fix(739) SignatureECDSAN destroying private key

mwiede · Jan 7, 2025 · 9d2dfad · 9d2dfad
1 parent 323a82a
commit 9d2dfad
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/src/main/java/com/jcraft/jsch/KeyPairECDSA.java b/src/main/java/com/jcraft/jsch/KeyPairECDSA.java
@@ -345,13 +345,16 @@ public int getKeySize() {
 
   @Override
   public byte[] getSignature(byte[] data) {
+    byte[] keyCopy = null;
     try {
       Class<? extends SignatureECDSA> c =
           Class.forName(JSch.getConfig("ecdsa-sha2-" + Util.byte2str(name)))
               .asSubclass(SignatureECDSA.class);
       SignatureECDSA ecdsa = c.getDeclaredConstructor().newInstance();
       ecdsa.init();
-      ecdsa.setPrvKey(prv_array);
+      // https://github.com/mwiede/jsch/issues/739 : prv_array could be destroyed by ecdsa signing
+      keyCopy = Arrays.copyOf(prv_array, prv_array.length);
+      ecdsa.setPrvKey(keyCopy);
 
       ecdsa.update(data);
       byte[] sig = ecdsa.sign();
@@ -364,6 +367,8 @@ public byte[] getSignature(byte[] data) {
       if (instLogger.getLogger().isEnabled(Logger.ERROR)) {
         instLogger.getLogger().log(Logger.ERROR, "failed to generate signature", e);
       }
+    } finally {
+      Util.bzero(keyCopy);
     }
     return null;
   }
@@ -390,7 +395,8 @@ public Signature getVerifier() {
         r_array = tmp[0];
         s_array = tmp[1];
       }
-      ecdsa.setPubKey(r_array, s_array);
+      // https://github.com/mwiede/jsch/issues/739 : keys could be destroyed by ecdsa verification
+      ecdsa.setPubKey(Arrays.copyOf(r_array, r_array.length), Arrays.copyOf(s_array, s_array.length));
       return ecdsa;
     } catch (Exception e) {
       if (instLogger.getLogger().isEnabled(Logger.ERROR)) {