diff options
Diffstat (limited to 'src/pki.c')
-rw-r--r-- | src/pki.c | 24 |
1 files changed, 14 insertions, 10 deletions
@@ -162,7 +162,14 @@ void ssh_key_clean (ssh_key key){ } #endif if (key->ed25519_privkey != NULL){ +#ifdef HAVE_OPENSSL_ED25519 + /* In OpenSSL implementation the private key is only the private + * original seed. In the internal implementation the private key is the + * concatenation of the original private seed with the public key.*/ + explicit_bzero(key->ed25519_privkey, ED25519_KEY_LEN); +#else explicit_bzero(key->ed25519_privkey, sizeof(ed25519_privkey)); +#endif SAFE_FREE(key->ed25519_privkey); } SAFE_FREE(key->ed25519_pubkey); @@ -679,7 +686,10 @@ void ssh_signature_free(ssh_signature sig) #endif break; case SSH_KEYTYPE_ED25519: +#ifndef HAVE_OPENSSL_ED25519 + /* When using OpenSSL, the signature is stored in sig->raw_sig */ SAFE_FREE(sig->ed25519_sig); +#endif break; case SSH_KEYTYPE_DSS_CERT01: case SSH_KEYTYPE_RSA_CERT01: @@ -1321,21 +1331,21 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer, case SSH_KEYTYPE_ED25519: { ssh_string pubkey = ssh_buffer_get_ssh_string(buffer); - if (ssh_string_len(pubkey) != ED25519_PK_LEN) { + if (ssh_string_len(pubkey) != ED25519_KEY_LEN) { SSH_LOG(SSH_LOG_WARN, "Invalid public key length"); ssh_string_burn(pubkey); ssh_string_free(pubkey); goto fail; } - key->ed25519_pubkey = malloc(ED25519_PK_LEN); + key->ed25519_pubkey = malloc(ED25519_KEY_LEN); if (key->ed25519_pubkey == NULL) { ssh_string_burn(pubkey); ssh_string_free(pubkey); goto fail; } - memcpy(key->ed25519_pubkey, ssh_string_data(pubkey), ED25519_PK_LEN); + memcpy(key->ed25519_pubkey, ssh_string_data(pubkey), ED25519_KEY_LEN); ssh_string_burn(pubkey); ssh_string_free(pubkey); } @@ -2259,7 +2269,7 @@ int ssh_pki_signature_verify(ssh_session session, return SSH_ERROR; } - rc = pki_signature_verify(session, sig, key, input, input_len); + rc = pki_verify_data_signature(sig, key, input, input_len); return rc; } @@ -2283,12 +2293,6 @@ ssh_signature pki_do_sign(const ssh_key privkey, return NULL; } - if (privkey->type == SSH_KEYTYPE_ED25519 || - privkey->type == SSH_KEYTYPE_ED25519_CERT01) - { - return pki_do_sign_hash(privkey, input, input_len, SSH_DIGEST_AUTO); - } - return pki_sign_data(privkey, hash_type, input, input_len); } |