pki: Separate signature extraction and verification

Initial solution proposed by Tilo Eckert <tilo.eckert@flam.de> Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2025-08-08 19:02:06 +03:00 · 2018-11-22 10:43:18 +01:00
parent 7f83a1efae
commit d2434c69c0
4 changed files with 34 additions and 28 deletions
--- a/src/pki.c
+++ b/src/pki.c
@@ -1919,20 +1919,14 @@ int ssh_pki_import_signature_blob(const ssh_string sig_blob,
    return SSH_OK;
 }

-int ssh_pki_signature_verify_blob(ssh_session session,
-                                  ssh_string sig_blob,
-                                  const ssh_key key,
-                                  unsigned char *digest,
-                                  size_t dlen)
+int ssh_pki_signature_verify(ssh_session session,
+                             ssh_signature sig,
+                             const ssh_key key,
+                             unsigned char *digest,
+                             size_t dlen)
 {
-    ssh_signature sig;
    int rc;

-    rc = ssh_pki_import_signature_blob(sig_blob, key, &sig);
-    if (rc < 0) {
-        return SSH_ERROR;
-    }
-
    SSH_LOG(SSH_LOG_FUNCTIONS,
            "Going to verify a %s type signature",
            sig->type_c);
@@ -2000,8 +1994,6 @@ int ssh_pki_signature_verify_blob(ssh_session session,
                                  hlen);
    }

-    ssh_signature_free(sig);
-
    return rc;
 }