-/* $OpenBSD: auth.h,v 1.80 2015/01/19 20:16:15 markus Exp $ */
+/* $OpenBSD: auth.h,v 1.81 2015/01/26 06:10:03 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
/* hostkey handling */
Key *get_hostkey_by_index(int);
Key *get_hostkey_public_by_index(int, struct ssh *);
-Key *get_hostkey_public_by_type(int, struct ssh *);
-Key *get_hostkey_private_by_type(int, struct ssh *);
+Key *get_hostkey_public_by_type(int, int, struct ssh *);
+Key *get_hostkey_private_by_type(int, int, struct ssh *);
int get_hostkey_index(Key *, struct ssh *);
int ssh1_session_key(BIGNUM *);
int sshd_hostkey_sign(Key *, Key *, u_char **, size_t *, u_char *, size_t, u_int);
-/* $OpenBSD: kex.c,v 1.103 2015/01/20 23:14:00 deraadt Exp $ */
+/* $OpenBSD: kex.c,v 1.104 2015/01/26 06:10:03 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
*
k->hostkey_type = sshkey_type_from_name(hostkeyalg);
if (k->hostkey_type == KEY_UNSPEC)
return SSH_ERR_INTERNAL_ERROR;
+ k->hostkey_nid = sshkey_ecdsa_nid_from_name(hostkeyalg);
free(hostkeyalg);
return 0;
}
-/* $OpenBSD: kex.h,v 1.69 2015/01/19 20:16:15 markus Exp $ */
+/* $OpenBSD: kex.h,v 1.70 2015/01/26 06:10:03 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
int server;
char *name;
int hostkey_type;
+ int hostkey_nid;
u_int kex_type;
int roaming;
struct sshbuf *my;
char *client_version_string;
char *server_version_string;
int (*verify_host_key)(struct sshkey *, struct ssh *);
- struct sshkey *(*load_host_public_key)(int, struct ssh *);
- struct sshkey *(*load_host_private_key)(int, struct ssh *);
+ struct sshkey *(*load_host_public_key)(int, int, struct ssh *);
+ struct sshkey *(*load_host_private_key)(int, int, struct ssh *);
int (*host_key_index)(struct sshkey *, struct ssh *);
int (*sign)(struct sshkey *, struct sshkey *,
u_char **, size_t *, u_char *, size_t, u_int);
-/* $OpenBSD: kexc25519c.c,v 1.6 2015/01/19 20:16:15 markus Exp $ */
+/* $OpenBSD: kexc25519c.c,v 1.7 2015/01/26 06:10:03 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
(r = sshkey_from_blob(server_host_key_blob, sbloblen,
&server_host_key)) != 0)
goto out;
- if (server_host_key->type != kex->hostkey_type) {
+ if (server_host_key->type != kex->hostkey_type ||
+ (kex->hostkey_type == KEY_ECDSA &&
+ server_host_key->ecdsa_nid != kex->hostkey_nid)) {
r = SSH_ERR_KEY_TYPE_MISMATCH;
goto out;
}
-/* $OpenBSD: kexc25519s.c,v 1.7 2015/01/20 07:55:33 djm Exp $ */
+/* $OpenBSD: kexc25519s.c,v 1.8 2015/01/26 06:10:03 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
r = SSH_ERR_INVALID_ARGUMENT;
goto out;
}
- server_host_public = kex->load_host_public_key(kex->hostkey_type, ssh);
- server_host_private = kex->load_host_private_key(kex->hostkey_type, ssh);
+ server_host_public = kex->load_host_public_key(kex->hostkey_type,
+ kex->hostkey_nid, ssh);
+ server_host_private = kex->load_host_private_key(kex->hostkey_type,
+ kex->hostkey_nid, ssh);
if (server_host_public == NULL) {
r = SSH_ERR_NO_HOSTKEY_LOADED;
goto out;
-/* $OpenBSD: kexdhc.c,v 1.17 2015/01/19 20:16:15 markus Exp $ */
+/* $OpenBSD: kexdhc.c,v 1.18 2015/01/26 06:10:03 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
(r = sshkey_from_blob(server_host_key_blob, sbloblen,
&server_host_key)) != 0)
goto out;
- if (server_host_key->type != kex->hostkey_type) {
