shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-10 10:26:47 +09:00
Code Issues Packages Projects Releases Wiki Activity

pki: Set ECDSA signature buffers secure

Browse Source 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>
(cherry picked from commit b8e587e498)
This commit is contained in:
Jakub Jelen
2025-06-03 10:18:26 +02:00
parent 991b4422bd
commit e4ede51d87
2 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/pki_crypto.c
View File

@@ -2078,6 +2078,9 @@ static int pki_signature_from_ecdsa_blob(UNUSED_PARAM(const ssh_key pubkey),
return SSH_ERROR; return SSH_ERROR;
} }
/* The buffer will contain sensitive information. Make sure it is erased */
ssh_buffer_set_secure(buf);
rc = ssh_buffer_add_data(buf, rc = ssh_buffer_add_data(buf,
ssh_string_data(sig_blob), ssh_string_data(sig_blob),
ssh_string_len(sig_blob)); ssh_string_len(sig_blob));

2
src/pki_gcrypt.c
View File

@@ -1846,6 +1846,8 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
ssh_signature_free(sig); ssh_signature_free(sig);
return NULL; return NULL;
} }
/* The buffer will contain sensitive information. */
ssh_buffer_set_secure(b);
rc = ssh_buffer_add_data(b, rc = ssh_buffer_add_data(b,
ssh_string_data(sig_blob), ssh_string_data(sig_blob),