auth: Fix ecdsa pubkey auth

Pair-Programmed-With: Jakub Jelen <jjelen@redhat.com> Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Signed-off-by: Jakub Jelen <jjelen@redhat.com>
author: Andreas Schneider <asn@cryptomilk.org> 2018-09-17 14:45:46 +0200
committer: Andreas Schneider <asn@cryptomilk.org> 2018-09-17 16:39:12 +0200
commit: e5170107c9e38f49adb7865a019e6931ad9803d2 (patch)
tree: 49b96aa63dd6797eebf0740ccd1c322b5a893a4c
parent: 30df04a8a50a43f4353e1da18ca64099062d016f (diff)
download: libssh-e5170107c9e38f49adb7865a019e6931ad9803d2.tar.gz
libssh-e5170107c9e38f49adb7865a019e6931ad9803d2.tar.xz
libssh-e5170107c9e38f49adb7865a019e6931ad9803d2.zip
1 files changed, 38 insertions, 3 deletions
diff --git a/src/auth.c b/src/auth.c
index 7d3d1372..97b6a6e1 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -495,7 +495,24 @@ int ssh_userauth_try_publickey(ssh_session session,
             return SSH_ERROR;
     }
 
-    sig_type_c = ssh_key_get_signature_algorithm(session, pubkey->type);
+    switch (pubkey->type) {
+    case SSH_KEYTYPE_UNKNOWN:
+        ssh_set_error(session,
+                      SSH_REQUEST_DENIED,
+                      "Invalid key type (unknown)");
+        return SSH_AUTH_DENIED;
+    case SSH_KEYTYPE_ECDSA:
+        sig_type_c = ssh_pki_key_ecdsa_name(pubkey);
+        break;
+    case SSH_KEYTYPE_DSS:
+    case SSH_KEYTYPE_RSA:
+    case SSH_KEYTYPE_RSA1:
+    case SSH_KEYTYPE_ED25519:
+    case SSH_KEYTYPE_DSS_CERT01:
+    case SSH_KEYTYPE_RSA_CERT01:
+        sig_type_c = ssh_key_get_signature_algorithm(session, pubkey->type);
+        break;
+    }
 
     /* Check if the given public key algorithm is allowed */
     if (!ssh_key_algorithm_allowed(session, sig_type_c)) {
@@ -587,7 +604,7 @@ int ssh_userauth_publickey(ssh_session session,
 {
     ssh_string str = NULL;
     int rc;
-    const char *sig_type_c;
+    const char *sig_type_c = NULL;
     enum ssh_keytypes_e key_type;
 
     if (session == NULL) {
@@ -613,7 +630,25 @@ int ssh_userauth_publickey(ssh_session session,
 
     /* Cert auth requires presenting the cert type name (*-cert@openssh.com) */
     key_type = privkey->cert != NULL ? privkey->cert_type : privkey->type;
-    sig_type_c = ssh_key_get_signature_algorithm(session, key_type);
+
+    switch (key_type) {
+    case SSH_KEYTYPE_UNKNOWN:
+        ssh_set_error(session,
+                      SSH_REQUEST_DENIED,
+                      "Invalid key type (unknown)");
+        return SSH_AUTH_DENIED;
+    case SSH_KEYTYPE_ECDSA:
+        sig_type_c = ssh_pki_key_ecdsa_name(privkey);
+        break;
+    case SSH_KEYTYPE_DSS:
+    case SSH_KEYTYPE_RSA:
+    case SSH_KEYTYPE_RSA1:
+    case SSH_KEYTYPE_ED25519:
+    case SSH_KEYTYPE_DSS_CERT01:
+    case SSH_KEYTYPE_RSA_CERT01:
+        sig_type_c = ssh_key_get_signature_algorithm(session, key_type);
+        break;
+    }
 
     /* Check if the given public key algorithm is allowed */
     if (!ssh_key_algorithm_allowed(session, sig_type_c)) {
author	Andreas Schneider <asn@cryptomilk.org>	2018-09-17 14:45:46 +0200
committer	Andreas Schneider <asn@cryptomilk.org>	2018-09-17 16:39:12 +0200
commit	e5170107c9e38f49adb7865a019e6931ad9803d2 (patch)
tree	49b96aa63dd6797eebf0740ccd1c322b5a893a4c
parent	30df04a8a50a43f4353e1da18ca64099062d016f (diff)
download	libssh-e5170107c9e38f49adb7865a019e6931ad9803d2.tar.gz libssh-e5170107c9e38f49adb7865a019e6931ad9803d2.tar.xz libssh-e5170107c9e38f49adb7865a019e6931ad9803d2.zip