diff options
author | Damien Miller <djm@mindrot.org> | 2010-09-10 11:23:34 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2010-09-10 11:23:34 +1000 |
commit | 041ab7c1e7d6514ed84a539a767f79ffb356e807 (patch) | |
tree | c6528487bfc1cfa824655e48ef884b2c268c8588 /key.h | |
parent | 3796ab47d3f68f69512c360f178b77bf0fb12b4f (diff) |
- djm@cvs.openbsd.org 2010/09/09 10:45:45
[kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c]
ECDH/ECDSA compliance fix: these methods vary the hash function they use
(SHA256/384/512) depending on the length of the curve in use. The previous
code incorrectly used SHA256 in all cases.
This fix will cause authentication failure when using 384 or 521-bit curve
keys if one peer hasn't been upgraded and the other has. (256-bit curve
keys work ok). In particular you may need to specify HostkeyAlgorithms
when connecting to a server that has not been upgraded from an upgraded
client.
ok naddy@
Diffstat (limited to 'key.h')
-rw-r--r-- | key.h | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: key.h,v 1.31 2010/08/31 11:54:45 djm Exp $ */ | 1 | /* $OpenBSD: key.h,v 1.32 2010/09/09 10:45:45 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
@@ -112,8 +112,10 @@ int key_cert_is_legacy(Key *); | |||
112 | int key_ecdsa_nid_from_name(const char *); | 112 | int key_ecdsa_nid_from_name(const char *); |
113 | int key_curve_name_to_nid(const char *); | 113 | int key_curve_name_to_nid(const char *); |
114 | const char * key_curve_nid_to_name(int); | 114 | const char * key_curve_nid_to_name(int); |
115 | u_int key_curve_nid_to_bits(int); | ||
115 | int key_ecdsa_bits_to_nid(int); | 116 | int key_ecdsa_bits_to_nid(int); |
116 | int key_ecdsa_group_to_nid(const EC_GROUP *); | 117 | int key_ecdsa_group_to_nid(const EC_GROUP *); |
118 | const EVP_MD * key_ec_nid_to_evpmd(int nid); | ||
117 | int key_ec_validate_public(const EC_GROUP *, const EC_POINT *); | 119 | int key_ec_validate_public(const EC_GROUP *, const EC_POINT *); |
118 | int key_ec_validate_private(const EC_KEY *); | 120 | int key_ec_validate_private(const EC_KEY *); |
119 | 121 | ||