diff options
author | djm@openbsd.org <djm@openbsd.org> | 2021-12-19 22:08:06 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2021-12-20 09:24:42 +1100 |
commit | b42c61d6840d16ef392ed0f365e8c000734669aa (patch) | |
tree | 382b0382fa3ca143ebe2994658063e2de3bc3727 /kexgexs.c | |
parent | 26ca33d186473d58a32d812e19273ce078b6ffff (diff) | |
download | openssh-git-b42c61d6840d16ef392ed0f365e8c000734669aa.tar.gz |
upstream: Record session ID, host key and sig at intital KEX
These will be used later for agent session ID / hostkey binding
ok markus@
OpenBSD-Commit-ID: a9af29e33772b18e3e867c6fa8ab35e1694a81fe
Diffstat (limited to 'kexgexs.c')
-rw-r--r-- | kexgexs.c | 14 |
1 files changed, 11 insertions, 3 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexs.c,v 1.43 2021/01/31 22:55:29 djm Exp $ */ +/* $OpenBSD: kexgexs.c,v 1.44 2021/12/19 22:08:06 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -194,8 +194,16 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) (r = sshpkt_send(ssh)) != 0) goto out; - if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0) - r = kex_send_newkeys(ssh); + if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) != 0 || + (r = kex_send_newkeys(ssh)) != 0) + goto out; + + /* retain copy of hostkey used at initial KEX */ + if (kex->initial_hostkey == NULL && + (r = sshkey_from_private(server_host_public, + &kex->initial_hostkey)) != 0) + goto out; + /* success */ out: explicit_bzero(hash, sizeof(hash)); DH_free(kex->dh); |