pki: Remove duplicate and unused code

Remove duplicate code previously used only in server side to generate signatures. Currently the code used to generate the signature is the same for both client and server. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2025-11-27 13:21:11 +03:00 · 2019-04-24 15:17:45 +02:00
parent dbf3f962a4
commit 01e98a6df7
4 changed files with 0 additions and 249 deletions
--- a/include/libssh/pki_priv.h
+++ b/include/libssh/pki_priv.h
@@ -127,12 +127,6 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
                               const unsigned char *hash,
                               size_t hlen,
                               enum ssh_digest_e hash_type);
-#define pki_do_sign_sessionid(key, hash, hlen) \
-    pki_do_sign_sessionid_hash(key, hash, hlen, SSH_DIGEST_AUTO)
-ssh_signature pki_do_sign_sessionid_hash(const ssh_key key,
-                                        const unsigned char *hash,
-                                        size_t hlen,
-                                        enum ssh_digest_e hash_type);
 int pki_ed25519_sign(const ssh_key privkey, ssh_signature sig,
        const unsigned char *hash, size_t hlen);
 int pki_ed25519_verify(const ssh_key pubkey, ssh_signature sig,
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -2014,65 +2014,4 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
    return sig;
 }

-#ifdef WITH_SERVER
-ssh_signature pki_do_sign_sessionid_hash(const ssh_key key,
-                                         const unsigned char *hash,
-                                         size_t hlen,
-                                         enum ssh_digest_e hash_type)
-{
-    ssh_signature sig;
-
-    /* Only RSA supports different signature algorithm types now */
-    if (key->type != SSH_KEYTYPE_RSA && hash_type != SSH_DIGEST_AUTO) {
-        SSH_LOG(SSH_LOG_WARN, "Incompatible signature algorithm passed");
-        return NULL;
-    }
-
-    sig = ssh_signature_new();
-    if (sig == NULL) {
-        return NULL;
-    }
-
-    sig->type = key->type;
-    sig->type_c = ssh_key_signature_to_char(key->type, hash_type);
-
-    switch(key->type) {
-        case SSH_KEYTYPE_DSS:
-            sig->dsa_sig = DSA_do_sign(hash, hlen, key->dsa);
-            if (sig->dsa_sig == NULL) {
-                ssh_signature_free(sig);
-                return NULL;
-            }
-            break;
-        case SSH_KEYTYPE_RSA:
-        case SSH_KEYTYPE_RSA1:
-            sig->rsa_sig = _RSA_do_sign_hash(hash, hlen, key->rsa, hash_type);
-            if (sig->rsa_sig == NULL) {
-                ssh_signature_free(sig);
-                return NULL;
-            }
-            break;
-        case SSH_KEYTYPE_ECDSA_P256:
-        case SSH_KEYTYPE_ECDSA_P384:
-        case SSH_KEYTYPE_ECDSA_P521:
-#ifdef HAVE_OPENSSL_ECC
-            sig->ecdsa_sig = ECDSA_do_sign(hash, hlen, key->ecdsa);
-            if (sig->ecdsa_sig == NULL) {
-                ssh_signature_free(sig);
-                return NULL;
-            }
-            break;
-#endif
-        case SSH_KEYTYPE_ED25519:
-            /* ED25519 handled in caller */
-        case SSH_KEYTYPE_UNKNOWN:
-        default:
-            ssh_signature_free(sig);
-            return NULL;
-    }
-
-    return sig;
-}
-#endif /* WITH_SERVER */
-
 #endif /* _PKI_CRYPTO_H */
--- a/src/pki_gcrypt.c
+++ b/src/pki_gcrypt.c
@@ -2345,117 +2345,4 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
    return sig;
 }

