aboutsummaryrefslogtreecommitdiff
path: root/src/pki.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/pki.c')
-rw-r--r--src/pki.c24
1 files changed, 14 insertions, 10 deletions
diff --git a/src/pki.c b/src/pki.c
index f99be0ac..2ee1bb5b 100644
--- a/src/pki.c
+++ b/src/pki.c
@@ -162,7 +162,14 @@ void ssh_key_clean (ssh_key key){
}
#endif
if (key->ed25519_privkey != NULL){
+#ifdef HAVE_OPENSSL_ED25519
+ /* In OpenSSL implementation the private key is only the private
+ * original seed. In the internal implementation the private key is the
+ * concatenation of the original private seed with the public key.*/
+ explicit_bzero(key->ed25519_privkey, ED25519_KEY_LEN);
+#else
explicit_bzero(key->ed25519_privkey, sizeof(ed25519_privkey));
+#endif
SAFE_FREE(key->ed25519_privkey);
}
SAFE_FREE(key->ed25519_pubkey);
@@ -679,7 +686,10 @@ void ssh_signature_free(ssh_signature sig)
#endif
break;
case SSH_KEYTYPE_ED25519:
+#ifndef HAVE_OPENSSL_ED25519
+ /* When using OpenSSL, the signature is stored in sig->raw_sig */
SAFE_FREE(sig->ed25519_sig);
+#endif
break;
case SSH_KEYTYPE_DSS_CERT01:
case SSH_KEYTYPE_RSA_CERT01:
@@ -1321,21 +1331,21 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer,
case SSH_KEYTYPE_ED25519:
{
ssh_string pubkey = ssh_buffer_get_ssh_string(buffer);
- if (ssh_string_len(pubkey) != ED25519_PK_LEN) {
+ if (ssh_string_len(pubkey) != ED25519_KEY_LEN) {
SSH_LOG(SSH_LOG_WARN, "Invalid public key length");
ssh_string_burn(pubkey);
ssh_string_free(pubkey);
goto fail;
}
- key->ed25519_pubkey = malloc(ED25519_PK_LEN);
+ key->ed25519_pubkey = malloc(ED25519_KEY_LEN);
if (key->ed25519_pubkey == NULL) {
ssh_string_burn(pubkey);
ssh_string_free(pubkey);
goto fail;
}
- memcpy(key->ed25519_pubkey, ssh_string_data(pubkey), ED25519_PK_LEN);
+ memcpy(key->ed25519_pubkey, ssh_string_data(pubkey), ED25519_KEY_LEN);
ssh_string_burn(pubkey);
ssh_string_free(pubkey);
}
@@ -2259,7 +2269,7 @@ int ssh_pki_signature_verify(ssh_session session,
return SSH_ERROR;
}
- rc = pki_signature_verify(session, sig, key, input, input_len);
+ rc = pki_verify_data_signature(sig, key, input, input_len);
return rc;
}
@@ -2283,12 +2293,6 @@ ssh_signature pki_do_sign(const ssh_key privkey,
return NULL;
}
- if (privkey->type == SSH_KEYTYPE_ED25519 ||
- privkey->type == SSH_KEYTYPE_ED25519_CERT01)
- {
- return pki_do_sign_hash(privkey, input, input_len, SSH_DIGEST_AUTO);
- }
-
return pki_sign_data(privkey, hash_type, input, input_len);
}