+ if (server_host_key->type != kex->hostkey_type ||
+ (kex->hostkey_type == KEY_ECDSA &&
+ server_host_key->ecdsa_nid != kex->hostkey_nid)) {
r = SSH_ERR_KEY_TYPE_MISMATCH;
goto out;
}
-/* $OpenBSD: kexdhs.c,v 1.21 2015/01/20 07:55:33 djm Exp $ */
+/* $OpenBSD: kexdhs.c,v 1.22 2015/01/26 06:10:03 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
r = SSH_ERR_INVALID_ARGUMENT;
goto out;
}
- server_host_public = kex->load_host_public_key(kex->hostkey_type, ssh);
- server_host_private = kex->load_host_private_key(kex->hostkey_type, ssh);
+ server_host_public = kex->load_host_public_key(kex->hostkey_type,
+ kex->hostkey_nid, ssh);
+ server_host_private = kex->load_host_private_key(kex->hostkey_type,
+ kex->hostkey_nid, ssh);
if (server_host_public == NULL) {
r = SSH_ERR_NO_HOSTKEY_LOADED;
goto out;
-/* $OpenBSD: kexecdhc.c,v 1.9 2015/01/19 20:16:15 markus Exp $ */
+/* $OpenBSD: kexecdhc.c,v 1.10 2015/01/26 06:10:03 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
(r = sshkey_from_blob(server_host_key_blob, sbloblen,
&server_host_key)) != 0)
goto out;
- if (server_host_key->type != kex->hostkey_type) {
+ if (server_host_key->type != kex->hostkey_type ||
+ (kex->hostkey_type == KEY_ECDSA &&
+ server_host_key->ecdsa_nid != kex->hostkey_nid)) {
r = SSH_ERR_KEY_TYPE_MISMATCH;
goto out;
}
-/* $OpenBSD: kexecdhs.c,v 1.13 2015/01/20 07:55:33 djm Exp $ */
+/* $OpenBSD: kexecdhs.c,v 1.14 2015/01/26 06:10:03 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
r = SSH_ERR_INVALID_ARGUMENT;
goto out;
}
- server_host_public = kex->load_host_public_key(kex->hostkey_type, ssh);
- server_host_private = kex->load_host_private_key(kex->hostkey_type, ssh);
+ server_host_public = kex->load_host_public_key(kex->hostkey_type,
+ kex->hostkey_nid, ssh);
+ server_host_private = kex->load_host_private_key(kex->hostkey_type,
+ kex->hostkey_nid, ssh);
if (server_host_public == NULL) {
r = SSH_ERR_NO_HOSTKEY_LOADED;
goto out;
-/* $OpenBSD: kexgexc.c,v 1.19 2015/01/19 20:16:15 markus Exp $ */
+/* $OpenBSD: kexgexc.c,v 1.20 2015/01/26 06:10:03 djm Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved.
r = SSH_ERR_KEY_TYPE_MISMATCH;
goto out;
}
+ if (server_host_key->type != kex->hostkey_type ||
+ (kex->hostkey_type == KEY_ECDSA &&
+ server_host_key->ecdsa_nid != kex->hostkey_nid)) {
+ r = SSH_ERR_KEY_TYPE_MISMATCH;
+ goto out;
+ }
if (kex->verify_host_key(server_host_key, ssh) == -1) {
r = SSH_ERR_SIGNATURE_INVALID;
goto out;
-/* $OpenBSD: kexgexs.c,v 1.23 2015/01/20 23:14:00 deraadt Exp $ */
+/* $OpenBSD: kexgexs.c,v 1.24 2015/01/26 06:10:03 djm Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved.
r = SSH_ERR_INVALID_ARGUMENT;
goto out;
}
- server_host_public = kex->load_host_public_key(kex->hostkey_type, ssh);
- server_host_private = kex->load_host_private_key(kex->hostkey_type, ssh);
+ server_host_public = kex->load_host_public_key(kex->hostkey_type,
+ kex->hostkey_nid, ssh);
+ server_host_private = kex->load_host_private_key(kex->hostkey_type,
+ kex->hostkey_nid, ssh);
if (server_host_public == NULL) {
r = SSH_ERR_NO_HOSTKEY_LOADED;
goto out;
-/* $OpenBSD: ssh_api.c,v 1.1 2015/01/19 20:30:23 markus Exp $ */
+/* $OpenBSD: ssh_api.c,v 1.2 2015/01/26 06:10:03 djm Exp $ */
/*
* Copyright (c) 2012 Markus Friedl. All rights reserved.
