mirror of
https://git.libssh.org/projects/libssh.git
synced 2026-02-05 12:50:30 +09:00
CVE-2023-6918: Remove unused evp functions and types
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Jakub Jelen
committed by
Andreas Schneider
Andreas Schneider
parent
93c1dbd69f
commit
882d9cb5c8
@@ -39,11 +39,6 @@ typedef EVP_MD_CTX* SHA384CTX;
|
||||
typedef EVP_MD_CTX* SHA512CTX;
|
||||
typedef EVP_MD_CTX* MD5CTX;
|
||||
typedef HMAC_CTX* HMACCTX;
|
||||
#ifdef HAVE_ECC
|
||||
typedef EVP_MD_CTX *EVPCTX;
|
||||
#else
|
||||
typedef void *EVPCTX;
|
||||
#endif
|
||||
|
||||
#define SHA_DIGEST_LEN SHA_DIGEST_LENGTH
|
||||
#define SHA256_DIGEST_LEN SHA256_DIGEST_LENGTH
|
||||
|
||||
@@ -32,7 +32,6 @@ typedef gcry_md_hd_t SHA384CTX;
|
||||
typedef gcry_md_hd_t SHA512CTX;
|
||||
typedef gcry_md_hd_t MD5CTX;
|
||||
typedef gcry_md_hd_t HMACCTX;
|
||||
typedef gcry_md_hd_t EVPCTX;
|
||||
#define SHA_DIGEST_LENGTH 20
|
||||
#define SHA_DIGEST_LEN SHA_DIGEST_LENGTH
|
||||
#define MD5_DIGEST_LEN 16
|
||||
|
||||
@@ -41,7 +41,6 @@ typedef mbedtls_md_context_t *SHA384CTX;
|
||||
typedef mbedtls_md_context_t *SHA512CTX;
|
||||
typedef mbedtls_md_context_t *MD5CTX;
|
||||
typedef mbedtls_md_context_t *HMACCTX;
|
||||
typedef mbedtls_md_context_t *EVPCTX;
|
||||
|
||||
#define SHA_DIGEST_LENGTH 20
|
||||
#define SHA_DIGEST_LEN SHA_DIGEST_LENGTH
|
||||
|
||||
@@ -90,11 +90,6 @@ void sha512_update(SHA512CTX c, const void *data, unsigned long len);
|
||||
void sha512_final(unsigned char *md,SHA512CTX c);
|
||||
void sha512(const unsigned char *digest, int len, unsigned char *hash);
|
||||
|
||||
void evp(int nid, unsigned char *digest, int len, unsigned char *hash, unsigned int *hlen);
|
||||
EVPCTX evp_init(int nid);
|
||||
void evp_update(EVPCTX ctx, const void *data, unsigned long len);
|
||||
void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen);
|
||||
|
||||
HMACCTX hmac_init(const void *key,int len, enum ssh_hmac_e type);
|
||||
void hmac_update(HMACCTX c, const void *data, unsigned long len);
|
||||
void hmac_final(HMACCTX ctx,unsigned char *hashmacbuf,unsigned int *len);
|
||||
|
||||
@@ -148,60 +148,6 @@ void sha1(const unsigned char *digest, int len, unsigned char *hash)
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef HAVE_OPENSSL_ECC
|
||||
static const EVP_MD *nid_to_evpmd(int nid)
|
||||
{
|
||||
switch (nid) {
|
||||
case NID_X9_62_prime256v1:
|
||||
return EVP_sha256();
|
||||
case NID_secp384r1:
|
||||
return EVP_sha384();
|
||||
case NID_secp521r1:
|
||||
return EVP_sha512();
|
||||
default:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
void evp(int nid, unsigned char *digest, int len, unsigned char *hash, unsigned int *hlen)
|
||||
{
|
||||
const EVP_MD *evp_md = nid_to_evpmd(nid);
|
||||
EVP_MD_CTX *md = EVP_MD_CTX_new();
|
||||
|
||||
EVP_DigestInit(md, evp_md);
|
||||
EVP_DigestUpdate(md, digest, len);
|
||||
EVP_DigestFinal(md, hash, hlen);
|
||||
EVP_MD_CTX_free(md);
|
||||
}
|
||||
|
||||
EVPCTX evp_init(int nid)
|
||||
{
|
||||
const EVP_MD *evp_md = nid_to_evpmd(nid);
|
||||
|
||||
EVPCTX ctx = EVP_MD_CTX_new();
|
||||
if (ctx == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
EVP_DigestInit(ctx, evp_md);
|
||||
|
||||
return ctx;
|
||||
}
|
||||
|
||||
void evp_update(EVPCTX ctx, const void *data, unsigned long len)
|
||||
{
|
||||
EVP_DigestUpdate(ctx, data, len);
|
||||
}
|
||||
|
||||
void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen)
|
||||
{
|
||||
EVP_DigestFinal(ctx, md, mdlen);
|
||||
EVP_MD_CTX_free(ctx);
|
||||
}
|
||||
#endif
|
||||
|
||||
SHA256CTX sha256_init(void)
|
||||
{
|
||||
int rc;
|
||||
@@ -345,6 +291,7 @@ void md5_final(unsigned char *md, MD5CTX c)
|
||||
EVP_MD_CTX_destroy(c);
|
||||
}
|
||||
|
||||
|
||||
#ifdef HAVE_OPENSSL_EVP_KDF_CTX_NEW_ID
|
||||
