diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2019-01-21 10:07:22 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2019-01-21 21:47:28 +1100 |
| commit | b1b2ff4ed559051d1035419f8f236275fa66d5d6 (patch) | |
| tree | 53b2dbcf3540076c1effe3ce82c613c7fe23c58c /kexgexc.c | |
| parent | bb39bafb6dc520cc097780f4611a52da7f19c3e2 (diff) | |
upstream: factor out kex_verify_hostkey() - again, duplicated
almost exactly across client and server for several KEX methods.
from markus@ ok djm@
OpenBSD-Commit-ID: 4e4a16d949dadde002a0aacf6d280a684e20829c
Diffstat (limited to 'kexgexc.c')
| -rw-r--r-- | kexgexc.c | 16 |
1 files changed, 2 insertions, 14 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kexgexc.c,v 1.32 2019/01/21 10:03:37 djm Exp $ */ | 1 | /* $OpenBSD: kexgexc.c,v 1.33 2019/01/21 10:07:22 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. | 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. |
| 4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
| @@ -153,26 +153,14 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh) | |||
| 153 | int r; | 153 | int r; |
| 154 | 154 | ||
| 155 | debug("got SSH2_MSG_KEX_DH_GEX_REPLY"); | 155 | debug("got SSH2_MSG_KEX_DH_GEX_REPLY"); |
| 156 | if (kex->verify_host_key == NULL) { | ||
| 157 | r = SSH_ERR_INVALID_ARGUMENT; | ||
| 158 | goto out; | ||
| 159 | } | ||
| 160 | /* key, cert */ | 156 | /* key, cert */ |
| 161 | if ((r = sshpkt_get_string(ssh, &server_host_key_blob, | 157 | if ((r = sshpkt_get_string(ssh, &server_host_key_blob, |
| 162 | &sbloblen)) != 0 || | 158 | &sbloblen)) != 0 || |
| 163 | (r = sshkey_from_blob(server_host_key_blob, sbloblen, | 159 | (r = sshkey_from_blob(server_host_key_blob, sbloblen, |
| 164 | &server_host_key)) != 0) | 160 | &server_host_key)) != 0) |
| 165 | goto out; | 161 | goto out; |
| 166 | if (server_host_key->type != kex->hostkey_type || | 162 | if ((r = kex_verify_host_key(ssh, server_host_key)) != 0) |
| 167 | (kex->hostkey_type == KEY_ECDSA && | ||
| 168 | server_host_key->ecdsa_nid != kex->hostkey_nid)) { | ||
| 169 | r = SSH_ERR_KEY_TYPE_MISMATCH; | ||
| 170 | goto out; | 163 | goto out; |
| 171 | } | ||
| 172 | if (kex->verify_host_key(server_host_key, ssh) == -1) { | ||
| 173 | r = SSH_ERR_SIGNATURE_INVALID; | ||
| 174 | goto out; | ||
| 175 | } | ||
| 176 | /* DH parameter f, server public DH key, signed H */ | 164 | /* DH parameter f, server public DH key, signed H */ |
| 177 | if ((r = sshpkt_get_bignum2(ssh, &dh_server_pub)) != 0 || | 165 | if ((r = sshpkt_get_bignum2(ssh, &dh_server_pub)) != 0 || |
| 178 | (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 || | 166 | (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 || |