lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-12-24 19:37:48 +03:00
Code Activity

Remove HAVE_OPENSSL_ED25519 ifdefs

Browse Source 
ED25519 is implicitly included in new (>1.1.1) openssl version, no need
to check it explicitly.

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Norbert Pocs
2022-10-11 15:44:12 +02:00
committed by Jakub Jelen
parent 28d27c3ae4
commit 358ce46551
5 changed files with 33 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
include/libssh/pki.h
View File

@@ -33,7 +33,7 @@
#include <openssl/evp.h>
#endif
#include "libssh/crypto.h"
#if defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_ED25519)
#ifdef HAVE_LIBCRYPTO
/* If using OpenSSL implementation, define the signature length which would be
* defined in libssh/ed25519.h otherwise */
#define ED25519_SIG_LEN 64
@@ -82,7 +82,7 @@ struct ssh_key_struct {
* high-level format required by OpenSSL 3.0 */
EVP_PKEY *key;
#endif /* HAVE_LIBGCRYPT */
#if defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_ED25519)
#ifdef HAVE_LIBCRYPTO
uint8_t *ed25519_pubkey;
uint8_t *ed25519_privkey;
#else
@@ -106,7 +106,7 @@ struct ssh_signature_struct {
ssh_string rsa_sig;
struct mbedtls_ecdsa_sig ecdsa_sig;
#endif /* HAVE_LIBGCRYPT */
#if !defined(HAVE_LIBCRYPTO) || !defined(HAVE_OPENSSL_ED25519)
#ifndef HAVE_LIBCRYPTO
ed25519_signature *ed25519_sig;
#endif
ssh_string raw_sig;

8
src/pki.c
View File

@@ -165,14 +165,14 @@ void ssh_key_clean (ssh_key key)
pki_key_clean(key);
if (key->ed25519_privkey != NULL){
#ifdef HAVE_OPENSSL_ED25519
#ifdef HAVE_LIBCRYPTO
/* In OpenSSL implementation the private key is only the private
* original seed. In the internal implementation the private key is the
* concatenation of the original private seed with the public key.*/
explicit_bzero(key->ed25519_privkey, ED25519_KEY_LEN);
#else
explicit_bzero(key->ed25519_privkey, sizeof(ed25519_privkey));
#endif /* HAVE_OPENSSL_ED25519 */
#endif /* HAVE_LIBCRYPTO*/
SAFE_FREE(key->ed25519_privkey);
}
SAFE_FREE(key->ed25519_pubkey);
@@ -770,10 +770,10 @@ void ssh_signature_free(ssh_signature sig)
break;
case SSH_KEYTYPE_ED25519:
case SSH_KEYTYPE_SK_ED25519:
#ifndef HAVE_OPENSSL_ED25519
#ifndef HAVE_LIBCRYPTO
/* When using OpenSSL, the signature is stored in sig->raw_sig */
SAFE_FREE(sig->ed25519_sig);
#endif /* HAVE_OPENSSL_ED25519 */
#endif /* HAVE_LIBCRYPTO */
break;
case SSH_KEYTYPE_DSS_CERT01:
case SSH_KEYTYPE_RSA_CERT01:

