diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2015-01-26 06:10:04 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2015-01-26 06:10:04 +0000 |
| commit | 389ac8b33d47ae61ce9be5aeb46b2d16669e100a (patch) | |
| tree | d52dde068a42d9f00483613e7507eac5548493ae /usr.bin/ssh/kexecdhc.c | |
| parent | 70b20ffd839d8da4561c9af7ae2d37bd5d804b0b (diff) | |
correctly match ECDSA subtype (== curve) for offered/recevied
host keys. Fixes connection-killing host key mismatches when
a server offers multiple ECDSA keys with different curve type
(an extremely unlikely configuration).
ok markus, "looks mechanical" deraadt@
Diffstat (limited to 'usr.bin/ssh/kexecdhc.c')
| -rw-r--r-- | usr.bin/ssh/kexecdhc.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/usr.bin/ssh/kexecdhc.c b/usr.bin/ssh/kexecdhc.c index dd7a21d58f9..63b6e1029f4 100644 --- a/usr.bin/ssh/kexecdhc.c +++ b/usr.bin/ssh/kexecdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexecdhc.c,v 1.9 2015/01/19 20:16:15 markus Exp $ */ +/* $OpenBSD: kexecdhc.c,v 1.10 2015/01/26 06:10:03 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -120,7 +120,9 @@ input_kex_ecdh_reply(int type, u_int32_t seq, void *ctxt) (r = sshkey_from_blob(server_host_key_blob, sbloblen, &server_host_key)) != 0) goto out; - if (server_host_key->type != kex->hostkey_type) { + if (server_host_key->type != kex->hostkey_type || + (kex->hostkey_type == KEY_ECDSA && + server_host_key->ecdsa_nid != kex->hostkey_nid)) { r = SSH_ERR_KEY_TYPE_MISMATCH; goto out; } |