pki: Verify the provided public key has expected type

Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
author: Jakub Jelen <jjelen@redhat.com> 2018-11-26 15:42:26 +0100
committer: Andreas Schneider <asn@cryptomilk.org> 2018-11-30 16:24:14 +0100
commit: 783e5fd206df968123a541a98c11b93f1d9da291 (patch)
tree: fa4f1827b001cd03bb27eb36d2feef4733dd7cf2
parent: c79c33e22431065e2ec2f8e5dfcbada9d849cfe8 (diff)
download: libssh-783e5fd206df968123a541a98c11b93f1d9da291.tar.gz
libssh-783e5fd206df968123a541a98c11b93f1d9da291.tar.xz
libssh-783e5fd206df968123a541a98c11b93f1d9da291.zip
3 files changed, 24 insertions, 0 deletions
diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index 8f3b21ea..366b377d 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -1601,6 +1601,14 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
     int rc;
     BIGNUM *pr = NULL, *ps = NULL;
 
+    if (type != pubkey->type) {
+        SSH_LOG(SSH_LOG_WARN,
+                "Incompatible public key provided (%d) expecting (%d)",
+                type,
+                pubkey->type);
+        return NULL;
+    }
+
     sig = ssh_signature_new();
     if (sig == NULL) {
         return NULL;
diff --git a/src/pki_gcrypt.c b/src/pki_gcrypt.c
index ff60dc67..5506edfb 100644
--- a/src/pki_gcrypt.c
+++ b/src/pki_gcrypt.c
@@ -1848,6 +1848,14 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
     size_t rsalen;
     int rc;
 
+    if (type != pubkey->type) {
+        SSH_LOG(SSH_LOG_WARN,
+                "Incompatible public key provided (%d) expecting (%d)",
+                type,
+                pubkey->type);
+        return NULL;
+    }
+
     sig = ssh_signature_new();
     if (sig == NULL) {
         return NULL;
diff --git a/src/pki_mbedcrypto.c b/src/pki_mbedcrypto.c
index da6e4da1..ee791db0 100644
--- a/src/pki_mbedcrypto.c
+++ b/src/pki_mbedcrypto.c
@@ -897,6 +897,14 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
     ssh_signature sig = NULL;
     int rc;
 
+    if (type != pubkey->type) {
+        SSH_LOG(SSH_LOG_WARN,
+                "Incompatible public key provided (%d) expecting (%d)",
+                type,
+                pubkey->type);
+        return NULL;
+    }
+
     sig = ssh_signature_new();
     if (sig == NULL) {
         return NULL;
author	Jakub Jelen <jjelen@redhat.com>	2018-11-26 15:42:26 +0100
committer	Andreas Schneider <asn@cryptomilk.org>	2018-11-30 16:24:14 +0100
commit	783e5fd206df968123a541a98c11b93f1d9da291 (patch)
tree	fa4f1827b001cd03bb27eb36d2feef4733dd7cf2
parent	c79c33e22431065e2ec2f8e5dfcbada9d849cfe8 (diff)
download	libssh-783e5fd206df968123a541a98c11b93f1d9da291.tar.gz libssh-783e5fd206df968123a541a98c11b93f1d9da291.tar.xz libssh-783e5fd206df968123a541a98c11b93f1d9da291.zip