aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJakub Jelen <jjelen@redhat.com>2018-11-26 15:42:26 +0100
committerAndreas Schneider <asn@cryptomilk.org>2018-11-30 18:57:39 +0100
commitad4f1dbea04c4c1b186655a3873b863bb11e51e7 (patch)
tree7d6d7ea248703b367d2b328d650dfbd51c8a8dfd
parent5ffe695c3cc624bde2fc88ecb72483ada2b4aa06 (diff)
downloadlibssh-ad4f1dbea04c4c1b186655a3873b863bb11e51e7.tar.gz
libssh-ad4f1dbea04c4c1b186655a3873b863bb11e51e7.tar.xz
libssh-ad4f1dbea04c4c1b186655a3873b863bb11e51e7.zip
pki: Verify the provided public key has expected type
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 783e5fd206df968123a541a98c11b93f1d9da291)
-rw-r--r--src/pki_crypto.c8
-rw-r--r--src/pki_gcrypt.c8
-rw-r--r--src/pki_mbedcrypto.c8
3 files changed, 24 insertions, 0 deletions
diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index ecb5dbaf..05128058 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -1600,6 +1600,14 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
int rc;
BIGNUM *pr = NULL, *ps = NULL;
+ if (type != pubkey->type) {
+ SSH_LOG(SSH_LOG_WARN,
+ "Incompatible public key provided (%d) expecting (%d)",
+ type,
+ pubkey->type);
+ return NULL;
+ }
+
sig = ssh_signature_new();
if (sig == NULL) {
return NULL;
diff --git a/src/pki_gcrypt.c b/src/pki_gcrypt.c
index ff60dc67..5506edfb 100644
--- a/src/pki_gcrypt.c
+++ b/src/pki_gcrypt.c
@@ -1848,6 +1848,14 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
size_t rsalen;
int rc;
+ if (type != pubkey->type) {
+ SSH_LOG(SSH_LOG_WARN,
+ "Incompatible public key provided (%d) expecting (%d)",
+ type,
+ pubkey->type);
+ return NULL;
+ }
+
sig = ssh_signature_new();
if (sig == NULL) {
return NULL;
diff --git a/src/pki_mbedcrypto.c b/src/pki_mbedcrypto.c
index da6e4da1..ee791db0 100644
--- a/src/pki_mbedcrypto.c
+++ b/src/pki_mbedcrypto.c
@@ -897,6 +897,14 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
ssh_signature sig = NULL;
int rc;
+ if (type != pubkey->type) {
+ SSH_LOG(SSH_LOG_WARN,
+ "Incompatible public key provided (%d) expecting (%d)",
+ type,
+ pubkey->type);
+ return NULL;
+ }
+
sig = ssh_signature_new();
if (sig == NULL) {
return NULL;