diff options
author | djm@openbsd.org <djm@openbsd.org> | 2015-01-26 06:10:03 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2015-01-27 00:00:57 +1100 |
commit | 5104db7cbd6cdd9c5971f4358e74414862fc1022 (patch) | |
tree | 94692c77a4888f8adade706324fdee3a999bc6b0 /ssh_api.c | |
parent | 8d4f87258f31cb6def9b3b55b6a7321d84728ff2 (diff) | |
download | openssh-git-5104db7cbd6cdd9c5971f4358e74414862fc1022.tar.gz |
upstream commit
correctly match ECDSA subtype (== curve) for
offered/recevied host keys. Fixes connection-killing host key mismatches when
a server offers multiple ECDSA keys with different curve type (an extremely
unlikely configuration).
ok markus, "looks mechanical" deraadt@
Diffstat (limited to 'ssh_api.c')
-rw-r--r-- | ssh_api.c | 16 |
1 files changed, 9 insertions, 7 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: ssh_api.c,v 1.1 2015/01/19 20:30:23 markus Exp $ */ +/* $OpenBSD: ssh_api.c,v 1.2 2015/01/26 06:10:03 djm Exp $ */ /* * Copyright (c) 2012 Markus Friedl. All rights reserved. * @@ -38,8 +38,8 @@ int _ssh_send_banner(struct ssh *, char **); int _ssh_read_banner(struct ssh *, char **); int _ssh_order_hostkeyalgs(struct ssh *); int _ssh_verify_host_key(struct sshkey *, struct ssh *); -struct sshkey *_ssh_host_public_key(int, struct ssh *); -struct sshkey *_ssh_host_private_key(int, struct ssh *); +struct sshkey *_ssh_host_public_key(int, int, struct ssh *); +struct sshkey *_ssh_host_private_key(int, int, struct ssh *); int _ssh_host_key_sign(struct sshkey *, struct sshkey *, u_char **, size_t *, u_char *, size_t, u_int); @@ -425,28 +425,30 @@ _ssh_exchange_banner(struct ssh *ssh) } struct sshkey * -_ssh_host_public_key(int type, struct ssh *ssh) +_ssh_host_public_key(int type, int nid, struct ssh *ssh) { struct key_entry *k; debug3("%s: need %d", __func__, type); TAILQ_FOREACH(k, &ssh->public_keys, next) { debug3("%s: check %s", __func__, sshkey_type(k->key)); - if (k->key->type == type) + if (k->key->type == type && + (type != KEY_ECDSA || k->key->ecdsa_nid == nid)) return (k->key); } return (NULL); } struct sshkey * -_ssh_host_private_key(int type, struct ssh *ssh) +_ssh_host_private_key(int type, int nid, struct ssh *ssh) { struct key_entry *k; debug3("%s: need %d", __func__, type); TAILQ_FOREACH(k, &ssh->private_keys, next) { debug3("%s: check %s", __func__, sshkey_type(k->key)); - if (k->key->type == type) + if (k->key->type == type && + (type != KEY_ECDSA || k->key->ecdsa_nid == nid)) return (k->key); } return (NULL); |