diff options
Diffstat (limited to 'kexgexc.c')
-rw-r--r-- | kexgexc.c | 16 |
1 files changed, 2 insertions, 14 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexgexc.c,v 1.32 2019/01/21 10:03:37 djm Exp $ */ | 1 | /* $OpenBSD: kexgexc.c,v 1.33 2019/01/21 10:07:22 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Niels Provos. All rights reserved. | 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. |
4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
@@ -153,26 +153,14 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh) | |||
153 | int r; | 153 | int r; |
154 | 154 | ||
155 | debug("got SSH2_MSG_KEX_DH_GEX_REPLY"); | 155 | debug("got SSH2_MSG_KEX_DH_GEX_REPLY"); |
156 | if (kex->verify_host_key == NULL) { | ||
157 | r = SSH_ERR_INVALID_ARGUMENT; | ||
158 | goto out; | ||
159 | } | ||
160 | /* key, cert */ | 156 | /* key, cert */ |
161 | if ((r = sshpkt_get_string(ssh, &server_host_key_blob, | 157 | if ((r = sshpkt_get_string(ssh, &server_host_key_blob, |
162 | &sbloblen)) != 0 || | 158 | &sbloblen)) != 0 || |
163 | (r = sshkey_from_blob(server_host_key_blob, sbloblen, | 159 | (r = sshkey_from_blob(server_host_key_blob, sbloblen, |
164 | &server_host_key)) != 0) | 160 | &server_host_key)) != 0) |
165 | goto out; | 161 | goto out; |
166 | if (server_host_key->type != kex->hostkey_type || | 162 | if ((r = kex_verify_host_key(ssh, server_host_key)) != 0) |
167 | (kex->hostkey_type == KEY_ECDSA && | ||
168 | server_host_key->ecdsa_nid != kex->hostkey_nid)) { | ||
169 | r = SSH_ERR_KEY_TYPE_MISMATCH; | ||
170 | goto out; | 163 | goto out; |
171 | } | ||
172 | if (kex->verify_host_key(server_host_key, ssh) == -1) { | ||
173 | r = SSH_ERR_SIGNATURE_INVALID; | ||
174 | goto out; | ||
175 | } | ||
176 | /* DH parameter f, server public DH key, signed H */ | 164 | /* DH parameter f, server public DH key, signed H */ |
177 | if ((r = sshpkt_get_bignum2(ssh, &dh_server_pub)) != 0 || | 165 | if ((r = sshpkt_get_bignum2(ssh, &dh_server_pub)) != 0 || |
178 | (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 || | 166 | (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 || |