diff options
author | Damien Miller <djm@mindrot.org> | 2010-09-10 11:23:34 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2010-09-10 11:23:34 +1000 |
commit | 041ab7c1e7d6514ed84a539a767f79ffb356e807 (patch) | |
tree | c6528487bfc1cfa824655e48ef884b2c268c8588 /kex.c | |
parent | 3796ab47d3f68f69512c360f178b77bf0fb12b4f (diff) |
- djm@cvs.openbsd.org 2010/09/09 10:45:45
[kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c]
ECDH/ECDSA compliance fix: these methods vary the hash function they use
(SHA256/384/512) depending on the length of the curve in use. The previous
code incorrectly used SHA256 in all cases.
This fix will cause authentication failure when using 384 or 521-bit curve
keys if one peer hasn't been upgraded and the other has. (256-bit curve
keys work ok). In particular you may need to specify HostkeyAlgorithms
when connecting to a server that has not been upgraded from an upgraded
client.
ok naddy@
Diffstat (limited to 'kex.c')
-rw-r--r-- | kex.c | 10 |
1 files changed, 5 insertions, 5 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kex.c,v 1.84 2010/08/31 11:54:45 djm Exp $ */ | 1 | /* $OpenBSD: kex.c,v 1.85 2010/09/09 10:45:45 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -325,10 +325,10 @@ choose_kex(Kex *k, char *client, char *server) | |||
325 | } else if (strcmp(k->name, KEX_DHGEX_SHA256) == 0) { | 325 | } else if (strcmp(k->name, KEX_DHGEX_SHA256) == 0) { |
326 | k->kex_type = KEX_DH_GEX_SHA256; | 326 | k->kex_type = KEX_DH_GEX_SHA256; |
327 | k->evp_md = evp_ssh_sha256(); | 327 | k->evp_md = evp_ssh_sha256(); |
328 | } else if (strncmp(k->name, KEX_ECDH_SHA256, | 328 | } else if (strncmp(k->name, KEX_ECDH_SHA2_STEM, |
329 | sizeof(KEX_ECDH_SHA256) - 1) == 0) { | 329 | sizeof(KEX_ECDH_SHA2_STEM) - 1) == 0) { |
330 | k->kex_type = KEX_ECDH_SHA2; | 330 | k->kex_type = KEX_ECDH_SHA2; |
331 | k->evp_md = evp_ssh_sha256(); | 331 | k->evp_md = kex_ecdh_name_to_evpmd(k->name); |
332 | #endif | 332 | #endif |
333 | } else | 333 | } else |
334 | fatal("bad kex alg %s", k->name); | 334 | fatal("bad kex alg %s", k->name); |