diff options
Diffstat (limited to 'crypto/openssh/kexgexc.c')
-rw-r--r-- | crypto/openssh/kexgexc.c | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/crypto/openssh/kexgexc.c b/crypto/openssh/kexgexc.c index 4a2e741d8458..e99e0cf216e7 100644 --- a/crypto/openssh/kexgexc.c +++ b/crypto/openssh/kexgexc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexc.c,v 1.37 2021/01/31 22:55:29 djm Exp $ */ +/* $OpenBSD: kexgexc.c,v 1.38 2021/12/19 22:08:06 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -206,8 +206,26 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh) hashlen, kex->hostkey_alg, ssh->compat, NULL)) != 0) goto out; - if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0) - r = kex_send_newkeys(ssh); + if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) != 0 || + (r = kex_send_newkeys(ssh)) != 0) + goto out; + + /* save initial signature and hostkey */ + if ((kex->flags & KEX_INITIAL) != 0) { + if (kex->initial_hostkey != NULL || kex->initial_sig != NULL) { + r = SSH_ERR_INTERNAL_ERROR; + goto out; + } + if ((kex->initial_sig = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshbuf_put(kex->initial_sig, signature, slen)) != 0) + goto out; + kex->initial_hostkey = server_host_key; + server_host_key = NULL; + } + /* success */ out: explicit_bzero(hash, sizeof(hash)); DH_free(kex->dh); |