- djm@cvs.openbsd.org 2010/09/09 10:45:45

[kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c] ECDH/ECDSA compliance fix: these methods vary the hash function they use (SHA256/384/512) depending on the length of the curve in use. The previous code incorrectly used SHA256 in all cases. This fix will cause authentication failure when using 384 or 521-bit curve keys if one peer hasn't been upgraded and the other has. (256-bit curve keys work ok). In particular you may need to specify HostkeyAlgorithms when connecting to a server that has not been upgraded from an upgraded client. ok naddy@
author: Damien Miller <djm@mindrot.org> 2010-09-10 11:23:34 +1000
committer: Damien Miller <djm@mindrot.org> 2010-09-10 11:23:34 +1000
commit: 041ab7c1e7d6514ed84a539a767f79ffb356e807 (patch)
tree: c6528487bfc1cfa824655e48ef884b2c268c8588 /monitor.c
parent: 3796ab47d3f68f69512c360f178b77bf0fb12b4f (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/monitor.c b/monitor.c
index 32395ee44..29d987c70 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.109 2010/08/31 11:54:45 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.110 2010/09/09 10:45:45 djm Exp $ */
 /*
 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -590,10 +590,10 @@ mm_answer_sign(int sock, Buffer *m)
        p = buffer_get_string(m, &datlen);
        /*
-         * Supported KEX types will only return SHA1 (20 byte) or
+         * Supported KEX types use SHA1 (20 bytes), SHA256 (32 bytes),
-         * SHA256 (32 byte) hashes
+         * SHA384 (48 bytes) and SHA512 (64 bytes).
         */
-        if (datlen != 20 && datlen != 32)
+        if (datlen != 20 && datlen != 32 && datlen != 48 && datlen != 64)
                fatal("%s: data length incorrect: %u", __func__, datlen);
        /* save session id, it will be passed on the first call */
author	Damien Miller <djm@mindrot.org>	2010-09-10 11:23:34 +1000
committer	Damien Miller <djm@mindrot.org>	2010-09-10 11:23:34 +1000
commit	041ab7c1e7d6514ed84a539a767f79ffb356e807 (patch)
tree	c6528487bfc1cfa824655e48ef884b2c268c8588 /monitor.c
parent	3796ab47d3f68f69512c360f178b77bf0fb12b4f (diff)

diff --git a/monitor.c b/monitor.c index 32395ee44..29d987c70 100644 --- a/monitor.c +++ b/monitor.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: monitor.c,v 1.109 2010/08/31 11:54:45 djm Exp $ */	1	/* $OpenBSD: monitor.c,v 1.110 2010/09/09 10:45:45 djm Exp $ */
2	/*	2	/*
3	* Copyright 2002 Niels Provos <provos@citi.umich.edu>	3	* Copyright 2002 Niels Provos <provos@citi.umich.edu>
4	* Copyright 2002 Markus Friedl <markus@openbsd.org>	4	* Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -590,10 +590,10 @@ mm_answer_sign(int sock, Buffer *m)
590	p = buffer_get_string(m, &datlen);	590	p = buffer_get_string(m, &datlen);
591		591
592	/*	592	/*
593	* Supported KEX types will only return SHA1 (20 byte) or	593	* Supported KEX types use SHA1 (20 bytes), SHA256 (32 bytes),
594	* SHA256 (32 byte) hashes	594	* SHA384 (48 bytes) and SHA512 (64 bytes).
595	*/	595	*/
596	if (datlen != 20 && datlen != 32)	596	if (datlen != 20 && datlen != 32 && datlen != 48 && datlen != 64)
597	fatal("%s: data length incorrect: %u", __func__, datlen);	597	fatal("%s: data length incorrect: %u", __func__, datlen);
598		598
599	/* save session id, it will be passed on the first call */	599	/* save session id, it will be passed on the first call */