- markus@cvs.openbsd.org 2002/01/31 13:35:11

[kexdh.c kexgex.c] cross check announced key type and type from key blob
author: Damien Miller <djm@mindrot.org> 2002-02-05 12:19:52 +1100
committer: Damien Miller <djm@mindrot.org> 2002-02-05 12:19:52 +1100
commit: 9ab47eeb229761173ce5da5b4976d9ea9a7b75e4 (patch)
tree: 4c6a56b641c77b2d728cf6dd2f77bc1058020efb
parent: 07a2d429b2aafe273056f71ab150456fe3ff31ef (diff)
3 files changed, 10 insertions, 5 deletions
diff --git a/ChangeLog b/ChangeLog
index 52d0eb709..4c68665a2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -48,6 +48,9 @@
   - markus@cvs.openbsd.org 2002/01/29 23:50:37
     [scp.1 ssh.1]
     mention exit status; ok stevesk@
+   - markus@cvs.openbsd.org 2002/01/31 13:35:11
+     [kexdh.c kexgex.c]
+     cross check announced key type and type from key blob
 20020130
 - (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@
@@ -7450,4 +7453,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1
-$Id: ChangeLog,v 1.1812 2002/02/05 01:16:15 djm Exp $
+$Id: ChangeLog,v 1.1813 2002/02/05 01:19:52 djm Exp $
diff --git a/kexdh.c b/kexdh.c
index 60d13a8b9..f87d52952 100644
--- a/kexdh.c
+++ b/kexdh.c
@@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: kexdh.c,v 1.13 2002/01/25 22:07:40 markus Exp $");
+RCSID("$OpenBSD: kexdh.c,v 1.14 2002/01/31 13:35:11 markus Exp $");
 #include <openssl/crypto.h>
 #include <openssl/bn.h>
@@ -121,7 +121,8 @@ kexdh_client(Kex *kex)
        server_host_key = key_from_blob(server_host_key_blob, sbloblen);
        if (server_host_key == NULL)
                fatal("cannot decode server_host_key_blob");
+        if (server_host_key->type != kex->hostkey_type)
+                fatal("type mismatch for decoded server_host_key_blob");
        if (kex->verify_host_key == NULL)
                fatal("cannot verify server_host_key");
        if (kex->verify_host_key(server_host_key) == -1)
diff --git a/kexgex.c b/kexgex.c
index b50a7114f..dc2fa6723 100644
--- a/kexgex.c
+++ b/kexgex.c
@@ -24,7 +24,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: kexgex.c,v 1.16 2002/01/25 22:07:40 markus Exp $");
+RCSID("$OpenBSD: kexgex.c,v 1.17 2002/01/31 13:35:11 markus Exp $");
 #include <openssl/bn.h>
@@ -176,7 +176,8 @@ kexgex_client(Kex *kex)
        server_host_key = key_from_blob(server_host_key_blob, sbloblen);
        if (server_host_key == NULL)
                fatal("cannot decode server_host_key_blob");
+        if (server_host_key->type != kex->hostkey_type)
+                fatal("type mismatch for decoded server_host_key_blob");
        if (kex->verify_host_key == NULL)
                fatal("cannot verify server_host_key");
        if (kex->verify_host_key(server_host_key) == -1)
author	Damien Miller <djm@mindrot.org>	2002-02-05 12:19:52 +1100
committer	Damien Miller <djm@mindrot.org>	2002-02-05 12:19:52 +1100
commit	9ab47eeb229761173ce5da5b4976d9ea9a7b75e4 (patch)
tree	4c6a56b641c77b2d728cf6dd2f77bc1058020efb
parent	07a2d429b2aafe273056f71ab150456fe3ff31ef (diff)

