From 0ea9e39e81a4d6e7a57e733be02da1d7e969aef2 Mon Sep 17 00:00:00 2001
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date: Tue, 30 Apr 2019 15:31:19 +0200
Subject: [PATCH] pki: Add a common place to store raw signatures

This is a preparation to store the raw signature for all algorithms in
the same place in ssh_signature.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 include/libssh/pki.h | 1 +
 src/pki.c            | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/include/libssh/pki.h b/include/libssh/pki.h
index 0f0fac5d..13cd3747 100644
--- a/include/libssh/pki.h
+++ b/include/libssh/pki.h
@@ -88,6 +88,7 @@ struct ssh_signature_struct {
     struct mbedtls_ecdsa_sig ecdsa_sig;
 #endif /* HAVE_LIBGCRYPT */
     ed25519_signature *ed25519_sig;
+    ssh_string raw_sig;
 };
 
 typedef struct ssh_signature_struct *ssh_signature;
diff --git a/src/pki.c b/src/pki.c
index 9dbcd317..a8da2b93 100644
--- a/src/pki.c
+++ b/src/pki.c
@@ -629,6 +629,9 @@ void ssh_signature_free(ssh_signature sig)
             break;
     }
 
+    /* Explicitly zero the signature content before free */
+    ssh_string_burn(sig->raw_sig);
+    ssh_string_free(sig->raw_sig);
     SAFE_FREE(sig);
 }