diff options
| author | djm <djm> | 2010-09-10 01:23:34 +0000 |
|---|---|---|
| committer | djm <djm> | 2010-09-10 01:23:34 +0000 |
| commit | bd0e89319d60e7a8b1d82910d88bfac17c9aa5ee (patch) | |
| tree | 8d0c79ec505dd2e4cc88dd42538cfe2c4938355d /ssh-ecdsa.c | |
| parent | aa3175814f38a21a09995488330979fe4f191073 (diff) | |
| download | openssh-bd0e89319d60e7a8b1d82910d88bfac17c9aa5ee.tar.gz | |
- djm@cvs.openbsd.org 2010/09/09 10:45:45
[kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c]
ECDH/ECDSA compliance fix: these methods vary the hash function they use
(SHA256/384/512) depending on the length of the curve in use. The previous
code incorrectly used SHA256 in all cases.
This fix will cause authentication failure when using 384 or 521-bit curve
keys if one peer hasn't been upgraded and the other has. (256-bit curve
keys work ok). In particular you may need to specify HostkeyAlgorithms
when connecting to a server that has not been upgraded from an upgraded
client.
ok naddy@
Diffstat (limited to 'ssh-ecdsa.c')
| -rw-r--r-- | ssh-ecdsa.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c index 0627ee5c..5c4ce231 100644 --- a/ssh-ecdsa.c +++ b/ssh-ecdsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD$ */ +/* $OpenBSD: ssh-ecdsa.c,v 1.4 2010/09/10 01:04:10 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -46,7 +46,7 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, const u_char *data, u_int datalen) { ECDSA_SIG *sig; - const EVP_MD *evp_md = EVP_sha256(); + const EVP_MD *evp_md; EVP_MD_CTX md; u_char digest[EVP_MAX_MD_SIZE]; u_int len, dlen; @@ -57,6 +57,7 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, error("%s: no ECDSA key", __func__); return -1; } + evp_md = key_ec_nid_to_evpmd(key->ecdsa_nid); EVP_DigestInit(&md, evp_md); EVP_DigestUpdate(&md, data, datalen); EVP_DigestFinal(&md, digest, &dlen); @@ -94,21 +95,22 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, const u_char *data, u_int datalen) { ECDSA_SIG *sig; - const EVP_MD *evp_md = EVP_sha256(); + const EVP_MD *evp_md; EVP_MD_CTX md; u_char digest[EVP_MAX_MD_SIZE], *sigblob; u_int len, dlen; int rlen, ret; Buffer b, bb; + char *ktype; if (key == NULL || key->ecdsa == NULL || (key->type != KEY_ECDSA && key->type != KEY_ECDSA_CERT)) { error("%s: no ECDSA key", __func__); return -1; } + evp_md = key_ec_nid_to_evpmd(key->ecdsa_nid); /* fetch signature */ - char *ktype; buffer_init(&b); buffer_append(&b, signature, signaturelen); ktype = buffer_get_string(&b, NULL); |