mirror of
https://git.libssh.org/projects/libssh.git
synced 2025-12-09 15:41:10 +03:00
CVE-2023-6918: Remove unused evp functions and types
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Jakub Jelen
committed by
Andreas Schneider
Andreas Schneider
parent
a16f34c57a
commit
10c200037a
@@ -40,11 +40,6 @@ typedef EVP_MD_CTX* SHA384CTX;
|
||||
typedef EVP_MD_CTX* SHA512CTX;
|
||||
typedef EVP_MD_CTX* MD5CTX;
|
||||
typedef EVP_MD_CTX* HMACCTX;
|
||||
#ifdef HAVE_ECC
|
||||
typedef EVP_MD_CTX *EVPCTX;
|
||||
#else
|
||||
typedef void *EVPCTX;
|
||||
#endif
|
||||
|
||||
#define SHA_DIGEST_LEN SHA_DIGEST_LENGTH
|
||||
#define SHA256_DIGEST_LEN SHA256_DIGEST_LENGTH
|
||||
|
||||
@@ -32,7 +32,6 @@ typedef gcry_md_hd_t SHA384CTX;
|
||||
typedef gcry_md_hd_t SHA512CTX;
|
||||
typedef gcry_md_hd_t MD5CTX;
|
||||
typedef gcry_md_hd_t HMACCTX;
|
||||
typedef gcry_md_hd_t EVPCTX;
|
||||
#define SHA_DIGEST_LENGTH 20
|
||||
#define SHA_DIGEST_LEN SHA_DIGEST_LENGTH
|
||||
#define MD5_DIGEST_LEN 16
|
||||
|
||||
@@ -42,7 +42,6 @@ typedef mbedtls_md_context_t *SHA384CTX;
|
||||
typedef mbedtls_md_context_t *SHA512CTX;
|
||||
typedef mbedtls_md_context_t *MD5CTX;
|
||||
typedef mbedtls_md_context_t *HMACCTX;
|
||||
typedef mbedtls_md_context_t *EVPCTX;
|
||||
|
||||
#define SHA_DIGEST_LENGTH 20
|
||||
#define SHA_DIGEST_LEN SHA_DIGEST_LENGTH
|
||||
|
||||
@@ -95,10 +95,6 @@ void sha512_update(SHA512CTX c, const void *data, size_t len);
|
||||
void sha512_final(unsigned char *md,SHA512CTX c);
|
||||
void sha512(const unsigned char *digest, size_t len, unsigned char *hash);
|
||||
|
||||
void evp(int nid, unsigned char *digest, size_t len, unsigned char *hash, unsigned int *hlen);
|
||||
EVPCTX evp_init(int nid);
|
||||
void evp_update(EVPCTX ctx, const void *data, size_t len);
|
||||
void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen);
|
||||
|
||||
HMACCTX hmac_init(const void *key,size_t len, enum ssh_hmac_e type);
|
||||
int hmac_update(HMACCTX c, const void *data, size_t len);
|
||||
|
||||
@@ -127,60 +127,6 @@ ENGINE *pki_get_engine(void)
|
||||
}
|
||||
#endif /* WITH_PKCS11_PROVIDER */
|
||||
|
||||
#ifdef HAVE_OPENSSL_ECC
|
||||
static const EVP_MD *nid_to_evpmd(int nid)
|
||||
{
|
||||
switch (nid) {
|
||||
case NID_X9_62_prime256v1:
|
||||
return EVP_sha256();
|
||||
case NID_secp384r1:
|
||||
return EVP_sha384();
|
||||
case NID_secp521r1:
|
||||
return EVP_sha512();
|
||||
default:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
void evp(int nid, unsigned char *digest, size_t len, unsigned char *hash, unsigned int *hlen)
|
||||
{
|
||||
const EVP_MD *evp_md = nid_to_evpmd(nid);
|
||||
EVP_MD_CTX *md = EVP_MD_CTX_new();
|
||||
|
||||
EVP_DigestInit(md, evp_md);
|
||||
EVP_DigestUpdate(md, digest, len);
|
||||
EVP_DigestFinal(md, hash, hlen);
|
||||
EVP_MD_CTX_free(md);
|
||||
}
|
||||
|
||||
EVPCTX evp_init(int nid)
|
||||
{
|
||||
const EVP_MD *evp_md = nid_to_evpmd(nid);
|
||||
|
||||
EVPCTX ctx = EVP_MD_CTX_new();
|
||||
if (ctx == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
EVP_DigestInit(ctx, evp_md);
|
||||
|
||||
return ctx;
|
||||
}
|
||||
|
||||
void evp_update(EVPCTX ctx, const void *data, size_t len)
|
||||
{
|
||||
EVP_DigestUpdate(ctx, data, len);
|
||||
}
|
||||
|
||||
void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen)
|
||||
{
|
||||
EVP_DigestFinal(ctx, md, mdlen);
|
||||
EVP_MD_CTX_free(ctx);
|
||||
}
|
||||
#endif /* HAVE_OPENSSL_ECC */
|
||||
|
||||
#ifdef HAVE_OPENSSL_EVP_KDF_CTX
|
||||
#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
||||
static const EVP_MD *sshkdf_digest_to_md(enum ssh_kdf_digest digest_type)
|
||||
|
||||
@@ -69,59 +69,6 @@ static int alloc_key(struct ssh_cipher_struct *cipher) {
|
||||
void ssh_reseed(void){
