Merge branch 'maint'

1 files changed, 14 insertions, 5 deletions

diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl
index e92c727559..d8f7a96c15 100644
--- a/lib/ssh/src/ssh_transport.erl
+++ b/lib/ssh/src/ssh_transport.erl
@@ -795,8 +795,14 @@ get_host_key(SSH, SignAlg) ->
     #ssh{key_cb = {KeyCb,KeyCbOpts}, opts = Opts} = SSH,
     UserOpts = ?GET_OPT(user_options, Opts),
     case KeyCb:host_key(SignAlg, [{key_cb_private,KeyCbOpts}|UserOpts]) of
-	{ok, PrivHostKey} ->  PrivHostKey;
-	Result -> exit({error, {Result, unsupported_key_type}})
+	{ok, PrivHostKey} ->
+            %% Check the key - the KeyCb may be a buggy plugin
+            case valid_key_sha_alg(PrivHostKey, SignAlg) of
+                true -> PrivHostKey;
+                false -> exit({error, bad_hostkey})
+            end;
+	Result ->
+            exit({error, {Result, unsupported_key_type}})
     end.
 
 extract_public_key(#'RSAPrivateKey'{modulus = N, publicExponent = E}) ->
@@ -1830,11 +1836,14 @@ valid_key_sha_alg(#'RSAPrivateKey'{}, 'ssh-rsa'     ) -> true;
 valid_key_sha_alg({_, #'Dss-Parms'{}}, 'ssh-dss') -> true;
 valid_key_sha_alg(#'DSAPrivateKey'{},  'ssh-dss') -> true;
 
-valid_key_sha_alg({#'ECPoint'{},{namedCurve,OID}},                Alg) -> sha(OID) == sha(Alg);
-valid_key_sha_alg(#'ECPrivateKey'{parameters = {namedCurve,OID}}, Alg) -> sha(OID) == sha(Alg);
+valid_key_sha_alg({#'ECPoint'{},{namedCurve,OID}},                Alg) -> valid_key_sha_alg_ec(OID, Alg);
+valid_key_sha_alg(#'ECPrivateKey'{parameters = {namedCurve,OID}}, Alg) -> valid_key_sha_alg_ec(OID, Alg);
 valid_key_sha_alg(_, _) -> false.
     
-
+valid_key_sha_alg_ec(OID, Alg) -> 
+    Curve = public_key:oid2ssh_curvename(OID),
+    Alg == list_to_atom("ecdsa-sha2-" ++ binary_to_list(Curve)).
+    
 
 public_algo(#'RSAPublicKey'{}) ->   'ssh-rsa';  % FIXME: Not right with draft-curdle-rsa-sha2
 public_algo({_, #'Dss-Parms'{}}) -> 'ssh-dss';