diff --git a/src/internal.c b/src/internal.c index d1d23d96e..f59a4359f 100644 --- a/src/internal.c +++ b/src/internal.c @@ -5014,8 +5014,13 @@ static int ParseEd25519PubKey(WOLFSSH *ssh, if (ret == WS_SUCCESS) { ret = wc_ed25519_import_public(encA, encASz, &sigKeyBlock_ptr->sk.ed25519.key); - if (ret != 0) + if (ret != 0) { ret = WS_ED25519_E; + } + } + + if (ret == 0) { + sigKeyBlock_ptr->keyAllocated = 1; } return ret; } @@ -5328,6 +5333,11 @@ static void FreePubKey(struct wolfSSH_sigKeyBlock *p) wc_ecc_free(&p->sk.ecc.key); #endif } + else if (p->useEd25519) { + #ifndef WOLFSSH_NO_ED25519 + wc_ed25519_free(&p->sk.ed25519.key); + #endif + } p->keyAllocated = 0; } } @@ -14090,10 +14100,12 @@ static int BuildUserAuthRequestRsa(WOLFSSH* ssh, if (ret == WS_SUCCESS) { WMEMSET(digest, 0, sizeof(digest)); ret = wc_HashInit(&hash, hashId); - if (ret == WS_SUCCESS) + if (ret == WS_SUCCESS) { ret = HashUpdate(&hash, hashId, checkData, checkDataSz); - if (ret == WS_SUCCESS) - ret = wc_HashFinal(&hash, hashId, digest); + if (ret == WS_SUCCESS) + ret = wc_HashFinal(&hash, hashId, digest); + wc_HashFree(&hash, hashId); + } } if (ret == WS_SUCCESS) { @@ -14324,11 +14336,12 @@ static int BuildUserAuthRequestRsaCert(WOLFSSH* ssh, WMEMSET(digest, 0, sizeof(digest)); ret = wc_HashInit(&hash, hashId); - if (ret == WS_SUCCESS) + if (ret == WS_SUCCESS) { ret = HashUpdate(&hash, hashId, checkData, checkDataSz); - if (ret == WS_SUCCESS) - ret = wc_HashFinal(&hash, hashId, digest); - + if (ret == WS_SUCCESS) + ret = wc_HashFinal(&hash, hashId, digest); + wc_HashFree(&hash, hashId); + } if (ret == WS_SUCCESS) { c32toa(keySig->sigSz + 7 + LENGTH_SZ * 2, output + begin); begin += LENGTH_SZ; @@ -14547,16 +14560,18 @@ static int BuildUserAuthRequestEcc(WOLFSSH* ssh, if (ret == WS_SUCCESS) { WLOG(WS_LOG_INFO, "Signing hash with ECDSA."); ret = wc_HashInit(&hash, hashId); - if (ret == WS_SUCCESS) + if (ret == WS_SUCCESS) { ret = HashUpdate(&hash, hashId, checkData, checkDataSz); - if (ret == WS_SUCCESS) - ret = wc_HashFinal(&hash, hashId, digest); - if (ret == WS_SUCCESS) - ret = wc_ecc_sign_hash(digest, digestSz, sig_ptr, &sigSz, - ssh->rng, &keySig->ks.ecc.key); - if (ret != WS_SUCCESS) { - WLOG(WS_LOG_DEBUG, "SUAR: Bad ECC Sign"); - ret = WS_ECC_E; + if (ret == WS_SUCCESS) + ret = wc_HashFinal(&hash, hashId, digest); + if (ret == WS_SUCCESS) + ret = wc_ecc_sign_hash(digest, digestSz, sig_ptr, &sigSz, + ssh->rng, &keySig->ks.ecc.key); + if (ret != WS_SUCCESS) { + WLOG(WS_LOG_DEBUG, "SUAR: Bad ECC Sign"); + ret = WS_ECC_E; + } + wc_HashFree(&hash, hashId); } } @@ -14787,16 +14802,18 @@ static int BuildUserAuthRequestEccCert(WOLFSSH* ssh, if (ret == WS_SUCCESS) { WLOG(WS_LOG_INFO, "Signing hash with ECDSA cert."); ret = wc_HashInit(&hash, hashId); - if (ret == WS_SUCCESS) + if (ret == WS_SUCCESS) { ret = HashUpdate(&hash, hashId, checkData, checkDataSz); - if (ret == WS_SUCCESS) - ret = wc_HashFinal(&hash, hashId, digest); - if (ret == WS_SUCCESS) - ret = wc_ecc_sign_hash(digest, digestSz, sig, &sigSz, - ssh->rng, &keySig->ks.ecc.key); - if (ret != WS_SUCCESS) { - WLOG(WS_LOG_DEBUG, "SUAR: Bad ECC Cert Sign"); - ret = WS_ECC_E; + if (ret == WS_SUCCESS) + ret = wc_HashFinal(&hash, hashId, digest); + if (ret == WS_SUCCESS) + ret = wc_ecc_sign_hash(digest, digestSz, sig, &sigSz, + ssh->rng, &keySig->ks.ecc.key); + if (ret != WS_SUCCESS) { + WLOG(WS_LOG_DEBUG, "SUAR: Bad ECC Cert Sign"); + ret = WS_ECC_E; + } + wc_HashFree(&hash, hashId); } }