diff options
| author | Damien Tournoud <damien@platform.sh> | 2015-12-23 18:26:18 -0800 |
|---|---|---|
| committer | Damien Tournoud <damien@platform.sh> | 2015-12-23 18:26:21 -0800 |
| commit | 7109ddf9e5feabf04016b00d681def30a4acbca7 (patch) | |
| tree | 2dd616e0968f7b8dea90bff4b3ef74538a5fcbb7 | |
| parent | fa0e17f9ef33d75b62134d35adfd21d3211c6d02 (diff) | |
| download | paramiko-7109ddf9e5feabf04016b00d681def30a4acbca7.tar.gz | |
primes: min and max should be inclusive.
As seen in the [OpenSSH source code][1], the min and max values
of the 'diffie-hellman-group-exchange-*' key exchange types are
supposed to be inclusive.
In the current state of the code and a standard /etc/ssh/moduli
file, OpenSSH client sends min=1024, max=8192, prefer=8192,
but paramiko returns one of the 7680 bits prime instead of one
of the 8192 bits ones.
[1]: https://github.com/openssh/openssh-portable/blob/master/kexgexc.c#L111
| -rw-r--r-- | paramiko/primes.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/paramiko/primes.py b/paramiko/primes.py index 7415c182..d0e17575 100644 --- a/paramiko/primes.py +++ b/paramiko/primes.py @@ -113,12 +113,12 @@ class ModulusPack (object): good = -1 # find nearest bitsize >= preferred for b in bitsizes: - if (b >= prefer) and (b < max) and (b < good or good == -1): + if (b >= prefer) and (b <= max) and (b < good or good == -1): good = b # if that failed, find greatest bitsize >= min if good == -1: for b in bitsizes: - if (b >= min) and (b < max) and (b > good): + if (b >= min) and (b <= max) and (b > good): good = b if good == -1: # their entire (min, max) range has no intersection with our range. |