=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshkey.c,v retrieving revision 1.114 retrieving revision 1.115 diff -u -r1.114 -r1.115 --- src/usr.bin/ssh/sshkey.c 2021/01/26 00:49:30 1.114 +++ src/usr.bin/ssh/sshkey.c 2021/02/02 22:36:46 1.115 @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.114 2021/01/26 00:49:30 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.115 2021/02/02 22:36:46 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -3358,10 +3358,12 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) { char *tname = NULL, *curve = NULL, *xmss_name = NULL; + char *expect_sk_application = NULL; struct sshkey *k = NULL; size_t pklen = 0, sklen = 0; int type, r = SSH_ERR_INTERNAL_ERROR; u_char *ed25519_pk = NULL, *ed25519_sk = NULL; + u_char *expect_ed25519_pk = NULL; u_char *xmss_pk = NULL, *xmss_sk = NULL; #ifdef WITH_OPENSSL BIGNUM *exponent = NULL; @@ -3394,6 +3396,14 @@ r = SSH_ERR_KEY_CERT_MISMATCH; goto out; } + /* + * Several fields are redundant between certificate and + * private key body, we require these to match. + */ + expect_sk_application = k->sk_application; + expect_ed25519_pk = k->ed25519_pk; + k->sk_application = NULL; + k->ed25519_pk = NULL; } else { if ((k = sshkey_new(type)) == NULL) { r = SSH_ERR_ALLOC_FAIL; @@ -3613,6 +3623,13 @@ break; } #endif /* WITH_OPENSSL */ + if ((expect_sk_application != NULL && (k->sk_application == NULL || + strcmp(expect_sk_application, k->sk_application) != 0)) || + (expect_ed25519_pk != NULL && (k->ed25519_pk == NULL || + memcmp(expect_ed25519_pk, k->ed25519_pk, ED25519_PK_SZ) != 0))) { + r = SSH_ERR_KEY_CERT_MISMATCH; + goto out; + } /* success */ r = 0; if (kp != NULL) { @@ -3642,6 +3659,8 @@ free(xmss_name); freezero(xmss_pk, pklen); freezero(xmss_sk, sklen); + free(expect_sk_application); + free(expect_ed25519_pk); return r; }