shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-11 18:50:28 +09:00
Code Issues Packages Projects Releases Wiki Activity

ed25519: Avoid timing leak when comparing private keys

Browse Source 
This affects libgcrypt and mbedTLS backends. The OpenSSL backend is
using OpenSSL implementation of the Ed25519 which is compared correctly.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Pavol Žáčik <pzacik@redhat.com>
This commit is contained in:
Jakub Jelen
2026-01-08 12:46:56 +01:00
parent b90b7f2451
commit 5654c593df
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/pki_ed25519.c
View File

@@ -104,9 +104,9 @@ pki_ed25519_key_cmp(const ssh_key k1, const ssh_key k2, enum ssh_keycmp_e what)
} }
/* In the internal implementation, the private key is the concatenation /* In the internal implementation, the private key is the concatenation
* of the private seed with the public key. */ * of the private seed with the public key. */
cmp = memcmp(k1->ed25519_privkey, cmp = secure_memcmp(k1->ed25519_privkey,
k2->ed25519_privkey, k2->ed25519_privkey,
2 * ED25519_KEY_LEN); 2 * ED25519_KEY_LEN);
if (cmp != 0) { if (cmp != 0) {
return 1; return 1;
} }