summaryrefslogtreecommitdiff
path: root/kex.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2019-01-21 10:07:22 +0000
committerDamien Miller <djm@mindrot.org>2019-01-21 21:47:28 +1100
commitb1b2ff4ed559051d1035419f8f236275fa66d5d6 (patch)
tree53b2dbcf3540076c1effe3ce82c613c7fe23c58c /kex.c
parentbb39bafb6dc520cc097780f4611a52da7f19c3e2 (diff)
upstream: factor out kex_verify_hostkey() - again, duplicated
almost exactly across client and server for several KEX methods. from markus@ ok djm@ OpenBSD-Commit-ID: 4e4a16d949dadde002a0aacf6d280a684e20829c
Diffstat (limited to 'kex.c')
-rw-r--r--kex.c18
1 files changed, 17 insertions, 1 deletions
diff --git a/kex.c b/kex.c
index a0d13a88..d8c71bb3 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.145 2019/01/21 10:05:09 djm Exp $ */
+/* $OpenBSD: kex.c,v 1.146 2019/01/21 10:07:22 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
*
@@ -1071,6 +1071,22 @@ kex_load_hostkey(struct ssh *ssh, struct sshkey **pubp, struct sshkey **prvp)
return 0;
}
+int
+kex_verify_host_key(struct ssh *ssh, struct sshkey *server_host_key)
+{
+ struct kex *kex = ssh->kex;
+
+ if (kex->verify_host_key == NULL)
+ return SSH_ERR_INVALID_ARGUMENT;
+ if (server_host_key->type != kex->hostkey_type ||
+ (kex->hostkey_type == KEY_ECDSA &&
+ server_host_key->ecdsa_nid != kex->hostkey_nid))
+ return SSH_ERR_KEY_TYPE_MISMATCH;
+ if (kex->verify_host_key(server_host_key, ssh) == -1)
+ return SSH_ERR_SIGNATURE_INVALID;
+ return 0;
+}
+
#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH)
void
dump_digest(char *msg, u_char *digest, int len)