dh-gex: Fall back to known primes when the moduli file is not readable

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

include/libssh/dh.h

@@ -67,5 +67,6 @@ int ssh_client_dh_init(ssh_session session);
 void ssh_server_dh_init(ssh_session session);
 #endif /* WITH_SERVER */
 int ssh_server_dh_process_init(ssh_session session, ssh_buffer packet);
+int ssh_fallback_group(uint32_t pmax, bignum *p, bignum *g);
 
 #endif /* DH_H_ */

src/dh-gex.c

@@ -479,7 +479,7 @@ static int ssh_retrieve_dhgroup(uint32_t pmin,
         SSH_LOG(SSH_LOG_WARNING,
                 "Unable to open moduli file: %s",
                 strerror(errno));
-        return SSH_ERROR;
+        return ssh_fallback_group(pmax, p, g);
     }
 
     *size = 0;

src/dh.c

@@ -555,6 +555,33 @@ static SSH_PACKET_CALLBACK(ssh_packet_server_dh_init){
     return SSH_PACKET_USED;
 }
 
+/** @internal
+ * @brief Choose a fallback group for the DH Group exchange if the
+ * moduli file is not readable
+ * @param[in] pmax maximum requestsd group size
+ * @param[out] modulus
+ * @param[out] generator
+ * @returns SSH_OK on success, SSH_ERROR otherwise
+ */
+int ssh_fallback_group(uint32_t pmax,
+                       bignum *modulus,
+                       bignum *generator)
+{
+    *modulus = NULL;
+    *generator = NULL;
+
+    if (pmax < 3072) {
+        *modulus = ssh_dh_group14;
+    } else if (pmax < 6144) {
+        *modulus = ssh_dh_group16;
+    } else {
+        *modulus = ssh_dh_group18;
+    }
+    *generator = ssh_dh_generator;
+
+    return SSH_OK;
+}
+
 #endif /* WITH_SERVER */
 
 /**