- djm@cvs.openbsd.org 2010/09/09 10:45:45

     [kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c]
     ECDH/ECDSA compliance fix: these methods vary the hash function they use
     (SHA256/384/512) depending on the length of the curve in use. The previous
     code incorrectly used SHA256 in all cases.

     This fix will cause authentication failure when using 384 or 521-bit curve
     keys if one peer hasn't been upgraded and the other has. (256-bit curve
     keys work ok). In particular you may need to specify HostkeyAlgorithms
     when connecting to a server that has not been upgraded from an upgraded
     client.

     ok naddy@

1 files changed, 11 insertions, 3 deletions

diff --git a/kexecdh.c b/kexecdh.c
index bd571813..f59d7b90 100644
--- a/kexecdh.c
+++ b/kexecdh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexecdh.c,v 1.1 2010/08/31 11:54:45 djm Exp $ */
+/* $OpenBSD: kexecdh.c,v 1.2 2010/09/09 10:45:45 djm Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2010 Damien Miller.  All rights reserved.
@@ -48,15 +48,23 @@ kex_ecdh_name_to_nid(const char *kexname)
 {
 	int ret;
 
-	if (strlen(kexname) < sizeof(KEX_ECDH_SHA256) - 1)
+	if (strlen(kexname) < sizeof(KEX_ECDH_SHA2_STEM) - 1)
 		fatal("%s: kexname too short \"%s\"", __func__, kexname);
-	ret = key_curve_name_to_nid(kexname + sizeof(KEX_ECDH_SHA256) - 1);
+	ret = key_curve_name_to_nid(kexname + sizeof(KEX_ECDH_SHA2_STEM) - 1);
 	if (ret == -1)
 		fatal("%s: unsupported curve negotiated \"%s\"", __func__,
 		    kexname);
 	return ret;
 }
 
+const EVP_MD *
+kex_ecdh_name_to_evpmd(const char *kexname)
+{
+	int nid = kex_ecdh_name_to_nid(kexname);
+
+	return key_ec_nid_to_evpmd(nid);
+}
+
 void
 kex_ecdh_hash(
     const EVP_MD *evp_md,