upstream commit

Remove fallback from moduli to "primes" file that was
 deprecated in 2001 and fix log messages referring to primes file.  Based on
 patch from xnox at ubuntu.com via bz#2559.  "kill it" deraadt@

Upstream-ID: 0d4f8c70e2fa7431a83b95f8ca81033147ba8713

1 files changed, 7 insertions, 7 deletions

diff --git a/dh.c b/dh.c
index 7f68321d..20f81913 100644
--- a/dh.c
+++ b/dh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.c,v 1.58 2016/02/28 22:27:00 djm Exp $ */
+/* $OpenBSD: dh.c,v 1.59 2016/03/31 05:24:06 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  *
@@ -30,6 +30,7 @@
 #include <openssl/bn.h>
 #include <openssl/dh.h>
 
+#include <errno.h>
 #include <stdarg.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -151,10 +152,9 @@ choose_dh(int min, int wantbits, int max)
 	int linenum;
 	struct dhgroup dhg;
 
-	if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL &&
-	    (f = fopen(_PATH_DH_PRIMES, "r")) == NULL) {
-		logit("WARNING: %s does not exist, using fixed modulus",
-		    _PATH_DH_MODULI);
+	if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL) {
+		logit("WARNING: could open open %s (%s), using fixed modulus",
+		    _PATH_DH_MODULI, strerror(errno));
 		return (dh_new_group_fallback(max));
 	}
 
@@ -182,7 +182,7 @@ choose_dh(int min, int wantbits, int max)
 
 	if (bestcount == 0) {
 		fclose(f);
-		logit("WARNING: no suitable primes in %s", _PATH_DH_PRIMES);
+		logit("WARNING: no suitable primes in %s", _PATH_DH_MODULI);
 		return (dh_new_group_fallback(max));
 	}
 
@@ -203,7 +203,7 @@ choose_dh(int min, int wantbits, int max)
 	fclose(f);
 	if (linenum != which+1) {
 		logit("WARNING: line %d disappeared in %s, giving up",
-		    which, _PATH_DH_PRIMES);
+		    which, _PATH_DH_MODULI);
 		return (dh_new_group_fallback(max));
 	}