auth: Fix ecdsa pubkey auth

Pair-Programmed-With: Jakub Jelen <jjelen@redhat.com> Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Signed-off-by: Jakub Jelen <jjelen@redhat.com> (cherry picked from commit e5170107c9e38f49adb7865a019e6931ad9803d2)
author: Andreas Schneider <asn@cryptomilk.org> 2018-09-17 14:45:46 +0200
committer: Andreas Schneider <asn@cryptomilk.org> 2018-09-17 19:00:31 +0200
commit: a14a80f35fe600206373a757a7fb29c950aa7227 (patch)
tree: 51632f763a1f862e45ed615a31f6c748b6967bb8
parent: 0389ff6d9d7b23feed01456c52084b7b80062f2d (diff)
download: libssh-a14a80f35fe600206373a757a7fb29c950aa7227.tar.gz
libssh-a14a80f35fe600206373a757a7fb29c950aa7227.tar.xz
libssh-a14a80f35fe600206373a757a7fb29c950aa7227.zip
1 files changed, 38 insertions, 3 deletions
diff --git a/src/auth.c b/src/auth.c
index 7d3d1372..97b6a6e1 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -495,7 +495,24 @@ int ssh_userauth_try_publickey(ssh_session session,
             return SSH_ERROR;
     }
 
-    sig_type_c = ssh_key_get_signature_algorithm(session, pubkey->type);
+    switch (pubkey->type) {
+    case SSH_KEYTYPE_UNKNOWN:
+        ssh_set_error(session,
+                      SSH_REQUEST_DENIED,
+                      "Invalid key type (unknown)");
+        return SSH_AUTH_DENIED;
+    case SSH_KEYTYPE_ECDSA:
+        sig_type_c = ssh_pki_key_ecdsa_name(pubkey);
+        break;
+    case SSH_KEYTYPE_DSS:
+    case SSH_KEYTYPE_RSA:
+    case SSH_KEYTYPE_RSA1:
+    case SSH_KEYTYPE_ED25519:
+    case SSH_KEYTYPE_DSS_CERT01:
+    case SSH_KEYTYPE_RSA_CERT01:
+        sig_type_c = ssh_key_get_signature_algorithm(session, pubkey->type);
+        break;
+    }
 
     /* Check if the given public key algorithm is allowed */
     if (!ssh_key_algorithm_allowed(session, sig_type_c)) {
@@ -587,7 +604,7 @@ int ssh_userauth_publickey(ssh_session session,
 {
     ssh_string str = NULL;
     int rc;
-    const char *sig_type_c;
+    const char *sig_type_c = NULL;
     enum ssh_keytypes_e key_type;
 
     if (session == NULL) {
@@ -613,7 +630,25 @@ int ssh_userauth_publickey(ssh_session session,
 
     /* Cert auth requires presenting the cert type name (*-cert@openssh.com) */
     key_type = privkey->cert != NULL ? privkey->cert_type : privkey->type;
-    sig_type_c = ssh_key_get_signature_algorithm(session, key_type);
+
+    switch (key_type) {
+    case SSH_KEYTYPE_UNKNOWN:
+        ssh_set_error(session,
+                      SSH_REQUEST_DENIED,
+                      "Invalid key type (unknown)");
+        return SSH_AUTH_DENIED;
+    case SSH_KEYTYPE_ECDSA:
+        sig_type_c = ssh_pki_key_ecdsa_name(privkey);
+        break;
+    case SSH_KEYTYPE_DSS:
+    case SSH_KEYTYPE_RSA:
+    case SSH_KEYTYPE_RSA1:
+    case SSH_KEYTYPE_ED25519:
+    case SSH_KEYTYPE_DSS_CERT01:
+    case SSH_KEYTYPE_RSA_CERT01:
+        sig_type_c = ssh_key_get_signature_algorithm(session, key_type);
+        break;
+    }
 
     /* Check if the given public key algorithm is allowed */
     if (!ssh_key_algorithm_allowed(session, sig_type_c)) {
author	Andreas Schneider <asn@cryptomilk.org>	2018-09-17 14:45:46 +0200
committer	Andreas Schneider <asn@cryptomilk.org>	2018-09-17 19:00:31 +0200
commit	a14a80f35fe600206373a757a7fb29c950aa7227 (patch)
tree	51632f763a1f862e45ed615a31f6c748b6967bb8
parent	0389ff6d9d7b23feed01456c52084b7b80062f2d (diff)
download	libssh-a14a80f35fe600206373a757a7fb29c950aa7227.tar.gz libssh-a14a80f35fe600206373a757a7fb29c950aa7227.tar.xz libssh-a14a80f35fe600206373a757a7fb29c950aa7227.zip