ports/libssh
ports/libssh
1
1
Форкнуть 0
Код Релизы 1 Активность

pki: Remove unused function pki_signature_verify()

Просмотр исходного кода 
This removes unused function pki_signature_verify()
from pki_{crypto, mbedcrypto, gcrypt}.  The function was also removed
from include/libssh/pki_priv.h.  The function ssh_pki_signature_verify()
was changed to receive a const unsigned char *input.

All tests calling pki_signature_verify() were changed to call
ssh_pki_signature_verify() instead.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Этот коммит содержится в:
Anderson Toshiyuki Sasaki 2019-08-23 13:30:46 +02:00
родитель 2a2c1c98bf
Коммит 55cd04fbee
12 изменённых файлов: 35 добавлений и 157 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
include/libssh/pki.h
Просмотреть файл

@ -133,7 +133,7 @@ int ssh_pki_import_signature_blob(const ssh_string sig_blob,
int ssh_pki_signature_verify(ssh_session session,
ssh_signature sig,
const ssh_key key,
unsigned char *digest,
const unsigned char *digest,
size_t dlen);
/* SSH Public Key Functions */

5
include/libssh/pki_priv.h
Просмотреть файл

@ -124,11 +124,6 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
const ssh_string sig_blob,
enum ssh_keytypes_e type,
enum ssh_digest_e hash_type);
int pki_signature_verify(ssh_session session,
const ssh_signature sig,
const ssh_key key,
const unsigned char *input,
size_t input_len);
/* SSH Signing Functions */
ssh_signature pki_do_sign(const ssh_key privkey,

2
src/pki.c
Просмотреть файл

@ -2239,7 +2239,7 @@ int pki_key_check_hash_compatible(ssh_key key,
int ssh_pki_signature_verify(ssh_session session,
ssh_signature sig,
const ssh_key key,
unsigned char *input,
const unsigned char *input,
size_t input_len)
{
int rc;

40
src/pki_crypto.c
Просмотреть файл

@ -1856,46 +1856,6 @@ error:
return NULL;
}
int pki_signature_verify(ssh_session session,
const ssh_signature sig,
const ssh_key key,
const unsigned char *input,
size_t input_len)
{
int rc;
if (session == NULL || sig == NULL || key == NULL || input == NULL) {
SSH_LOG(SSH_LOG_TRACE, "Bad parameter provided to "
"pki_signature_verify()");
return SSH_ERROR;
}
if (ssh_key_type_plain(key->type) != sig->type) {
SSH_LOG(SSH_LOG_WARN,
"Can not verify %s signature with %s key",
sig->type_c,
key->type_c);
return SSH_ERROR;
}
/* Check if public key and hash type are compatible */
rc = pki_key_check_hash_compatible(key, sig->hash_type);
if (rc != SSH_OK) {
return SSH_ERROR;
}
rc = pki_verify_data_signature(sig, key, input, input_len);
if (rc != SSH_OK){
ssh_set_error(session,
SSH_FATAL,
"Signature verification error");
return SSH_ERROR;
}
return SSH_OK;
}
static const EVP_MD *pki_digest_to_md(enum ssh_digest_e hash_type)
{
const EVP_MD *md = NULL;

41
src/pki_gcrypt.c
Просмотреть файл

@ -2087,47 +2087,6 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
return sig;
}
int pki_signature_verify(ssh_session session,
const ssh_signature sig,
const ssh_key key,
const unsigned char *input,
size_t input_len)
{
int rc;
if (session == NULL || sig == NULL || key == NULL || input == NULL) {
SSH_LOG(SSH_LOG_TRACE, "Bad parameter provided to "
"pki_signature_verify()");
return SSH_ERROR;
}
if (ssh_key_type_plain(key->type) != sig->type) {
SSH_LOG(SSH_LOG_WARN,
"Can not verify %s signature with %s key",
sig->type_c,
key->type_c);
return SSH_ERROR;
}
/* Check if public key and hash type are compatible */
rc = pki_key_check_hash_compatible(key, sig->hash_type);
if (rc != SSH_OK) {
return SSH_ERROR;
}
/* For the other key types, calculate the hash and verify the signature */
rc = pki_verify_data_signature(sig, key, input, input_len);
if (rc != SSH_OK){
ssh_set_error(session,
SSH_FATAL,
"Signature verification error");
return SSH_ERROR;
}
return SSH_OK;
}
ssh_signature pki_do_sign_hash(const ssh_key privkey,
const unsigned char *hash,
size_t hlen,