static const EVP_MD *sshkdf_digest_to_md(enum ssh_kdf_digest digest_type)
|
||||
{
|
||||
|
||||
@@ -82,58 +82,6 @@ void sha1(const unsigned char *digest, int len, unsigned char *hash) {
|
||||
gcry_md_hash_buffer(GCRY_MD_SHA1, hash, digest, len);
|
||||
}
|
||||
|
||||
#ifdef HAVE_GCRYPT_ECC
|
||||
static int nid_to_md_algo(int nid)
|
||||
{
|
||||
switch (nid) {
|
||||
case NID_gcrypt_nistp256:
|
||||
return GCRY_MD_SHA256;
|
||||
case NID_gcrypt_nistp384:
|
||||
return GCRY_MD_SHA384;
|
||||
case NID_gcrypt_nistp521:
|
||||
return GCRY_MD_SHA512;
|
||||
}
|
||||
return GCRY_MD_NONE;
|
||||
}
|
||||
|
||||
void evp(int nid, unsigned char *digest, int len,
|
||||
unsigned char *hash, unsigned int *hlen)
|
||||
{
|
||||
int algo = nid_to_md_algo(nid);
|
||||
|
||||
/* Note: What gcrypt calls 'hash' is called 'digest' here and
|
||||
vice-versa. */
|
||||
gcry_md_hash_buffer(algo, hash, digest, len);
|
||||
*hlen = gcry_md_get_algo_dlen(algo);
|
||||
}
|
||||
|
||||
EVPCTX evp_init(int nid)
|
||||
{
|
||||
gcry_error_t err;
|
||||
int algo = nid_to_md_algo(nid);
|
||||
EVPCTX ctx;
|
||||
|
||||
err = gcry_md_open(&ctx, algo, 0);
|
||||
if (err) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return ctx;
|
||||
}
|
||||
|
||||
void evp_update(EVPCTX ctx, const void *data, unsigned long len)
|
||||
{
|
||||
gcry_md_write(ctx, data, len);
|
||||
}
|
||||
|
||||
void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen)
|
||||
{
|
||||
int algo = gcry_md_get_algo(ctx);
|
||||
*mdlen = gcry_md_get_algo_dlen(algo);
|
||||
memcpy(md, gcry_md_read(ctx, algo), *mdlen);
|
||||
gcry_md_close(ctx);
|
||||
}
|
||||
#endif
|
||||
|
||||
SHA256CTX sha256_init(void) {
|
||||
SHA256CTX ctx = NULL;
|
||||
|
||||
@@ -103,80 +103,6 @@ void sha1(const unsigned char *digest, int len, unsigned char *hash)
|
||||
}
|
||||
}
|
||||
|
||||
static mbedtls_md_type_t nid_to_md_algo(int nid)
|
||||
{
|
||||
switch (nid) {
|
||||
case NID_mbedtls_nistp256:
|
||||
return MBEDTLS_MD_SHA256;
|
||||
case NID_mbedtls_nistp384:
|
||||
return MBEDTLS_MD_SHA384;
|
||||
case NID_mbedtls_nistp521:
|
||||
return MBEDTLS_MD_SHA512;
|
||||
}
|
||||
return MBEDTLS_MD_NONE;
|
||||
}
|
||||
|
||||
void evp(int nid, unsigned char *digest, int len,
|
||||
unsigned char *hash, unsigned int *hlen)
|
||||
{
|
||||
mbedtls_md_type_t algo = nid_to_md_algo(nid);
|
||||
const mbedtls_md_info_t *md_info =
|
||||
mbedtls_md_info_from_type(algo);
|
||||
|
||||
|
||||
if (md_info != NULL) {
|
||||
*hlen = mbedtls_md_get_size(md_info);
|
||||
mbedtls_md(md_info, digest, len, hash);
|
||||
}
|
||||
}
|
||||
|
||||
EVPCTX evp_init(int nid)
|
||||
{
|
||||
EVPCTX ctx = NULL;
|
||||
int rc;
|
||||
mbedtls_md_type_t algo = nid_to_md_algo(nid);
|
||||
const mbedtls_md_info_t *md_info =
|
||||
mbedtls_md_info_from_type(algo);
|
||||
|
||||
if (md_info == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ctx = malloc(sizeof(mbedtls_md_context_t));
|
||||
if (ctx == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
mbedtls_md_init(ctx);
|
||||
|
||||
rc = mbedtls_md_setup(ctx, md_info, 0);
|
||||
if (rc != 0) {
|
||||
SAFE_FREE(ctx);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
rc = mbedtls_md_starts(ctx);
|
||||
if (rc != 0) {
|
||||
SAFE_FREE(ctx);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return ctx;
|
||||
}
|
||||
|
||||
void evp_update(EVPCTX ctx, const void *data, unsigned long len)
|
||||
{
|
||||
mbedtls_md_update(ctx, data, len);
|
||||
}
|
||||
|
||||
void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen)
|
||||
{
|
||||
*mdlen = mbedtls_md_get_size(ctx->md_info);
|
||||
mbedtls_md_finish(ctx, md);
|
||||
mbedtls_md_free(ctx);
|
||||
SAFE_FREE(ctx);
|
||||
}
|
||||
|
||||
SHA256CTX sha256_init(void)
|
||||
{
|
||||
SHA256CTX ctx = NULL;
|
||||
|
||||
Reference in New Issue
Block a user