26
src/pki_crypto.c
View File

@@ -1189,7 +1189,7 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
break;
#endif /* OPENSSL_VERSION_NUMBER */
case SSH_KEYTYPE_ED25519:
#ifdef HAVE_OPENSSL_ED25519
#ifdef HAVE_LIBCRYPTO
/* In OpenSSL, the input is the private key seed only, which means
* the first half of the SSH private key (the second half is the
* public key) */
@@ -1209,7 +1209,7 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
#else
SSH_LOG(SSH_LOG_TRACE, "PEM output not supported for key type ssh-ed25519");
goto err;
#endif /* HAVE_OPENSSL_ED25519 */
#endif /* HAVE_LIBCRYPTO */
case SSH_KEYTYPE_DSS_CERT01:
case SSH_KEYTYPE_RSA_CERT01:
case SSH_KEYTYPE_ECDSA_P256_CERT01:
@@ -1290,11 +1290,11 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
#else
void *ecdsa = NULL;
#endif /* HAVE_OPENSSL_ECC */
#ifdef HAVE_OPENSSL_ED25519
#ifdef HAVE_LIBCRYPTO
uint8_t *ed25519 = NULL;
#else
ed25519_privkey *ed25519 = NULL;
#endif /* HAVE_OPENSSL_ED25519 */
#endif /* HAVE_LIBCRYPTO */
ssh_key key = NULL;
enum ssh_keytypes_e type = SSH_KEYTYPE_UNKNOWN;
EVP_PKEY *pkey = NULL;
@@ -1385,7 +1385,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
*/
break;
#endif /* HAVE_OPENSSL_ECC */
#ifdef HAVE_OPENSSL_ED25519
#ifdef HAVE_LIBCRYPTO
case EVP_PKEY_ED25519:
{
size_t key_len;
@@ -1422,7 +1422,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
}
break;
#endif /* HAVE_OPENSSL_ED25519 */
#endif /* HAVE_LIBCRYPTO */
default:
SSH_LOG(SSH_LOG_TRACE, "Unknown or invalid private key type %d",
EVP_PKEY_base_id(pkey));
@@ -1478,7 +1478,7 @@ fail:
#ifdef HAVE_OPENSSL_ECC
EC_KEY_free(ecdsa);
#endif
#ifdef HAVE_OPENSSL_ED25519
#ifdef HAVE_LIBCRYPTO
SAFE_FREE(ed25519);
#endif
return NULL;
@@ -2945,7 +2945,7 @@ static EVP_PKEY *pki_key_to_pkey(ssh_key key)
case SSH_KEYTYPE_ED25519_CERT01:
case SSH_KEYTYPE_SK_ED25519:
case SSH_KEYTYPE_SK_ED25519_CERT01:
# if defined(HAVE_OPENSSL_ED25519)
# ifdef HAVE_LIBCRYPTO
if (ssh_key_is_private(key)) {
if (key->ed25519_privkey == NULL) {
SSH_LOG(SSH_LOG_TRACE, "NULL key->ed25519_privkey");
@@ -3029,7 +3029,7 @@ ssh_signature pki_sign_data(const ssh_key privkey,
return NULL;
}
#ifndef HAVE_OPENSSL_ED25519
#ifndef HAVE_LIBCRYPTO
if (privkey->type == SSH_KEYTYPE_ED25519 ||
privkey->type == SSH_KEYTYPE_ED25519_CERT01)
{
@@ -3171,7 +3171,7 @@ int pki_verify_data_signature(ssh_signature signature,
if (pubkey == NULL || ssh_key_is_private(pubkey) || input == NULL ||
signature == NULL || (signature->raw_sig == NULL
#ifndef HAVE_OPENSSL_ED25519
#ifndef HAVE_LIBCRYPTO
&& signature->ed25519_sig == NULL
#endif
))
@@ -3187,7 +3187,7 @@ int pki_verify_data_signature(ssh_signature signature,
return SSH_ERROR;
}
#ifndef HAVE_OPENSSL_ED25519
#ifndef HAVE_LIBCRYPTO
if (pubkey->type == SSH_KEYTYPE_ED25519 ||
pubkey->type == SSH_KEYTYPE_ED25519_CERT01 ||
pubkey->type == SSH_KEYTYPE_SK_ED25519 ||
@@ -3305,7 +3305,7 @@ int ssh_key_size(ssh_key key)
}
}
#ifdef HAVE_OPENSSL_ED25519
#ifdef HAVE_LIBCRYPTO
int pki_key_generate_ed25519(ssh_key key)
{
int evp_rc;
@@ -3423,7 +3423,7 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
return sig;
}
#endif /* HAVE_OPENSSL_ED25519 */
#endif /* HAVE_LIBCRYPTO */
/**
* @internal