|
||||
}
|
||||
|
||||
#ifdef HAVE_GCRYPT_ECC
|
||||
static int nid_to_md_algo(int nid)
|
||||
{
|
||||
switch (nid) {
|
||||
case NID_gcrypt_nistp256:
|
||||
return GCRY_MD_SHA256;
|
||||
case NID_gcrypt_nistp384:
|
||||
return GCRY_MD_SHA384;
|
||||
case NID_gcrypt_nistp521:
|
||||
return GCRY_MD_SHA512;
|
||||
}
|
||||
return GCRY_MD_NONE;
|
||||
}
|
||||
|
||||
void evp(int nid, unsigned char *digest, size_t len,
|
||||
unsigned char *hash, unsigned int *hlen)
|
||||
{
|
||||
int algo = nid_to_md_algo(nid);
|
||||
|
||||
/* Note: What gcrypt calls 'hash' is called 'digest' here and
|
||||
vice-versa. */
|
||||
gcry_md_hash_buffer(algo, hash, digest, len);
|
||||
*hlen = gcry_md_get_algo_dlen(algo);
|
||||
}
|
||||
|
||||
EVPCTX evp_init(int nid)
|
||||
{
|
||||
gcry_error_t err;
|
||||
int algo = nid_to_md_algo(nid);
|
||||
EVPCTX ctx;
|
||||
|
||||
err = gcry_md_open(&ctx, algo, 0);
|
||||
if (err) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return ctx;
|
||||
}
|
||||
|
||||
void evp_update(EVPCTX ctx, const void *data, size_t len)
|
||||
{
|
||||
gcry_md_write(ctx, data, len);
|
||||
}
|
||||
|
||||
void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen)
|
||||
{
|
||||
int algo = gcry_md_get_algo(ctx);
|
||||
*mdlen = gcry_md_get_algo_dlen(algo);
|
||||
memcpy(md, gcry_md_read(ctx, algo), *mdlen);
|
||||
gcry_md_close(ctx);
|
||||
}
|
||||
#endif
|
||||
|
||||
int ssh_kdf(struct ssh_crypto_struct *crypto,
|
||||
unsigned char *key, size_t key_len,
|
||||
uint8_t key_type, unsigned char *output,
|
||||
|
||||
@@ -51,80 +51,6 @@ void ssh_reseed(void)
|
||||
mbedtls_ctr_drbg_reseed(&ssh_mbedtls_ctr_drbg, NULL, 0);
|
||||
}
|
||||
|
||||
static mbedtls_md_type_t nid_to_md_algo(int nid)
|
||||
{
|
||||
switch (nid) {
|
||||
case NID_mbedtls_nistp256:
|
||||
return MBEDTLS_MD_SHA256;
|
||||
case NID_mbedtls_nistp384:
|
||||
return MBEDTLS_MD_SHA384;
|
||||
case NID_mbedtls_nistp521:
|
||||
return MBEDTLS_MD_SHA512;
|
||||
}
|
||||
return MBEDTLS_MD_NONE;
|
||||
}
|
||||
|
||||
void evp(int nid, unsigned char *digest, size_t len,
|
||||
unsigned char *hash, unsigned int *hlen)
|
||||
{
|
||||
mbedtls_md_type_t algo = nid_to_md_algo(nid);
|
||||
const mbedtls_md_info_t *md_info =
|
||||
mbedtls_md_info_from_type(algo);
|
||||
|
||||
|
||||
if (md_info != NULL) {
|
||||
*hlen = mbedtls_md_get_size(md_info);
|
||||
mbedtls_md(md_info, digest, len, hash);
|
||||
}
|
||||
}
|
||||
|
||||
EVPCTX evp_init(int nid)
|
||||
{
|
||||
EVPCTX ctx = NULL;
|
||||
int rc;
|
||||
mbedtls_md_type_t algo = nid_to_md_algo(nid);
|
||||
const mbedtls_md_info_t *md_info =
|
||||
mbedtls_md_info_from_type(algo);
|
||||
|
||||
if (md_info == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ctx = malloc(sizeof(mbedtls_md_context_t));
|
||||
if (ctx == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
mbedtls_md_init(ctx);
|
||||
|
||||
rc = mbedtls_md_setup(ctx, md_info, 0);
|
||||
if (rc != 0) {
|
||||
SAFE_FREE(ctx);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
rc = mbedtls_md_starts(ctx);
|
||||
if (rc != 0) {
|
||||
SAFE_FREE(ctx);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return ctx;
|
||||
}
|
||||
|
||||
void evp_update(EVPCTX ctx, const void *data, size_t len)
|
||||
{
|
||||
mbedtls_md_update(ctx, data, len);
|
||||
}
|
||||
|
||||
void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen)
|
||||
{
|
||||
*mdlen = mbedtls_md_get_size(ctx->MBEDTLS_PRIVATE(md_info));
|
||||
mbedtls_md_finish(ctx, md);
|
||||
mbedtls_md_free(ctx);
|
||||
SAFE_FREE(ctx);
|
||||
}
|
||||
|
||||
int ssh_kdf(struct ssh_crypto_struct *crypto,
|
||||
unsigned char *key, size_t key_len,
|
||||
uint8_t key_type, unsigned char *output,
|
||||
|
||||
Reference in New Issue
Block a user