diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-01-21 11:07:22 +0100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-01-21 11:47:28 +0100 |
commit | b1b2ff4ed559051d1035419f8f236275fa66d5d6 (patch) | |
tree | 53b2dbcf3540076c1effe3ce82c613c7fe23c58c /kex.c | |
parent | upstream: factor out kex_load_hostkey() - this is duplicated in (diff) | |
download | openssh-b1b2ff4ed559051d1035419f8f236275fa66d5d6.tar.xz openssh-b1b2ff4ed559051d1035419f8f236275fa66d5d6.zip |
upstream: factor out kex_verify_hostkey() - again, duplicated
almost exactly across client and server for several KEX methods.
from markus@ ok djm@
OpenBSD-Commit-ID: 4e4a16d949dadde002a0aacf6d280a684e20829c
Diffstat (limited to 'kex.c')
-rw-r--r-- | kex.c | 18 |
1 files changed, 17 insertions, 1 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.145 2019/01/21 10:05:09 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.146 2019/01/21 10:07:22 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -1071,6 +1071,22 @@ kex_load_hostkey(struct ssh *ssh, struct sshkey **pubp, struct sshkey **prvp) return 0; } +int +kex_verify_host_key(struct ssh *ssh, struct sshkey *server_host_key) +{ + struct kex *kex = ssh->kex; + + if (kex->verify_host_key == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if (server_host_key->type != kex->hostkey_type || + (kex->hostkey_type == KEY_ECDSA && + server_host_key->ecdsa_nid != kex->hostkey_nid)) + return SSH_ERR_KEY_TYPE_MISMATCH; + if (kex->verify_host_key(server_host_key, ssh) == -1) + return SSH_ERR_SIGNATURE_INVALID; + return 0; +} + #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) void dump_digest(char *msg, u_char *digest, int len) |