diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-01-21 10:07:22 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-01-21 21:47:28 +1100 |
commit | b1b2ff4ed559051d1035419f8f236275fa66d5d6 (patch) | |
tree | 53b2dbcf3540076c1effe3ce82c613c7fe23c58c /kexgexc.c | |
parent | bb39bafb6dc520cc097780f4611a52da7f19c3e2 (diff) |
upstream: factor out kex_verify_hostkey() - again, duplicated
almost exactly across client and server for several KEX methods.
from markus@ ok djm@
OpenBSD-Commit-ID: 4e4a16d949dadde002a0aacf6d280a684e20829c
Diffstat (limited to 'kexgexc.c')
-rw-r--r-- | kexgexc.c | 16 |
1 files changed, 2 insertions, 14 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexgexc.c,v 1.32 2019/01/21 10:03:37 djm Exp $ */ | 1 | /* $OpenBSD: kexgexc.c,v 1.33 2019/01/21 10:07:22 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Niels Provos. All rights reserved. | 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. |
4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
@@ -153,26 +153,14 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh) | |||
153 | int r; | 153 | int r; |
154 | 154 | ||
155 | debug("got SSH2_MSG_KEX_DH_GEX_REPLY"); | 155 | debug("got SSH2_MSG_KEX_DH_GEX_REPLY"); |
156 | if (kex->verify_host_key == NULL) { | ||
157 | r = SSH_ERR_INVALID_ARGUMENT; | ||
158 | goto out; | ||
159 | } | ||
160 | /* key, cert */ | 156 | /* key, cert */ |
161 | if ((r = sshpkt_get_string(ssh, &server_host_key_blob, | 157 | if ((r = sshpkt_get_string(ssh, &server_host_key_blob, |
162 | &sbloblen)) != 0 || | 158 | &sbloblen)) != 0 || |
163 | (r = sshkey_from_blob(server_host_key_blob, sbloblen, | 159 | (r = sshkey_from_blob(server_host_key_blob, sbloblen, |
164 | &server_host_key)) != 0) | 160 | &server_host_key)) != 0) |
165 | goto out; | 161 | goto out; |
166 | if (server_host_key->type != kex->hostkey_type || | 162 | if ((r = kex_verify_host_key(ssh, server_host_key)) != 0) |
167 | (kex->hostkey_type == KEY_ECDSA && | ||
168 | server_host_key->ecdsa_nid != kex->hostkey_nid)) { | ||
169 | r = SSH_ERR_KEY_TYPE_MISMATCH; | ||
170 | goto out; | 163 | goto out; |
171 | } | ||
172 | if (kex->verify_host_key(server_host_key, ssh) == -1) { | ||
173 | r = SSH_ERR_SIGNATURE_INVALID; | ||
174 | goto out; | ||
175 | } | ||
176 | /* DH parameter f, server public DH key, signed H */ | 164 | /* DH parameter f, server public DH key, signed H */ |
177 | if ((r = sshpkt_get_bignum2(ssh, &dh_server_pub)) != 0 || | 165 | if ((r = sshpkt_get_bignum2(ssh, &dh_server_pub)) != 0 || |
178 | (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 || | 166 | (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 || |