*
int _ssh_read_banner(struct ssh *, char **);
int _ssh_order_hostkeyalgs(struct ssh *);
int _ssh_verify_host_key(struct sshkey *, struct ssh *);
-struct sshkey *_ssh_host_public_key(int, struct ssh *);
-struct sshkey *_ssh_host_private_key(int, struct ssh *);
+struct sshkey *_ssh_host_public_key(int, int, struct ssh *);
+struct sshkey *_ssh_host_private_key(int, int, struct ssh *);
int _ssh_host_key_sign(struct sshkey *, struct sshkey *, u_char **,
size_t *, u_char *, size_t, u_int);
}
struct sshkey *
-_ssh_host_public_key(int type, struct ssh *ssh)
+_ssh_host_public_key(int type, int nid, struct ssh *ssh)
{
struct key_entry *k;
debug3("%s: need %d", __func__, type);
TAILQ_FOREACH(k, &ssh->public_keys, next) {
debug3("%s: check %s", __func__, sshkey_type(k->key));
- if (k->key->type == type)
+ if (k->key->type == type &&
+ (type != KEY_ECDSA || k->key->ecdsa_nid == nid))
return (k->key);
}
return (NULL);
}
struct sshkey *
-_ssh_host_private_key(int type, struct ssh *ssh)
+_ssh_host_private_key(int type, int nid, struct ssh *ssh)
{
struct key_entry *k;
debug3("%s: need %d", __func__, type);
TAILQ_FOREACH(k, &ssh->private_keys, next) {
debug3("%s: check %s", __func__, sshkey_type(k->key));
- if (k->key->type == type)
+ if (k->key->type == type &&
+ (type != KEY_ECDSA || k->key->ecdsa_nid == nid))
return (k->key);
}
return (NULL);
-/* $OpenBSD: sshconnect.c,v 1.257 2015/01/26 03:04:46 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.258 2015/01/26 06:10:03 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
goto out;
}
- debug("Server host key: %s %s", sshkey_type(host_key), fp);
+ debug("Server host key: %s %s",
+ compat20 ? sshkey_ssh_name(host_key) : sshkey_type(host_key), fp);
if (sshkey_equal(previous_host_key, host_key)) {
debug2("%s: server host key %s %s matches cached key",
-/* $OpenBSD: sshd.c,v 1.439 2015/01/26 03:04:46 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.440 2015/01/26 06:10:03 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
}
static Key *
-get_hostkey_by_type(int type, int need_private, struct ssh *ssh)
+get_hostkey_by_type(int type, int nid, int need_private, struct ssh *ssh)
{
int i;
Key *key;
key = sensitive_data.host_pubkeys[i];
break;
}
- if (key != NULL && key->type == type)
+ if (key != NULL && key->type == type &&
+ (key->type != KEY_ECDSA || key->ecdsa_nid == nid))
return need_private ?
sensitive_data.host_keys[i] : key;
}
}
Key *
-get_hostkey_public_by_type(int type, struct ssh *ssh)
+get_hostkey_public_by_type(int type, int nid, struct ssh *ssh)
{
- return get_hostkey_by_type(type, 0, ssh);
+ return get_hostkey_by_type(type, nid, 0, ssh);
}
Key *
-get_hostkey_private_by_type(int type, struct ssh *ssh)
+get_hostkey_private_by_type(int type, int nid, struct ssh *ssh)
{
- return get_hostkey_by_type(type, 1, ssh);
+ return get_hostkey_by_type(type, nid, 1, ssh);
}
Key *
projects / openbsd / commitdiff