pki: Verify the provided public key has expected type

Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 783e5fd206)
2026-02-04 12:20:42 +09:00 · 2018-11-26 15:42:26 +01:00
parent 5ffe695c3c
commit ad4f1dbea0
3 changed files with 24 additions and 0 deletions
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -1600,6 +1600,14 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
    int rc;
    BIGNUM *pr = NULL, *ps = NULL;

+    if (type != pubkey->type) {
+        SSH_LOG(SSH_LOG_WARN,
+                "Incompatible public key provided (%d) expecting (%d)",
+                type,
+                pubkey->type);
+        return NULL;
+    }
+
    sig = ssh_signature_new();
    if (sig == NULL) {
        return NULL;
--- a/src/pki_gcrypt.c
+++ b/src/pki_gcrypt.c
@@ -1848,6 +1848,14 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
    size_t rsalen;
    int rc;

+    if (type != pubkey->type) {
+        SSH_LOG(SSH_LOG_WARN,
+                "Incompatible public key provided (%d) expecting (%d)",
+                type,
+                pubkey->type);
+        return NULL;
+    }
+
    sig = ssh_signature_new();
    if (sig == NULL) {
        return NULL;
--- a/src/pki_mbedcrypto.c
+++ b/src/pki_mbedcrypto.c
@@ -897,6 +897,14 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
    ssh_signature sig = NULL;
    int rc;

+    if (type != pubkey->type) {
+        SSH_LOG(SSH_LOG_WARN,
+                "Incompatible public key provided (%d) expecting (%d)",
+                type,
+                pubkey->type);
+        return NULL;
+    }
+
    sig = ssh_signature_new();
    if (sig == NULL) {
        return NULL;