summaryrefslogtreecommitdiff
path: root/ssh_api.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2015-01-26 06:10:03 +0000
committerDamien Miller <djm@mindrot.org>2015-01-27 00:00:57 +1100
commit5104db7cbd6cdd9c5971f4358e74414862fc1022 (patch)
tree94692c77a4888f8adade706324fdee3a999bc6b0 /ssh_api.c
parent8d4f87258f31cb6def9b3b55b6a7321d84728ff2 (diff)
upstream commit
correctly match ECDSA subtype (== curve) for offered/recevied host keys. Fixes connection-killing host key mismatches when a server offers multiple ECDSA keys with different curve type (an extremely unlikely configuration). ok markus, "looks mechanical" deraadt@
Diffstat (limited to 'ssh_api.c')
-rw-r--r--ssh_api.c16
1 files changed, 9 insertions, 7 deletions
diff --git a/ssh_api.c b/ssh_api.c
index 1df995c94..9794e0e57 100644
--- a/ssh_api.c
+++ b/ssh_api.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh_api.c,v 1.1 2015/01/19 20:30:23 markus Exp $ */ 1/* $OpenBSD: ssh_api.c,v 1.2 2015/01/26 06:10:03 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2012 Markus Friedl. All rights reserved. 3 * Copyright (c) 2012 Markus Friedl. All rights reserved.
4 * 4 *
@@ -38,8 +38,8 @@ int _ssh_send_banner(struct ssh *, char **);
38int _ssh_read_banner(struct ssh *, char **); 38int _ssh_read_banner(struct ssh *, char **);
39int _ssh_order_hostkeyalgs(struct ssh *); 39int _ssh_order_hostkeyalgs(struct ssh *);
40int _ssh_verify_host_key(struct sshkey *, struct ssh *); 40int _ssh_verify_host_key(struct sshkey *, struct ssh *);
41struct sshkey *_ssh_host_public_key(int, struct ssh *); 41struct sshkey *_ssh_host_public_key(int, int, struct ssh *);
42struct sshkey *_ssh_host_private_key(int, struct ssh *); 42struct sshkey *_ssh_host_private_key(int, int, struct ssh *);
43int _ssh_host_key_sign(struct sshkey *, struct sshkey *, u_char **, 43int _ssh_host_key_sign(struct sshkey *, struct sshkey *, u_char **,
44 size_t *, u_char *, size_t, u_int); 44 size_t *, u_char *, size_t, u_int);
45 45
@@ -425,28 +425,30 @@ _ssh_exchange_banner(struct ssh *ssh)
425} 425}
426 426
427struct sshkey * 427struct sshkey *
428_ssh_host_public_key(int type, struct ssh *ssh) 428_ssh_host_public_key(int type, int nid, struct ssh *ssh)
429{ 429{
430 struct key_entry *k; 430 struct key_entry *k;
431 431
432 debug3("%s: need %d", __func__, type); 432 debug3("%s: need %d", __func__, type);
433 TAILQ_FOREACH(k, &ssh->public_keys, next) { 433 TAILQ_FOREACH(k, &ssh->public_keys, next) {
434 debug3("%s: check %s", __func__, sshkey_type(k->key)); 434 debug3("%s: check %s", __func__, sshkey_type(k->key));
435 if (k->key->type == type) 435 if (k->key->type == type &&
436 (type != KEY_ECDSA || k->key->ecdsa_nid == nid))
436 return (k->key); 437 return (k->key);
437 } 438 }
438 return (NULL); 439 return (NULL);
439} 440}
440 441
441struct sshkey * 442struct sshkey *
442_ssh_host_private_key(int type, struct ssh *ssh) 443_ssh_host_private_key(int type, int nid, struct ssh *ssh)
443{ 444{
444 struct key_entry *k; 445 struct key_entry *k;
445 446
446 debug3("%s: need %d", __func__, type); 447 debug3("%s: need %d", __func__, type);
447 TAILQ_FOREACH(k, &ssh->private_keys, next) { 448 TAILQ_FOREACH(k, &ssh->private_keys, next) {
448 debug3("%s: check %s", __func__, sshkey_type(k->key)); 449 debug3("%s: check %s", __func__, sshkey_type(k->key));
449 if (k->key->type == type) 450 if (k->key->type == type &&
451 (type != KEY_ECDSA || k->key->ecdsa_nid == nid))
450 return (k->key); 452 return (k->key);
451 } 453 }
452 return (NULL); 454 return (NULL);
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-02 09:17:32 +0000