upstream: factor out kex_verify_hostkey() - again, duplicated

almost exactly across client and server for several KEX methods.

from markus@ ok djm@

OpenBSD-Commit-ID: 4e4a16d949dadde002a0aacf6d280a684e20829c

1 files changed, 17 insertions, 1 deletions

diff --git a/kex.c b/kex.c
index a0d13a880..d8c71bb3e 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.145 2019/01/21 10:05:09 djm Exp $ */
+/* $OpenBSD: kex.c,v 1.146 2019/01/21 10:07:22 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  *
@@ -1071,6 +1071,22 @@ kex_load_hostkey(struct ssh *ssh, struct sshkey **pubp, struct sshkey **prvp)
         return 0;
 }
 
+int
+kex_verify_host_key(struct ssh *ssh, struct sshkey *server_host_key)
+{
+        struct kex *kex = ssh->kex;
+
+        if (kex->verify_host_key == NULL)
+                return SSH_ERR_INVALID_ARGUMENT;
+        if (server_host_key->type != kex->hostkey_type ||
+            (kex->hostkey_type == KEY_ECDSA &&
+            server_host_key->ecdsa_nid != kex->hostkey_nid))
+                return SSH_ERR_KEY_TYPE_MISMATCH;
+        if (kex->verify_host_key(server_host_key, ssh) == -1)
+                return  SSH_ERR_SIGNATURE_INVALID;
+        return 0;
+}
+
 #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH)
 void
 dump_digest(char *msg, u_char *digest, int len)