diff --git a/ChangeLog b/ChangeLog index 52d0eb709..4c68665a2 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -48,6 +48,9 @@
48	- markus@cvs.openbsd.org 2002/01/29 23:50:37	48	- markus@cvs.openbsd.org 2002/01/29 23:50:37
49	[scp.1 ssh.1]	49	[scp.1 ssh.1]
50	mention exit status; ok stevesk@	50	mention exit status; ok stevesk@
		51	- markus@cvs.openbsd.org 2002/01/31 13:35:11
		52	[kexdh.c kexgex.c]
		53	cross check announced key type and type from key blob
51		54
52	20020130	55	20020130
53	- (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@	56	- (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@
@@ -7450,4 +7453,4 @@
7450	- Wrote replacements for strlcpy and mkdtemp	7453	- Wrote replacements for strlcpy and mkdtemp
7451	- Released 1.0pre1	7454	- Released 1.0pre1
7452		7455
7453	$Id: ChangeLog,v 1.1812 2002/02/05 01:16:15 djm Exp $	7456	$Id: ChangeLog,v 1.1813 2002/02/05 01:19:52 djm Exp $


diff --git a/kexdh.c b/kexdh.c index 60d13a8b9..f87d52952 100644 --- a/kexdh.c +++ b/kexdh.c
@@ -23,7 +23,7 @@
23	*/	23	*/
24		24
25	#include "includes.h"	25	#include "includes.h"
26	RCSID("$OpenBSD: kexdh.c,v 1.13 2002/01/25 22:07:40 markus Exp $");	26	RCSID("$OpenBSD: kexdh.c,v 1.14 2002/01/31 13:35:11 markus Exp $");
27		27
28	#include <openssl/crypto.h>	28	#include <openssl/crypto.h>
29	#include <openssl/bn.h>	29	#include <openssl/bn.h>
@@ -121,7 +121,8 @@ kexdh_client(Kex *kex)
121	server_host_key = key_from_blob(server_host_key_blob, sbloblen);	121	server_host_key = key_from_blob(server_host_key_blob, sbloblen);
122	if (server_host_key == NULL)	122	if (server_host_key == NULL)
123	fatal("cannot decode server_host_key_blob");	123	fatal("cannot decode server_host_key_blob");
124		124	if (server_host_key->type != kex->hostkey_type)
		125	fatal("type mismatch for decoded server_host_key_blob");
125	if (kex->verify_host_key == NULL)	126	if (kex->verify_host_key == NULL)
126	fatal("cannot verify server_host_key");	127	fatal("cannot verify server_host_key");
127	if (kex->verify_host_key(server_host_key) == -1)	128	if (kex->verify_host_key(server_host_key) == -1)


diff --git a/kexgex.c b/kexgex.c index b50a7114f..dc2fa6723 100644 --- a/kexgex.c +++ b/kexgex.c
@@ -24,7 +24,7 @@
24	*/	24	*/
25		25
26	#include "includes.h"	26	#include "includes.h"
27	RCSID("$OpenBSD: kexgex.c,v 1.16 2002/01/25 22:07:40 markus Exp $");	27	RCSID("$OpenBSD: kexgex.c,v 1.17 2002/01/31 13:35:11 markus Exp $");
28		28
29	#include <openssl/bn.h>	29	#include <openssl/bn.h>
30		30
@@ -176,7 +176,8 @@ kexgex_client(Kex *kex)
176	server_host_key = key_from_blob(server_host_key_blob, sbloblen);	176	server_host_key = key_from_blob(server_host_key_blob, sbloblen);
177	if (server_host_key == NULL)	177	if (server_host_key == NULL)
178	fatal("cannot decode server_host_key_blob");	178	fatal("cannot decode server_host_key_blob");
179		179	if (server_host_key->type != kex->hostkey_type)
		180	fatal("type mismatch for decoded server_host_key_blob");
180	if (kex->verify_host_key == NULL)	181	if (kex->verify_host_key == NULL)
181	fatal("cannot verify server_host_key");	182	fatal("cannot verify server_host_key");
182	if (kex->verify_host_key(server_host_key) == -1)	183	if (kex->verify_host_key(server_host_key) == -1)