36
src/pki_mbedcrypto.c
Просмотреть файл

@ -1022,42 +1022,6 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
return sig;
}
int pki_signature_verify(ssh_session session, const ssh_signature sig, const
ssh_key key, const unsigned char *input, size_t input_len)
{
int rc;
if (session == NULL || sig == NULL || key == NULL || input == NULL) {
SSH_LOG(SSH_LOG_TRACE, "Bad parameter provided to "
"pki_signature_verify()");
return SSH_ERROR;
}
if (ssh_key_type_plain(key->type) != sig->type) {
SSH_LOG(SSH_LOG_WARN,
"Can not verify %s signature with %s key",
sig->type_c,
key->type_c);
return SSH_ERROR;
}
/* Check if public key and hash type are compatible */
rc = pki_key_check_hash_compatible(key, sig->hash_type);
if (rc != SSH_OK) {
return SSH_ERROR;
}
rc = pki_verify_data_signature(sig, key, input, input_len);
if (rc != SSH_OK){
ssh_set_error(session,
SSH_FATAL,
"Signature verification error");
return SSH_ERROR;
}
return SSH_OK;
}
static ssh_string rsa_do_sign_hash(const unsigned char *digest,
int dlen,
mbedtls_pk_context *privkey,

8
tests/unittests/torture_pki.c
Просмотреть файл

@ -331,7 +331,7 @@ static void torture_pki_verify_mismatch(void **state)
assert_int_equal(import_sig->type, key->type);
assert_string_equal(import_sig->type_c, skey_attrs.sig_type_c);
rc = pki_signature_verify(session,
rc = ssh_pki_signature_verify(session,
import_sig,
pubkey,
INPUT,
@ -374,7 +374,7 @@ static void torture_pki_verify_mismatch(void **state)
assert_non_null(verify_pubkey);
/* Should gracefully fail, but not crash */
rc = pki_signature_verify(session,
rc = ssh_pki_signature_verify(session,
sign,
verify_pubkey,
INPUT,
@ -382,7 +382,7 @@ static void torture_pki_verify_mismatch(void **state)
assert_true(rc != SSH_OK);
/* Try the same with the imported signature */
rc = pki_signature_verify(session,
rc = ssh_pki_signature_verify(session,
import_sig,
verify_pubkey,
INPUT,
@ -401,7 +401,7 @@ static void torture_pki_verify_mismatch(void **state)
assert_string_equal(new_sig->type_c, skey_attrs.sig_type_c);
/* The verification should not work */
rc = pki_signature_verify(session,
rc = ssh_pki_signature_verify(session,
new_sig,
verify_pubkey,
INPUT,

8
tests/unittests/torture_pki_dsa.c
Просмотреть файл

@ -809,7 +809,7 @@ static void torture_pki_dsa_generate_key(void **state)
assert_non_null(pubkey);
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA1);
assert_non_null(sign);
rc = pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
assert_true(rc == SSH_OK);
ssh_signature_free(sign);
SSH_KEY_FREE(key);
@ -823,7 +823,7 @@ static void torture_pki_dsa_generate_key(void **state)
assert_non_null(pubkey);
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA1);
assert_non_null(sign);
rc = pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
assert_true(rc == SSH_OK);
ssh_signature_free(sign);
SSH_KEY_FREE(key);
@ -837,7 +837,7 @@ static void torture_pki_dsa_generate_key(void **state)
assert_non_null(pubkey);
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA1);
assert_non_null(sign);
rc = pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
assert_true(rc == SSH_OK);
ssh_signature_free(sign);
SSH_KEY_FREE(key);
@ -868,7 +868,7 @@ static void torture_pki_dsa_cert_verify(void **state)
sign = pki_do_sign(privkey, INPUT, sizeof(INPUT), SSH_DIGEST_SHA1);
assert_non_null(sign);
rc = pki_signature_verify(session, sign, cert, INPUT, sizeof(INPUT));
rc = ssh_pki_signature_verify(session, sign, cert, INPUT, sizeof(INPUT));
assert_true(rc == SSH_OK);
ssh_signature_free(sign);
SSH_KEY_FREE(privkey);

