From 041ab7c1e7d6514ed84a539a767f79ffb356e807 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 10 Sep 2010 11:23:34 +1000 Subject: - djm@cvs.openbsd.org 2010/09/09 10:45:45 [kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c] ECDH/ECDSA compliance fix: these methods vary the hash function they use (SHA256/384/512) depending on the length of the curve in use. The previous code incorrectly used SHA256 in all cases. This fix will cause authentication failure when using 384 or 521-bit curve keys if one peer hasn't been upgraded and the other has. (256-bit curve keys work ok). In particular you may need to specify HostkeyAlgorithms when connecting to a server that has not been upgraded from an upgraded client. ok naddy@ --- kexecdh.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'kexecdh.c') diff --git a/kexecdh.c b/kexecdh.c index bd5718136..f59d7b903 100644 --- a/kexecdh.c +++ b/kexecdh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexecdh.c,v 1.1 2010/08/31 11:54:45 djm Exp $ */ +/* $OpenBSD: kexecdh.c,v 1.2 2010/09/09 10:45:45 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -48,15 +48,23 @@ kex_ecdh_name_to_nid(const char *kexname) { int ret; - if (strlen(kexname) < sizeof(KEX_ECDH_SHA256) - 1) + if (strlen(kexname) < sizeof(KEX_ECDH_SHA2_STEM) - 1) fatal("%s: kexname too short \"%s\"", __func__, kexname); - ret = key_curve_name_to_nid(kexname + sizeof(KEX_ECDH_SHA256) - 1); + ret = key_curve_name_to_nid(kexname + sizeof(KEX_ECDH_SHA2_STEM) - 1); if (ret == -1) fatal("%s: unsupported curve negotiated \"%s\"", __func__, kexname); return ret; } +const EVP_MD * +kex_ecdh_name_to_evpmd(const char *kexname) +{ + int nid = kex_ecdh_name_to_nid(kexname); + + return key_ec_nid_to_evpmd(nid); +} + void kex_ecdh_hash( const EVP_MD *evp_md, -- cgit v1.2.3