diff options
author | djm@openbsd.org <djm@openbsd.org> | 2015-01-26 06:10:03 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2015-01-27 00:00:57 +1100 |
commit | 5104db7cbd6cdd9c5971f4358e74414862fc1022 (patch) | |
tree | 94692c77a4888f8adade706324fdee3a999bc6b0 /sshd.c | |
parent | 8d4f87258f31cb6def9b3b55b6a7321d84728ff2 (diff) |
upstream commit
correctly match ECDSA subtype (== curve) for
offered/recevied host keys. Fixes connection-killing host key mismatches when
a server offers multiple ECDSA keys with different curve type (an extremely
unlikely configuration).
ok markus, "looks mechanical" deraadt@
Diffstat (limited to 'sshd.c')
-rw-r--r-- | sshd.c | 15 |
1 files changed, 8 insertions, 7 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshd.c,v 1.439 2015/01/26 03:04:46 djm Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.440 2015/01/26 06:10:03 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -836,7 +836,7 @@ list_hostkey_types(void) | |||
836 | } | 836 | } |
837 | 837 | ||
838 | static Key * | 838 | static Key * |
839 | get_hostkey_by_type(int type, int need_private, struct ssh *ssh) | 839 | get_hostkey_by_type(int type, int nid, int need_private, struct ssh *ssh) |
840 | { | 840 | { |
841 | int i; | 841 | int i; |
842 | Key *key; | 842 | Key *key; |
@@ -857,7 +857,8 @@ get_hostkey_by_type(int type, int need_private, struct ssh *ssh) | |||
857 | key = sensitive_data.host_pubkeys[i]; | 857 | key = sensitive_data.host_pubkeys[i]; |
858 | break; | 858 | break; |
859 | } | 859 | } |
860 | if (key != NULL && key->type == type) | 860 | if (key != NULL && key->type == type && |
861 | (key->type != KEY_ECDSA || key->ecdsa_nid == nid)) | ||
861 | return need_private ? | 862 | return need_private ? |
862 | sensitive_data.host_keys[i] : key; | 863 | sensitive_data.host_keys[i] : key; |
863 | } | 864 | } |
@@ -865,15 +866,15 @@ get_hostkey_by_type(int type, int need_private, struct ssh *ssh) | |||
865 | } | 866 | } |
866 | 867 | ||
867 | Key * | 868 | Key * |
868 | get_hostkey_public_by_type(int type, struct ssh *ssh) | 869 | get_hostkey_public_by_type(int type, int nid, struct ssh *ssh) |
869 | { | 870 | { |
870 | return get_hostkey_by_type(type, 0, ssh); | 871 | return get_hostkey_by_type(type, nid, 0, ssh); |
871 | } | 872 | } |
872 | 873 | ||
873 | Key * | 874 | Key * |
874 | get_hostkey_private_by_type(int type, struct ssh *ssh) | 875 | get_hostkey_private_by_type(int type, int nid, struct ssh *ssh) |
875 | { | 876 | { |
876 | return get_hostkey_by_type(type, 1, ssh); | 877 | return get_hostkey_by_type(type, nid, 1, ssh); |
877 | } | 878 | } |
878 | 879 | ||
879 | Key * | 880 | Key * |