diff options
author | djm <djm> | 2010-09-10 01:23:34 +0000 |
---|---|---|
committer | djm <djm> | 2010-09-10 01:23:34 +0000 |
commit | bd0e89319d60e7a8b1d82910d88bfac17c9aa5ee (patch) | |
tree | 8d0c79ec505dd2e4cc88dd42538cfe2c4938355d /kexecdh.c | |
parent | aa3175814f38a21a09995488330979fe4f191073 (diff) | |
download | openssh-bd0e89319d60e7a8b1d82910d88bfac17c9aa5ee.tar.gz |
- djm@cvs.openbsd.org 2010/09/09 10:45:45
[kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c]
ECDH/ECDSA compliance fix: these methods vary the hash function they use
(SHA256/384/512) depending on the length of the curve in use. The previous
code incorrectly used SHA256 in all cases.
This fix will cause authentication failure when using 384 or 521-bit curve
keys if one peer hasn't been upgraded and the other has. (256-bit curve
keys work ok). In particular you may need to specify HostkeyAlgorithms
when connecting to a server that has not been upgraded from an upgraded
client.
ok naddy@
Diffstat (limited to 'kexecdh.c')
-rw-r--r-- | kexecdh.c | 14 |
1 files changed, 11 insertions, 3 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: kexecdh.c,v 1.1 2010/08/31 11:54:45 djm Exp $ */ +/* $OpenBSD: kexecdh.c,v 1.2 2010/09/09 10:45:45 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -48,15 +48,23 @@ kex_ecdh_name_to_nid(const char *kexname) { int ret; - if (strlen(kexname) < sizeof(KEX_ECDH_SHA256) - 1) + if (strlen(kexname) < sizeof(KEX_ECDH_SHA2_STEM) - 1) fatal("%s: kexname too short \"%s\"", __func__, kexname); - ret = key_curve_name_to_nid(kexname + sizeof(KEX_ECDH_SHA256) - 1); + ret = key_curve_name_to_nid(kexname + sizeof(KEX_ECDH_SHA2_STEM) - 1); if (ret == -1) fatal("%s: unsupported curve negotiated \"%s\"", __func__, kexname); return ret; } +const EVP_MD * +kex_ecdh_name_to_evpmd(const char *kexname) +{ + int nid = kex_ecdh_name_to_nid(kexname); + + return key_ec_nid_to_evpmd(nid); +} + void kex_ecdh_hash( const EVP_MD *evp_md, |