From b1b2ff4ed559051d1035419f8f236275fa66d5d6 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Mon, 21 Jan 2019 10:07:22 +0000
Subject: upstream: factor out kex_verify_hostkey() - again, duplicated

almost exactly across client and server for several KEX methods.

from markus@ ok djm@

OpenBSD-Commit-ID: 4e4a16d949dadde002a0aacf6d280a684e20829c
---
 kex.c | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

(limited to 'kex.c')

diff --git a/kex.c b/kex.c
index a0d13a88..d8c71bb3 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.145 2019/01/21 10:05:09 djm Exp $ */
+/* $OpenBSD: kex.c,v 1.146 2019/01/21 10:07:22 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  *
@@ -1071,6 +1071,22 @@ kex_load_hostkey(struct ssh *ssh, struct sshkey **pubp, struct sshkey **prvp)
 	return 0;
 }
 
+int
+kex_verify_host_key(struct ssh *ssh, struct sshkey *server_host_key)
+{
+	struct kex *kex = ssh->kex;
+
+	if (kex->verify_host_key == NULL)
+		return SSH_ERR_INVALID_ARGUMENT;
+	if (server_host_key->type != kex->hostkey_type ||
+	    (kex->hostkey_type == KEY_ECDSA &&
+	    server_host_key->ecdsa_nid != kex->hostkey_nid))
+		return SSH_ERR_KEY_TYPE_MISMATCH;
+	if (kex->verify_host_key(server_host_key, ssh) == -1)
+		return  SSH_ERR_SIGNATURE_INVALID;
+	return 0;
+}
+
 #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH)
 void
 dump_digest(char *msg, u_char *digest, int len)
-- 
cgit v1.2.1