diff options
author | Jakub Jelen <jjelen@redhat.com> | 2018-11-26 15:42:26 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2018-11-30 18:57:39 +0100 |
commit | ad4f1dbea04c4c1b186655a3873b863bb11e51e7 (patch) | |
tree | 7d6d7ea248703b367d2b328d650dfbd51c8a8dfd | |
parent | 5ffe695c3cc624bde2fc88ecb72483ada2b4aa06 (diff) | |
download | libssh-ad4f1dbea04c4c1b186655a3873b863bb11e51e7.tar.gz libssh-ad4f1dbea04c4c1b186655a3873b863bb11e51e7.tar.xz libssh-ad4f1dbea04c4c1b186655a3873b863bb11e51e7.zip |
pki: Verify the provided public key has expected type
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 783e5fd206df968123a541a98c11b93f1d9da291)
-rw-r--r-- | src/pki_crypto.c | 8 | ||||
-rw-r--r-- | src/pki_gcrypt.c | 8 | ||||
-rw-r--r-- | src/pki_mbedcrypto.c | 8 |
3 files changed, 24 insertions, 0 deletions
diff --git a/src/pki_crypto.c b/src/pki_crypto.c index ecb5dbaf..05128058 100644 --- a/src/pki_crypto.c +++ b/src/pki_crypto.c @@ -1600,6 +1600,14 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey, int rc; BIGNUM *pr = NULL, *ps = NULL; + if (type != pubkey->type) { + SSH_LOG(SSH_LOG_WARN, + "Incompatible public key provided (%d) expecting (%d)", + type, + pubkey->type); + return NULL; + } + sig = ssh_signature_new(); if (sig == NULL) { return NULL; diff --git a/src/pki_gcrypt.c b/src/pki_gcrypt.c index ff60dc67..5506edfb 100644 --- a/src/pki_gcrypt.c +++ b/src/pki_gcrypt.c @@ -1848,6 +1848,14 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey, size_t rsalen; int rc; + if (type != pubkey->type) { + SSH_LOG(SSH_LOG_WARN, + "Incompatible public key provided (%d) expecting (%d)", + type, + pubkey->type); + return NULL; + } + sig = ssh_signature_new(); if (sig == NULL) { return NULL; diff --git a/src/pki_mbedcrypto.c b/src/pki_mbedcrypto.c index da6e4da1..ee791db0 100644 --- a/src/pki_mbedcrypto.c +++ b/src/pki_mbedcrypto.c @@ -897,6 +897,14 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey, ssh_signature sig = NULL; int rc; + if (type != pubkey->type) { + SSH_LOG(SSH_LOG_WARN, + "Incompatible public key provided (%d) expecting (%d)", + type, + pubkey->type); + return NULL; + } + sig = ssh_signature_new(); if (sig == NULL) { return NULL; |