diff options
| author | Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | 2019-08-22 18:11:13 +0200 |
|---|---|---|
| committer | Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | 2019-09-24 16:49:35 +0200 |
| commit | 2a2c1c98bf4129f4c70ec1fef6558c2e5af15e5d (patch) | |
| tree | 96005f242de1ace1d2a8bc62b80dc37318e39e2f /src/pki.c | |
| parent | bdcaf55b906bedb84df1cf0637137f674dd5ce64 (diff) | |
| download | libssh-2a2c1c98bf4129f4c70ec1fef6558c2e5af15e5d.tar.gz libssh-2a2c1c98bf4129f4c70ec1fef6558c2e5af15e5d.tar.xz libssh-2a2c1c98bf4129f4c70ec1fef6558c2e5af15e5d.zip | |
pki_crypto: Use OpenSSL for Ed25519 signatures
Use OpenSSL to generate and verify Ed25519 signatures, if supported.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Diffstat (limited to 'src/pki.c')
| -rw-r--r-- | src/pki.c | 24 |
1 files changed, 14 insertions, 10 deletions
@@ -162,7 +162,14 @@ void ssh_key_clean (ssh_key key){ } #endif if (key->ed25519_privkey != NULL){ +#ifdef HAVE_OPENSSL_ED25519 + /* In OpenSSL implementation the private key is only the private + * original seed. In the internal implementation the private key is the + * concatenation of the original private seed with the public key.*/ + explicit_bzero(key->ed25519_privkey, ED25519_KEY_LEN); +#else explicit_bzero(key->ed25519_privkey, sizeof(ed25519_privkey)); +#endif SAFE_FREE(key->ed25519_privkey); } SAFE_FREE(key->ed25519_pubkey); @@ -679,7 +686,10 @@ void ssh_signature_free(ssh_signature sig) #endif break; case SSH_KEYTYPE_ED25519: +#ifndef HAVE_OPENSSL_ED25519 + /* When using OpenSSL, the signature is stored in sig->raw_sig */ SAFE_FREE(sig->ed25519_sig); +#endif break; case SSH_KEYTYPE_DSS_CERT01: case SSH_KEYTYPE_RSA_CERT01: @@ -1321,21 +1331,21 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer, case SSH_KEYTYPE_ED25519: { ssh_string pubkey = ssh_buffer_get_ssh_string(buffer); - if (ssh_string_len(pubkey) != ED25519_PK_LEN) { + if (ssh_string_len(pubkey) != ED25519_KEY_LEN) { SSH_LOG(SSH_LOG_WARN, "Invalid public key length"); ssh_string_burn(pubkey); ssh_string_free(pubkey); goto fail; } - key->ed25519_pubkey = malloc(ED25519_PK_LEN); + key->ed25519_pubkey = malloc(ED25519_KEY_LEN); if (key->ed25519_pubkey == NULL) { ssh_string_burn(pubkey); ssh_string_free(pubkey); goto fail; } - memcpy(key->ed25519_pubkey, ssh_string_data(pubkey), ED25519_PK_LEN); + memcpy(key->ed25519_pubkey, ssh_string_data(pubkey), ED25519_KEY_LEN); ssh_string_burn(pubkey); ssh_string_free(pubkey); } @@ -2259,7 +2269,7 @@ int ssh_pki_signature_verify(ssh_session session, return SSH_ERROR; } - rc = pki_signature_verify(session, sig, key, input, input_len); + rc = pki_verify_data_signature(sig, key, input, input_len); return rc; } @@ -2283,12 +2293,6 @@ ssh_signature pki_do_sign(const ssh_key privkey, return NULL; } - if (privkey->type == SSH_KEYTYPE_ED25519 || - privkey->type == SSH_KEYTYPE_ED25519_CERT01) - { - return pki_do_sign_hash(privkey, input, input_len, SSH_DIGEST_AUTO); - } - return pki_sign_data(privkey, hash_type, input, input_len); } |