:08:19 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  *
@@ -45,6 +45,18 @@
 
 #include "openbsd-compat/openssl-compat.h"
 
+static const char *moduli_filename;
+
+void dh_set_moduli_file(const char *filename)
+{
+	moduli_filename = filename;
+}
+
+static const char * get_moduli_filename(void)
+{
+	return moduli_filename ? moduli_filename : _PATH_DH_MODULI;
+}
+
 static int
 parse_prime(int linenum, char *line, struct dhgroup *dhg)
 {
@@ -152,9 +164,9 @@ choose_dh(int min, int wantbits, int max)
 	int best, bestcount, which, linenum;
 	struct dhgroup dhg;
 
-	if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL) {
+	if ((f = fopen(get_moduli_filename(), "r")) == NULL) {
 		logit("WARNING: could not open %s (%s), using fixed modulus",
-		    _PATH_DH_MODULI, strerror(errno));
+		    get_moduli_filename(), strerror(errno));
 		return (dh_new_group_fallback(max));
 	}
 
@@ -185,7 +197,8 @@ choose_dh(int min, int wantbits, int max)
 
 	if (bestcount == 0) {
 		fclose(f);
-		logit("WARNING: no suitable primes in %s", _PATH_DH_MODULI);
+		logit("WARNING: no suitable primes in %s",
+		    get_moduli_filename());
 		return (dh_new_group_fallback(max));
 	}
 	which = arc4random_uniform(bestcount);
@@ -210,7 +223,7 @@ choose_dh(int min, int wantbits, int max)
 	fclose(f);
 	if (bestcount != which + 1) {
 		logit("WARNING: selected prime disappeared in %s, giving up",
-		    _PATH_DH_MODULI);
+		    get_moduli_filename());
 		return (dh_new_group_fallback(max));
 	}