17
src/pki_ed25519_common.c
View File

@@ -38,7 +38,7 @@ int pki_privkey_build_ed25519(ssh_key key,
return SSH_ERROR;
}
#ifdef HAVE_OPENSSL_ED25519
#ifdef HAVE_LIBCRYPTO
/* In OpenSSL implementation, the private key is the original private seed,
* without the public key. */
key->ed25519_privkey = malloc(ED25519_KEY_LEN);
@@ -56,7 +56,7 @@ int pki_privkey_build_ed25519(ssh_key key,
goto error;
}
#ifdef HAVE_OPENSSL_ED25519
#ifdef HAVE_LIBCRYPTO
memcpy(key->ed25519_privkey, ssh_string_data(privkey),
ED25519_KEY_LEN);
#else
@@ -99,7 +99,7 @@ int pki_ed25519_key_cmp(const ssh_key k1,
if (k1->ed25519_privkey == NULL || k2->ed25519_privkey == NULL) {
return 1;
}
#ifdef HAVE_OPENSSL_ED25519
#ifdef HAVE_LIBCRYPTO
/* In OpenSSL implementation, the private key is the original private
* seed, without the public key. */
cmp = memcmp(k1->ed25519_privkey, k2->ed25519_privkey, ED25519_KEY_LEN);
@@ -144,7 +144,7 @@ int pki_ed25519_key_dup(ssh_key new, const ssh_key key)
}
if (key->ed25519_privkey != NULL) {
#ifdef HAVE_OPENSSL_ED25519
#ifdef HAVE_LIBCRYPTO
/* In OpenSSL implementation, the private key is the original private
* seed, without the public key. */
new->ed25519_privkey = malloc(ED25519_KEY_LEN);
@@ -156,7 +156,7 @@ int pki_ed25519_key_dup(ssh_key new, const ssh_key key)
if (new->ed25519_privkey == NULL) {
return SSH_ERROR;
}
#ifdef HAVE_OPENSSL_ED25519
#ifdef HAVE_LIBCRYPTO
memcpy(new->ed25519_privkey, key->ed25519_privkey, ED25519_KEY_LEN);
#else
memcpy(new->ed25519_privkey, key->ed25519_privkey, 2 * ED25519_KEY_LEN);
@@ -216,7 +216,7 @@ ssh_string pki_ed25519_signature_to_blob(ssh_signature sig)
ssh_string sig_blob;
int rc;
#ifdef HAVE_OPENSSL_ED25519
#ifdef HAVE_LIBCRYPTO
/* When using the OpenSSL implementation, the signature is stored in raw_sig
* which is shared by all algorithms.*/
if (sig->raw_sig == NULL) {
@@ -235,7 +235,7 @@ ssh_string pki_ed25519_signature_to_blob(ssh_signature sig)
return NULL;
}
#ifdef HAVE_OPENSSL_ED25519
#ifdef HAVE_LIBCRYPTO
rc = ssh_string_fill(sig_blob, ssh_string_data(sig->raw_sig),
ssh_string_len(sig->raw_sig));
#else
@@ -270,7 +270,7 @@ int pki_signature_from_ed25519_blob(ssh_signature sig, ssh_string sig_blob)
return SSH_ERROR;
}
#ifdef HAVE_OPENSSL_ED25519
#ifdef HAVE_LIBCRYPTO
sig->raw_sig = ssh_string_copy(sig_blob);
#else
sig->ed25519_sig = malloc(ED25519_SIG_LEN);
@@ -282,4 +282,3 @@ int pki_signature_from_ed25519_blob(ssh_signature sig, ssh_string sig_blob)
return SSH_OK;
}

10
tests/unittests/torture_pki_ed25519.c
View File

@@ -448,7 +448,7 @@ static void torture_pki_ed25519_generate_key(void **state)
assert_true(strcmp(type_char, "ssh-ed25519") == 0);
/* try an invalid signature */
#ifdef HAVE_OPENSSL_ED25519
#ifdef HAVE_LIBCRYPTO
raw_sig_data = ssh_string_data(sign->raw_sig);
#else
raw_sig_data = (uint8_t *)sign->ed25519_sig;
@@ -690,7 +690,7 @@ static void torture_pki_ed25519_sign_openssh_privkey_passphrase(void **state)
SSH_STRING_FREE(blob);
}
#ifdef HAVE_OPENSSL_ED25519
#ifdef HAVE_LIBCRYPTO
static void torture_pki_ed25519_sign_pkcs8_privkey(void **state)
{
ssh_key privkey = NULL;
@@ -766,7 +766,7 @@ static void torture_pki_ed25519_sign_pkcs8_privkey_passphrase(void **state)
SSH_KEY_FREE(privkey);
SSH_STRING_FREE(blob);
}
#endif /* HAVE_OPENSSL_ED25519 */
#endif /* HAVE_LIBCRYPTO */
static void torture_pki_ed25519_verify(void **state){
ssh_key pubkey = NULL;
@@ -805,7 +805,7 @@ static void torture_pki_ed25519_verify(void **state){
assert_true(rc == SSH_OK);
/* Alter signature and expect verification error */
#if defined(HAVE_OPENSSL_ED25519)
#ifdef HAVE_LIBCRYPTO
raw_sig_data = ssh_string_data(sig->raw_sig);
#else
raw_sig_data = (uint8_t *)sig->ed25519_sig;
@@ -1015,7 +1015,7 @@ int torture_run_tests(void) {
cmocka_unit_test(torture_pki_ed25519_import_privkey_base64_passphrase),
cmocka_unit_test(torture_pki_ed25519_sign),
cmocka_unit_test(torture_pki_ed25519_sign_openssh_privkey_passphrase),
#ifdef HAVE_OPENSSL_ED25519
#ifdef HAVE_LIBCRYPTO
cmocka_unit_test(torture_pki_ed25519_sign_pkcs8_privkey),
cmocka_unit_test(torture_pki_ed25519_sign_pkcs8_privkey_passphrase),
#endif