ECDH/ECDSA compliance fix: these methods vary the hash function they use

(SHA256/384/512) depending on the length of the curve in use. The previous
code incorrectly used SHA256 in all cases.

This fix will cause authentication failure when using 384 or 521-bit curve
keys if one peer hasn't been upgraded and the other has. (256-bit curve
keys work ok). In particular you may need to specify HostkeyAlgorithms
when connecting to a server that has not been upgraded from an upgraded
client.

ok naddy@

1 files changed, 3 insertions, 2 deletions

diff --git a/usr.bin/ssh/kex.h b/usr.bin/ssh/kex.h
index 8ef7b291ca6..339c56bd99c 100644
--- a/usr.bin/ssh/kex.h
+++ b/usr.bin/ssh/kex.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.50 2010/08/31 11:54:45 djm Exp $ */
+/* $OpenBSD: kex.h,v 1.51 2010/09/09 10:45:45 djm Exp $ */
 
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -38,7 +38,7 @@
 #define	KEX_DHGEX_SHA256	"diffie-hellman-group-exchange-sha256"
 #define	KEX_RESUME		"resume@appgate.com"
 /* The following represents the family of ECDH methods */
-#define	KEX_ECDH_SHA256		"ecdh-sha2-"
+#define	KEX_ECDH_SHA2_STEM	"ecdh-sha2-"
 
 #define COMP_NONE	0
 #define COMP_ZLIB	1
@@ -164,6 +164,7 @@ kex_ecdh_hash(const EVP_MD *, const EC_GROUP *, char *, char *, char *, int,
     const BIGNUM *, u_char **, u_int *);
 
 int	kex_ecdh_name_to_nid(const char *);
+const EVP_MD *kex_ecdh_name_to_evpmd(const char *);
 
 void
 derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]);