From d604d7f872cf1da32b38fdcb8ab405df02e88259 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 21 Sep 2023 18:02:08 +0200
Subject: [PATCH] pki: Make sure public keys match when adding certificate data

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
---
 src/pki.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/pki.c b/src/pki.c
index 92224664..b07a5f67 100644
--- a/src/pki.c
+++ b/src/pki.c
@@ -2162,7 +2162,7 @@ int ssh_pki_export_pubkey_file(const ssh_key key,
  **/
 int ssh_pki_copy_cert_to_privkey(const ssh_key certkey, ssh_key privkey) {
   ssh_buffer cert_buffer;
-  int rc;
+  int rc, cmp;
 
   if (certkey == NULL || privkey == NULL) {
       return SSH_ERROR;
@@ -2176,6 +2176,12 @@ int ssh_pki_copy_cert_to_privkey(const ssh_key certkey, ssh_key privkey) {
       return SSH_ERROR;
   }
 
+  /* make sure the public keys match */
+  cmp = ssh_key_cmp(certkey, privkey, SSH_KEY_CMP_PUBLIC);
+  if (cmp != 0) {
+    return SSH_ERROR;
+  }
+
   cert_buffer = ssh_buffer_new();
   if (cert_buffer == NULL) {
       return SSH_ERROR;