1 files changed, 17 insertions, 1 deletions
diff --git a/kex.c b/kex.c
index a0d13a880..d8c71bb3e 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.145 2019/01/21 10:05:09 djm Exp $ */
+/* $OpenBSD: kex.c,v 1.146 2019/01/21 10:07:22 djm Exp $ */
 /*
 * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
 *
@@ -1071,6 +1071,22 @@ kex_load_hostkey(struct ssh *ssh, struct sshkey **pubp, struct sshkey **prvp)
        return 0;
 }
+int
+kex_verify_host_key(struct ssh *ssh, struct sshkey *server_host_key)
+{
+        struct kex *kex = ssh->kex;
+        if (kex->verify_host_key == NULL)
+                return SSH_ERR_INVALID_ARGUMENT;
+        if (server_host_key->type != kex->hostkey_type ||
+            (kex->hostkey_type == KEY_ECDSA &&
+            server_host_key->ecdsa_nid != kex->hostkey_nid))
+                return SSH_ERR_KEY_TYPE_MISMATCH;
+        if (kex->verify_host_key(server_host_key, ssh) == -1)
+                return  SSH_ERR_SIGNATURE_INVALID;
+        return 0;
+}
 #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH)
 void
 dump_digest(char *msg, u_char *digest, int len)

diff --git a/kex.c b/kex.c index a0d13a880..d8c71bb3e 100644 --- a/kex.c +++ b/kex.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: kex.c,v 1.145 2019/01/21 10:05:09 djm Exp $ */	1	/* $OpenBSD: kex.c,v 1.146 2019/01/21 10:07:22 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
4	*	4	*
@@ -1071,6 +1071,22 @@ kex_load_hostkey(struct ssh ssh, struct sshkey pubp, struct sshkey *prvp)
1071	return 0;	1071	return 0;
1072	}	1072	}
1073		1073
		1074	int
		1075	kex_verify_host_key(struct ssh ssh, struct sshkey server_host_key)
		1076	{
		1077	struct kex *kex = ssh->kex;
		1078
		1079	if (kex->verify_host_key == NULL)
		1080	return SSH_ERR_INVALID_ARGUMENT;
		1081	if (server_host_key->type != kex->hostkey_type \|\|
		1082	(kex->hostkey_type == KEY_ECDSA &&
		1083	server_host_key->ecdsa_nid != kex->hostkey_nid))
		1084	return SSH_ERR_KEY_TYPE_MISMATCH;
		1085	if (kex->verify_host_key(server_host_key, ssh) == -1)
		1086	return SSH_ERR_SIGNATURE_INVALID;
		1087	return 0;
		1088	}
		1089
1074	#if defined(DEBUG_KEX) \|\| defined(DEBUG_KEXDH) \|\| defined(DEBUG_KEXECDH)	1090	#if defined(DEBUG_KEX) \|\| defined(DEBUG_KEXDH) \|\| defined(DEBUG_KEXECDH)
1075	void	1091	void
1076	dump_digest(char msg, u_char digest, int len)	1092	dump_digest(char msg, u_char digest, int len)