14
tests/unittests/torture_pki_ecdsa.c
Просмотреть файл

@ -546,7 +546,7 @@ static void torture_pki_generate_key_ecdsa(void **state)
assert_non_null(pubkey);
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA256);
assert_non_null(sign);
rc = pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
assert_true(rc == SSH_OK);
type = ssh_key_type(key);
assert_true(type == SSH_KEYTYPE_ECDSA_P256);
@ -568,7 +568,7 @@ static void torture_pki_generate_key_ecdsa(void **state)
assert_non_null(pubkey);
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA256);
assert_non_null(sign);
rc = pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
assert_true(rc == SSH_OK);
type = ssh_key_type(key);
assert_true(type == SSH_KEYTYPE_ECDSA_P256);
@ -589,7 +589,7 @@ static void torture_pki_generate_key_ecdsa(void **state)
assert_non_null(pubkey);
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA384);
assert_non_null(sign);
rc = pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
assert_true(rc == SSH_OK);
type = ssh_key_type(key);
assert_true(type == SSH_KEYTYPE_ECDSA_P384);
@ -611,7 +611,7 @@ static void torture_pki_generate_key_ecdsa(void **state)
assert_non_null(pubkey);
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA384);
assert_non_null(sign);
rc = pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
assert_true(rc == SSH_OK);
type = ssh_key_type(key);
assert_true(type == SSH_KEYTYPE_ECDSA_P384);
@ -632,7 +632,7 @@ static void torture_pki_generate_key_ecdsa(void **state)
assert_non_null(pubkey);
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA512);
assert_non_null(sign);
rc = pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
assert_true(rc == SSH_OK);
type = ssh_key_type(key);
assert_true(type == SSH_KEYTYPE_ECDSA_P521);
@ -654,7 +654,7 @@ static void torture_pki_generate_key_ecdsa(void **state)
assert_non_null(pubkey);
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA512);
assert_non_null(sign);
rc = pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
assert_true(rc == SSH_OK);
type = ssh_key_type(key);
assert_true(type == SSH_KEYTYPE_ECDSA_P521);
@ -696,7 +696,7 @@ static void torture_pki_ecdsa_cert_verify(void **state)
sign = pki_do_sign(privkey, INPUT, sizeof(INPUT), hash_type);
assert_non_null(sign);
rc = pki_signature_verify(session, sign, cert, INPUT, sizeof(INPUT));
rc = ssh_pki_signature_verify(session, sign, cert, INPUT, sizeof(INPUT));
assert_true(rc == SSH_OK);
ssh_signature_free(sign);
SSH_KEY_FREE(privkey);

12
tests/unittests/torture_pki_ed25519.c
Просмотреть файл

@ -440,7 +440,7 @@ static void torture_pki_ed25519_generate_key(void **state)
assert_non_null(pubkey);
sign = pki_do_sign(key, HASH, 20, SSH_DIGEST_AUTO);
assert_non_null(sign);
rc = pki_signature_verify(session, sign, pubkey, HASH, 20);
rc = ssh_pki_signature_verify(session, sign, pubkey, HASH, 20);
assert_true(rc == SSH_OK);
type = ssh_key_type(key);
assert_true(type == SSH_KEYTYPE_ED25519);
@ -455,7 +455,7 @@ static void torture_pki_ed25519_generate_key(void **state)
#endif
assert_non_null(raw_sig_data);
(raw_sig_data)[3]^= 0xff;
rc = pki_signature_verify(session, sign, pubkey, HASH, 20);
rc = ssh_pki_signature_verify(session, sign, pubkey, HASH, 20);
assert_true(rc == SSH_ERROR);
ssh_signature_free(sign);
@ -494,7 +494,7 @@ static void torture_pki_ed25519_cert_verify(void **state)
sign = pki_do_sign(privkey, HASH, 20, SSH_DIGEST_AUTO);
assert_non_null(sign);
rc = pki_signature_verify(session, sign, cert, HASH, 20);
rc = ssh_pki_signature_verify(session, sign, cert, HASH, 20);
assert_true(rc == SSH_OK);
ssh_signature_free(sign);
SSH_KEY_FREE(privkey);
@ -683,7 +683,7 @@ static void torture_pki_ed25519_verify(void **state){
sig = pki_signature_from_blob(pubkey, blob, SSH_KEYTYPE_ED25519, SSH_DIGEST_AUTO);
assert_non_null(sig);
rc = pki_signature_verify(session, sig, pubkey, HASH, sizeof(HASH));
rc = ssh_pki_signature_verify(session, sig, pubkey, HASH, sizeof(HASH));
assert_true(rc == SSH_OK);
/* Alter signature and expect verification error */
@ -694,7 +694,7 @@ static void torture_pki_ed25519_verify(void **state){
#endif
assert_non_null(raw_sig_data);
(raw_sig_data)[3]^= 0xff;
rc = pki_signature_verify(session, sig, pubkey, HASH, sizeof(HASH));
rc = ssh_pki_signature_verify(session, sig, pubkey, HASH, sizeof(HASH));
assert_true(rc == SSH_ERROR);
ssh_signature_free(sig);
@ -741,7 +741,7 @@ static void torture_pki_ed25519_verify_bad(void **state){
sig = pki_signature_from_blob(pubkey, blob, SSH_KEYTYPE_ED25519, SSH_DIGEST_AUTO);
assert_non_null(sig);
rc = pki_signature_verify(session, sig, pubkey, HASH, sizeof(HASH));
rc = ssh_pki_signature_verify(session, sig, pubkey, HASH, sizeof(HASH));
assert_true(rc == SSH_ERROR);
ssh_signature_free(sig);

