- markus@cvs.openbsd.org 2003/12/16 15:51:54

     [dh.c]
     use <= instead of < in dh_estimate; ok provos/hshoexer;
     do not return < DH_GRP_MIN

diff --git a/ChangeLog b/ChangeLog
index 056fa3fc10e077cad17da89614ac4a61017b2623..bc219d076fa5a4cb5bb348d078a83ca59f7146f5 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -29,6 +29,10 @@
      application layer keep alive (ServerAliveInterval ServerAliveCountMax)
      for ssh(1), similar to the sshd(8) option; ok beck@; with help from
      jmc and dtucker@
+   - markus@cvs.openbsd.org 2003/12/16 15:51:54
+     [dh.c]
+     use <= instead of < in dh_estimate; ok provos/hshoexer; 
+     do not return < DH_GRP_MIN
 
 20031209
  - (dtucker) OpenBSD CVS Sync

diff --git a/dh.c b/dh.c
index c924efee0d1678e95a1918255f7dc326462e9902..c7a3e18be82afb4bebe659ce1c9e1a8e16aa1a51 100644 (file)
--- a/dh.c
+++ b/dh.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: dh.c,v 1.25 2003/09/18 13:02:21 miod Exp $");
+RCSID("$OpenBSD: dh.c,v 1.26 2003/12/16 15:51:54 markus Exp $");
 
 #include "xmalloc.h"
 
@@ -279,11 +279,9 @@ int
 dh_estimate(int bits)
 {
 
-       if (bits < 64)
-               return (512);   /* O(2**63) */
-       if (bits < 128)
+       if (bits <= 128)
                return (1024);  /* O(2**86) */
-       if (bits < 192)
+       if (bits <= 192)
                return (2048);  /* O(2**116) */
        return (4096);          /* O(2**156) */
 }