lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-07-29 13:01:13 +03:00
Code Activity

Remove support for DSA Keys

Browse Source 
Solving issue #110. The original work is at !231
Some changes were needed because the newly added features in master through time

Signed-off-by: Mohammad Shehar Yaar Tausif <sheharyaar48@gmail.com>
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This commit is contained in:
Mohammad Shehar Yaar Tausif
2022-03-11 22:00:20 +05:30
committed by Jakub Jelen
parent 486df37a84
commit a3a13eb3a8
60 changed files with 80 additions and 2912 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
tests/unittests/torture_pki.c
View File

@ -125,15 +125,7 @@ struct key_attrs key_attrs_list[][5] = {
{0, 0, "", 0, 0, "", 0}, /* UNKNOWN, SHA384 */
{0, 0, "", 0, 0, "", 0}, /* UNKNOWN, SHA512 */
},
#ifdef HAVE_DSA
{
{1, 1, "ssh-dss", 1024, 0, "", 0}, /* DSS, AUTO */
{1, 1, "ssh-dss", 1024, 20, "ssh-dss", 1}, /* DSS, SHA1 */
{1, 1, "ssh-dss", 1024, 0, "", 0}, /* DSS, SHA256 */
{1, 1, "ssh-dss", 1024, 0, "", 0}, /* DSS, SHA384 */
{1, 1, "ssh-dss", 1024, 0, "", 0}, /* DSS, SHA512 */
},
#else
/* Cannot remove this as it will break the array indexing used */
{
{0, 0, "", 0, 0, "", 0}, /* DSS, AUTO */
{0, 0, "", 0, 0, "", 0}, /* DSS, SHA1 */
@ -141,7 +133,6 @@ struct key_attrs key_attrs_list[][5] = {
{0, 0, "", 0, 0, "", 0}, /* DSS, SHA384 */
{0, 0, "", 0, 0, "", 0}, /* DSS, SHA512 */
},
#endif /* HAVE_DSA */
{
{1, 1, "ssh-rsa", 2048, 0, "", 0}, /* RSA, AUTO */
{1, 1, "ssh-rsa", 2048, 20, "ssh-rsa", 1}, /* RSA, SHA1 */
@ -170,15 +161,6 @@ struct key_attrs key_attrs_list[][5] = {
{1, 1, "ssh-ed25519", 255, 0, "", 0}, /* ED25519, SHA384 */
{1, 1, "ssh-ed25519", 255, 0, "", 0}, /* ED25519, SHA512 */
},
#ifdef HAVE_DSA
{
{0, 1, "", 0, 0, "", 0}, /* DSS CERT, AUTO */
{0, 1, "", 0, 0, "", 0}, /* DSS CERT, SHA1 */
{0, 1, "", 0, 0, "", 0}, /* DSS CERT, SHA256 */
{0, 1, "", 0, 0, "", 0}, /* DSS CERT, SHA384 */
{0, 1, "", 0, 0, "", 0}, /* DSS CERT, SHA512 */
},
#else
{
{0, 0, "", 0, 0, "", 0}, /* DSS CERT, AUTO */
{0, 0, "", 0, 0, "", 0}, /* DSS CERT, SHA1 */
@ -186,7 +168,6 @@ struct key_attrs key_attrs_list[][5] = {
{0, 0, "", 0, 0, "", 0}, /* DSS CERT, SHA384 */
{0, 0, "", 0, 0, "", 0}, /* DSS CERT, SHA512 */
},
#endif /* HAVE_DSA */
{
{0, 1, "", 0, 0, "", 0}, /* RSA CERT, AUTO */
{0, 1, "", 0, 0, "", 0}, /* RSA CERT, SHA1 */
@ -266,7 +247,7 @@ static void torture_pki_verify_mismatch(void **state)
ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
for (sig_type = SSH_KEYTYPE_DSS;
for (sig_type = SSH_KEYTYPE_RSA;
sig_type <= SSH_KEYTYPE_ED25519_CERT01;
sig_type++)
{
@ -275,8 +256,7 @@ static void torture_pki_verify_mismatch(void **state)
hash++)
{
if (ssh_fips_mode()) {
if (sig_type == SSH_KEYTYPE_DSS ||
sig_type == SSH_KEYTYPE_ED25519 ||
if (sig_type == SSH_KEYTYPE_ED25519 ||
hash == SSH_DIGEST_SHA1)
{
/* In FIPS mode, skip unsupported algorithms */
@ -341,13 +321,12 @@ static void torture_pki_verify_mismatch(void **state)
input_length);
assert_true(rc == SSH_OK);
for (key_type = SSH_KEYTYPE_DSS;
for (key_type = SSH_KEYTYPE_RSA;
key_type <= SSH_KEYTYPE_ED25519_CERT01;
key_type++)
{
if (ssh_fips_mode()) {
if (key_type == SSH_KEYTYPE_DSS ||
key_type == SSH_KEYTYPE_ED25519)
if (key_type == SSH_KEYTYPE_ED25519)
{
/* In FIPS mode, skip unsupported algorithms */
continue;
@ -428,7 +407,6 @@ static void torture_pki_verify_mismatch(void **state)
key = NULL;
}
}
ssh_free(session);
}