From ad4f1dbea04c4c1b186655a3873b863bb11e51e7 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Mon, 26 Nov 2018 15:42:26 +0100 Subject: [PATCH] pki: Verify the provided public key has expected type Signed-off-by: Jakub Jelen Reviewed-by: Andreas Schneider (cherry picked from commit 783e5fd206df968123a541a98c11b93f1d9da291) --- src/pki_crypto.c | 8 ++++++++ src/pki_gcrypt.c | 8 ++++++++ src/pki_mbedcrypto.c | 8 ++++++++ 3 files changed, 24 insertions(+) diff --git a/src/pki_crypto.c b/src/pki_crypto.c index ecb5dbaf..05128058 100644 --- a/src/pki_crypto.c +++ b/src/pki_crypto.c @@ -1600,6 +1600,14 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey, int rc; BIGNUM *pr = NULL, *ps = NULL; + if (type != pubkey->type) { + SSH_LOG(SSH_LOG_WARN, + "Incompatible public key provided (%d) expecting (%d)", + type, + pubkey->type); + return NULL; + } + sig = ssh_signature_new(); if (sig == NULL) { return NULL; diff --git a/src/pki_gcrypt.c b/src/pki_gcrypt.c index ff60dc67..5506edfb 100644 --- a/src/pki_gcrypt.c +++ b/src/pki_gcrypt.c @@ -1848,6 +1848,14 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey, size_t rsalen; int rc; + if (type != pubkey->type) { + SSH_LOG(SSH_LOG_WARN, + "Incompatible public key provided (%d) expecting (%d)", + type, + pubkey->type); + return NULL; + } + sig = ssh_signature_new(); if (sig == NULL) { return NULL; diff --git a/src/pki_mbedcrypto.c b/src/pki_mbedcrypto.c index da6e4da1..ee791db0 100644 --- a/src/pki_mbedcrypto.c +++ b/src/pki_mbedcrypto.c @@ -897,6 +897,14 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey, ssh_signature sig = NULL; int rc; + if (type != pubkey->type) { + SSH_LOG(SSH_LOG_WARN, + "Incompatible public key provided (%d) expecting (%d)", + type, + pubkey->type); + return NULL; + } + sig = ssh_signature_new(); if (sig == NULL) { return NULL;