auth, pki: Calculate hash internally when signing/verifying

This makes pki_do_sign() and pki_signature_verify() to receive the original input instead of the pre-calculated hash. The hash is then calculated internally. The hash to be used inside the signature is decided earlier, when all the information about the signature to be generated/verified is available. Simplify ssh_pki_do_sign() and ssh_srv_pki_do_sign_sessionid(). The tests were modified to use pki_do_sign() instead of pki_do_sign_hash(). Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2026-02-11 02:38:09 +09:00 · 2019-04-29 16:29:16 +02:00
parent 58b3b2696c
commit 76f9808eb2
13 changed files with 264 additions and 277 deletions
--- a/tests/unittests/torture_pki.c
+++ b/tests/unittests/torture_pki.c
@@ -206,7 +206,7 @@ static void torture_pki_verify_mismatch(void **state)
                    sig_type, hash);

            /* Create a valid signature using this key */
-            sign = pki_do_sign_hash(key, HASH, hash_length, hash);
+            sign = pki_do_sign(key, HASH, hash_length, hash);
            assert_non_null(sign);
            assert_int_equal(sign->type, key->type);
            if (hash == SSH_DIGEST_AUTO) {