diff options
author | Jakub Jelen <jjelen@redhat.com> | 2018-11-26 15:42:26 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2018-11-30 16:24:14 +0100 |
commit | 783e5fd206df968123a541a98c11b93f1d9da291 (patch) | |
tree | fa4f1827b001cd03bb27eb36d2feef4733dd7cf2 /src | |
parent | c79c33e22431065e2ec2f8e5dfcbada9d849cfe8 (diff) | |
download | libssh-783e5fd206df968123a541a98c11b93f1d9da291.tar.gz libssh-783e5fd206df968123a541a98c11b93f1d9da291.tar.xz libssh-783e5fd206df968123a541a98c11b93f1d9da291.zip |
pki: Verify the provided public key has expected type
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/pki_crypto.c | 8 | ||||
-rw-r--r-- | src/pki_gcrypt.c | 8 | ||||
-rw-r--r-- | src/pki_mbedcrypto.c | 8 |
3 files changed, 24 insertions, 0 deletions
diff --git a/src/pki_crypto.c b/src/pki_crypto.c index 8f3b21ea..366b377d 100644 --- a/src/pki_crypto.c +++ b/src/pki_crypto.c @@ -1601,6 +1601,14 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey, int rc; BIGNUM *pr = NULL, *ps = NULL; + if (type != pubkey->type) { + SSH_LOG(SSH_LOG_WARN, + "Incompatible public key provided (%d) expecting (%d)", + type, + pubkey->type); + return NULL; + } + sig = ssh_signature_new(); if (sig == NULL) { return NULL; diff --git a/src/pki_gcrypt.c b/src/pki_gcrypt.c index ff60dc67..5506edfb 100644 --- a/src/pki_gcrypt.c +++ b/src/pki_gcrypt.c @@ -1848,6 +1848,14 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey, size_t rsalen; int rc; + if (type != pubkey->type) { + SSH_LOG(SSH_LOG_WARN, + "Incompatible public key provided (%d) expecting (%d)", + type, + pubkey->type); + return NULL; + } + sig = ssh_signature_new(); if (sig == NULL) { return NULL; diff --git a/src/pki_mbedcrypto.c b/src/pki_mbedcrypto.c index da6e4da1..ee791db0 100644 --- a/src/pki_mbedcrypto.c +++ b/src/pki_mbedcrypto.c @@ -897,6 +897,14 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey, ssh_signature sig = NULL; int rc; + if (type != pubkey->type) { + SSH_LOG(SSH_LOG_WARN, + "Incompatible public key provided (%d) expecting (%d)", + type, + pubkey->type); + return NULL; + } + sig = ssh_signature_new(); if (sig == NULL) { return NULL; |