ports/libssh
ports/libssh
1
1
Форкнуть 0
Код Релизы 1 Активность

keys: Remove obsolete ssh_do_sign().

Просмотр исходного кода
Этот коммит содержится в:
Andreas Schneider 2011-08-23 21:37:21 +02:00
родитель c5643c0967
Коммит 1a56892e9f
2 изменённых файлов: 0 добавлений и 145 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

5
include/libssh/keys.h
Просмотреть файл

@ -71,12 +71,7 @@ ssh_public_key publickey_make_dss(ssh_session session, ssh_buffer buffer);
ssh_public_key publickey_make_rsa(ssh_session session, ssh_buffer buffer, int type); ssh_public_key publickey_make_rsa(ssh_session session, ssh_buffer buffer, int type);
ssh_public_key publickey_from_string(ssh_session session, ssh_string pubkey_s); ssh_public_key publickey_from_string(ssh_session session, ssh_string pubkey_s);
ssh_string signature_to_string(SIGNATURE *sign); ssh_string signature_to_string(SIGNATURE *sign);
#if defined HAVE_LIBCRYPTO
ssh_string RSA_do_sign(const unsigned char *payload, int len, RSA *privkey);
#endif
SIGNATURE *signature_from_string(ssh_session session, ssh_string signature,ssh_public_key pubkey,int needed_type); SIGNATURE *signature_from_string(ssh_session session, ssh_string signature,ssh_public_key pubkey,int needed_type);
void signature_free(SIGNATURE *sign); void signature_free(SIGNATURE *sign);
ssh_string ssh_do_sign(ssh_session session,ssh_buffer sigbuf,
ssh_private_key privatekey);
#endif /* KEYS_H_ */ #endif /* KEYS_H_ */

140
src/keys.c
Просмотреть файл

@ -295,146 +295,6 @@ void signature_free(SIGNATURE *sign) {
SAFE_FREE(sign); SAFE_FREE(sign);
} }
#ifdef HAVE_LIBCRYPTO
/*
* Maybe the missing function from libcrypto
*
* I think now, maybe it's a bad idea to name it has it should have be
* named in libcrypto
*/
ssh_string RSA_do_sign(const unsigned char *payload, int len, RSA *privkey) {
ssh_string sign = NULL;
unsigned char *buffer = NULL;
unsigned int size;
buffer = malloc(RSA_size(privkey));
if (buffer == NULL) {
return NULL;
}
if (RSA_sign(NID_sha1, payload, len, buffer, &size, privkey) == 0) {
SAFE_FREE(buffer);
return NULL;
}
sign = ssh_string_new(size);
if (sign == NULL) {
SAFE_FREE(buffer);
return NULL;
}
ssh_string_fill(sign, buffer, size);
SAFE_FREE(buffer);
return sign;
}
#endif
/*
* This function signs the session id (known as H) as a string then
* the content of sigbuf */
ssh_string ssh_do_sign(ssh_session session, ssh_buffer sigbuf,
ssh_private_key privatekey) {
struct ssh_crypto_struct *crypto = session->current_crypto ? session->current_crypto :
session->next_crypto;
unsigned char hash[SHA_DIGEST_LEN + 1] = {0};
ssh_string session_str = NULL;
ssh_string signature = NULL;
SIGNATURE *sign = NULL;
SHACTX ctx = NULL;
#ifdef HAVE_LIBGCRYPT
gcry_sexp_t gcryhash;
#endif
session_str = ssh_string_new(crypto->digest_len);
if (session_str == NULL) {
return NULL;
}
ssh_string_fill(session_str, crypto->session_id, crypto->digest_len);
ctx = sha1_init();
if (ctx == NULL) {
ssh_string_free(session_str);
return NULL;
}
sha1_update(ctx, session_str, ssh_string_len(session_str) + 4);
ssh_string_free(session_str);
sha1_update(ctx, buffer_get_rest(sigbuf), buffer_get_rest_len(sigbuf));
sha1_final(hash + 1,ctx);
hash[0] = 0;
#ifdef DEBUG_CRYPTO
ssh_print_hexa("Hash being signed with dsa", hash + 1, SHA_DIGEST_LEN);
#endif
sign = malloc(sizeof(SIGNATURE));
if (sign == NULL) {
return NULL;
}
switch(privatekey->type) {
case SSH_KEYTYPE_DSS:
#ifdef HAVE_LIBGCRYPT
if (gcry_sexp_build(&gcryhash, NULL, "%b", SHA_DIGEST_LEN + 1, hash) ||
gcry_pk_sign(&sign->dsa_sign, gcryhash, privatekey->dsa_priv)) {
ssh_set_error(session, SSH_FATAL, "Signing: libcrypt error");
gcry_sexp_release(gcryhash);
signature_free(sign);
return NULL;
}
#elif defined HAVE_LIBCRYPTO
sign->dsa_sign = DSA_do_sign(hash + 1, SHA_DIGEST_LEN,
privatekey->dsa_priv);
if (sign->dsa_sign == NULL) {
ssh_set_error(session, SSH_FATAL, "Signing: openssl error");
signature_free(sign);
return NULL;
}
#ifdef DEBUG_CRYPTO
ssh_print_bignum("r", sign->dsa_sign->r);
ssh_print_bignum("s", sign->dsa_sign->s);
#endif
#endif /* HAVE_LIBCRYPTO */
sign->rsa_sign = NULL;
break;
case SSH_KEYTYPE_RSA:
#ifdef HAVE_LIBGCRYPT
if (gcry_sexp_build(&gcryhash, NULL, "(data(flags pkcs1)(hash sha1 %b))",
SHA_DIGEST_LEN, hash + 1) ||
gcry_pk_sign(&sign->rsa_sign, gcryhash, privatekey->rsa_priv)) {
ssh_set_error(session, SSH_FATAL, "Signing: libcrypt error");
gcry_sexp_release(gcryhash);
signature_free(sign);
return NULL;
}
#elif defined HAVE_LIBCRYPTO
sign->rsa_sign = RSA_do_sign(hash + 1, SHA_DIGEST_LEN,
privatekey->rsa_priv);
if (sign->rsa_sign == NULL) {
ssh_set_error(session, SSH_FATAL, "Signing: openssl error");
signature_free(sign);
return NULL;
}
#endif
sign->dsa_sign = NULL;
break;
default:
signature_free(sign);
return NULL;
}
#ifdef HAVE_LIBGCRYPT
gcry_sexp_release(gcryhash);
#endif
sign->type = privatekey->type;
signature = signature_to_string(sign);
signature_free(sign);
return signature;
}
/** @} */ /** @} */
/* vim: set ts=4 sw=4 et cindent: */ /* vim: set ts=4 sw=4 et cindent: */