summaryrefslogtreecommitdiff
path: root/ssh_api.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2015-01-26 06:10:03 +0000
committerDamien Miller <djm@mindrot.org>2015-01-27 00:00:57 +1100
commit5104db7cbd6cdd9c5971f4358e74414862fc1022 (patch)
tree94692c77a4888f8adade706324fdee3a999bc6b0 /ssh_api.c
parent8d4f87258f31cb6def9b3b55b6a7321d84728ff2 (diff)
downloadopenssh-git-5104db7cbd6cdd9c5971f4358e74414862fc1022.tar.gz
upstream commit
correctly match ECDSA subtype (== curve) for offered/recevied host keys. Fixes connection-killing host key mismatches when a server offers multiple ECDSA keys with different curve type (an extremely unlikely configuration). ok markus, "looks mechanical" deraadt@
Diffstat (limited to 'ssh_api.c')
-rw-r--r--ssh_api.c16
1 files changed, 9 insertions, 7 deletions
diff --git a/ssh_api.c b/ssh_api.c
index 1df995c9..9794e0e5 100644
--- a/ssh_api.c
+++ b/ssh_api.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh_api.c,v 1.1 2015/01/19 20:30:23 markus Exp $ */
+/* $OpenBSD: ssh_api.c,v 1.2 2015/01/26 06:10:03 djm Exp $ */
/*
* Copyright (c) 2012 Markus Friedl. All rights reserved.
*
@@ -38,8 +38,8 @@ int _ssh_send_banner(struct ssh *, char **);
int _ssh_read_banner(struct ssh *, char **);
int _ssh_order_hostkeyalgs(struct ssh *);
int _ssh_verify_host_key(struct sshkey *, struct ssh *);
-struct sshkey *_ssh_host_public_key(int, struct ssh *);
-struct sshkey *_ssh_host_private_key(int, struct ssh *);
+struct sshkey *_ssh_host_public_key(int, int, struct ssh *);
+struct sshkey *_ssh_host_private_key(int, int, struct ssh *);
int _ssh_host_key_sign(struct sshkey *, struct sshkey *, u_char **,
size_t *, u_char *, size_t, u_int);
@@ -425,28 +425,30 @@ _ssh_exchange_banner(struct ssh *ssh)
}
struct sshkey *
-_ssh_host_public_key(int type, struct ssh *ssh)
+_ssh_host_public_key(int type, int nid, struct ssh *ssh)
{
struct key_entry *k;
debug3("%s: need %d", __func__, type);
TAILQ_FOREACH(k, &ssh->public_keys, next) {
debug3("%s: check %s", __func__, sshkey_type(k->key));
- if (k->key->type == type)
+ if (k->key->type == type &&
+ (type != KEY_ECDSA || k->key->ecdsa_nid == nid))
return (k->key);
}
return (NULL);
}
struct sshkey *
-_ssh_host_private_key(int type, struct ssh *ssh)
+_ssh_host_private_key(int type, int nid, struct ssh *ssh)
{
struct key_entry *k;
debug3("%s: need %d", __func__, type);
TAILQ_FOREACH(k, &ssh->private_keys, next) {
debug3("%s: check %s", __func__, sshkey_type(k->key));
- if (k->key->type == type)
+ if (k->key->type == type &&
+ (type != KEY_ECDSA || k->key->ecdsa_nid == nid))
return (k->key);
}
return (NULL);
View Lorry Controller Status