18
tests/unittests/torture_pki_rsa.c
Просмотреть файл

@ -553,7 +553,7 @@ static void torture_pki_rsa_generate_key(void **state)
assert_non_null(pubkey);
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA256);
assert_non_null(sign);
rc = pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
assert_true(rc == SSH_OK);
ssh_signature_free(sign);
SSH_KEY_FREE(key);
@ -570,7 +570,7 @@ static void torture_pki_rsa_generate_key(void **state)
assert_non_null(pubkey);
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA256);
assert_non_null(sign);
rc = pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
assert_true(rc == SSH_OK);
ssh_signature_free(sign);
SSH_KEY_FREE(key);
@ -586,7 +586,7 @@ static void torture_pki_rsa_generate_key(void **state)
assert_non_null(pubkey);
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA256);
assert_non_null(sign);
rc = pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
assert_true(rc == SSH_OK);
ssh_signature_free(sign);
SSH_KEY_FREE(key);
@ -625,9 +625,9 @@ static void torture_pki_rsa_sha2(void **state)
/* Sign using old SHA1 digest */
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA1);
assert_non_null(sign);
rc = pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
assert_ssh_return_code(session, rc);
rc = pki_signature_verify(session, sign, cert, INPUT, sizeof(INPUT));
rc = ssh_pki_signature_verify(session, sign, cert, INPUT, sizeof(INPUT));
assert_ssh_return_code(session, rc);
ssh_signature_free(sign);
}
@ -635,18 +635,18 @@ static void torture_pki_rsa_sha2(void **state)
/* Sign using new SHA256 digest */
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA256);
assert_non_null(sign);
rc = pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
assert_ssh_return_code(session, rc);
rc = pki_signature_verify(session, sign, cert, INPUT, sizeof(INPUT));
rc = ssh_pki_signature_verify(session, sign, cert, INPUT, sizeof(INPUT));
assert_ssh_return_code(session, rc);
ssh_signature_free(sign);
/* Sign using rsa-sha2-512 algorithm */
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA512);
assert_non_null(sign);
rc = pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
assert_ssh_return_code(session, rc);
rc = pki_signature_verify(session, sign, cert, INPUT, sizeof(INPUT));
rc = ssh_pki_signature_verify(session, sign, cert, INPUT, sizeof(INPUT));
assert_ssh_return_code(session, rc);
ssh_signature_free(sign);

6
tests/unittests/torture_threads_pki_rsa.c
Просмотреть файл

@ -583,7 +583,7 @@ static void *thread_pki_rsa_generate_key(void *threadid)
sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256);
assert_non_null(sign);
rc = pki_signature_verify(session, sign, pubkey, RSA_HASH, 20);
rc = ssh_pki_signature_verify(session, sign, pubkey, RSA_HASH, 20);
assert_ssh_return_code(session, rc);
ssh_signature_free(sign);
@ -602,7 +602,7 @@ static void *thread_pki_rsa_generate_key(void *threadid)
sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256);
assert_non_null(sign);
rc = pki_signature_verify(session, sign, pubkey, RSA_HASH, 20);
rc = ssh_pki_signature_verify(session, sign, pubkey, RSA_HASH, 20);
assert_ssh_return_code(session, rc);
ssh_signature_free(sign);
@ -620,7 +620,7 @@ static void *thread_pki_rsa_generate_key(void *threadid)
sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256);
assert_non_null(sign);
rc = pki_signature_verify(session, sign, pubkey, RSA_HASH, 20);
rc = ssh_pki_signature_verify(session, sign, pubkey, RSA_HASH, 20);
assert_true(rc == SSH_OK);
ssh_signature_free(sign);