-#ifdef WITH_SERVER
-ssh_signature pki_do_sign_sessionid_hash(const ssh_key key,
-                                         const unsigned char *hash,
-                                         size_t hlen,
-                                         enum ssh_digest_e hash_type)
-{
-    unsigned char ghash[hlen + 1];
-    const char *hash_c = NULL;
-    ssh_signature sig;
-    gcry_sexp_t sexp;
-    gcry_error_t err;
-
-    /* Only RSA supports different signature algorithm types now */
-    if (key->type != SSH_KEYTYPE_RSA && hash_type != SSH_DIGEST_AUTO) {
-        SSH_LOG(SSH_LOG_WARN, "Incompatible signature algorithm passed");
-        return NULL;
-    }
-
-    sig = ssh_signature_new();
-    if (sig == NULL) {
-        return NULL;
-    }
-
-    sig->type = key->type;
-    sig->type_c = ssh_key_signature_to_char(key->type, hash_type);
-
-    switch(key->type) {
-        case SSH_KEYTYPE_DSS:
-            /* That is to mark the number as positive */
-            if(hash[0] >= 0x80) {
-                memcpy(ghash + 1, hash, hlen);
-                ghash[0] = 0;
-                hash = ghash;
-                hlen += 1;
-            }
-
-            err = gcry_sexp_build(&sexp, NULL, "%b", hlen, hash);
-            if (err) {
-                ssh_signature_free(sig);
-                return NULL;
-            }
-            err = gcry_pk_sign(&sig->dsa_sig, sexp, key->dsa);
-            gcry_sexp_release(sexp);
-            if (err) {
-                ssh_signature_free(sig);
-                return NULL;
-            }
-            break;
-        case SSH_KEYTYPE_RSA:
-            switch (hash_type) {
-            case SSH_DIGEST_SHA1:
-                hash_c = "sha1";
-                break;
-            case SSH_DIGEST_SHA256:
-                hash_c = "sha256";
-                break;
-            case SSH_DIGEST_SHA512:
-                hash_c = "sha512";
-                break;
-            default:
-                SSH_LOG(SSH_LOG_WARN, "Incomplatible key algorithm");
-                return NULL;
-            }
-            err = gcry_sexp_build(&sexp,
-                                  NULL,
-                                  "(data(flags pkcs1)(hash %s %b))",
-                                  hash_c,
-                                  hlen,
-                                  hash);
-            if (err) {
-                ssh_signature_free(sig);
-                return NULL;
-            }
-            err = gcry_pk_sign(&sig->rsa_sig, sexp, key->rsa);
-            gcry_sexp_release(sexp);
-            if (err) {
-                ssh_signature_free(sig);
-                return NULL;
-            }
-            break;
-        case SSH_KEYTYPE_ED25519:
-		/* ED25519 handled in caller */
-        case SSH_KEYTYPE_ECDSA_P256:
-        case SSH_KEYTYPE_ECDSA_P384:
-        case SSH_KEYTYPE_ECDSA_P521:
-#ifdef HAVE_GCRYPT_ECC
-            err = gcry_sexp_build(&sexp,
-                                  NULL,
-                                  "(data(flags raw)(value %b))",
-                                  hlen,
-                                  hash);
-            if (err) {
-                ssh_signature_free(sig);
-                return NULL;
-            }
-            err = gcry_pk_sign(&sig->ecdsa_sig, sexp, key->ecdsa);
-            gcry_sexp_release(sexp);
-            if (err) {
-                ssh_signature_free(sig);
-                return NULL;
-            }
-            break;
-#endif
-        case SSH_KEYTYPE_RSA1:
-        case SSH_KEYTYPE_UNKNOWN:
-        default:
-            return NULL;
-    }
-
-    return sig;
-}
-#endif /* WITH_SERVER */
-
 #endif /* HAVE_LIBGCRYPT */
--- a/src/pki_mbedcrypto.c
+++ b/src/pki_mbedcrypto.c
@@ -1228,75 +1228,6 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
    return sig;
 }

-#ifdef WITH_SERVER
-ssh_signature pki_do_sign_sessionid_hash(const ssh_key key,
-                                         const unsigned char *hash,
-                                         size_t hlen,
-                                         enum ssh_digest_e hash_type)
-{
-    ssh_signature sig = NULL;
-    int rc;
-
-    /* Only RSA supports different signature algorithm types now */
-    if (key->type != SSH_KEYTYPE_RSA && hash_type != SSH_DIGEST_AUTO) {
-        SSH_LOG(SSH_LOG_WARN, "Incompatible signature algorithm passed");
-        return NULL;
-    }
-
-    sig = ssh_signature_new();
-    if (sig == NULL) {
-        return NULL;
-    }
-
-    sig->type = key->type;
-    sig->type_c = ssh_key_signature_to_char(key->type, hash_type);
-
-    switch (key->type) {
-        case SSH_KEYTYPE_RSA:
-            sig->rsa_sig = rsa_do_sign_hash(hash, hlen, key->rsa, hash_type);
-            if (sig->rsa_sig == NULL) {
-                ssh_signature_free(sig);
-                return NULL;
-            }
-            break;
-        case SSH_KEYTYPE_ECDSA_P256:
-        case SSH_KEYTYPE_ECDSA_P384:
-        case SSH_KEYTYPE_ECDSA_P521:
-            sig->ecdsa_sig.r = bignum_new();
-            if (sig->ecdsa_sig.r == NULL) {
-                return NULL;
-            }
-
-            sig->ecdsa_sig.s = bignum_new();
-            if (sig->ecdsa_sig.s == NULL) {
-                bignum_safe_free(sig->ecdsa_sig.r);
-                return NULL;
-            }
-
-            rc = mbedtls_ecdsa_sign(&key->ecdsa->grp,
-                                    sig->ecdsa_sig.r,
-                                    sig->ecdsa_sig.s,
-                                    &key->ecdsa->d,
-                                    hash,
-                                    hlen,
-                                    mbedtls_ctr_drbg_random,
-                                    ssh_get_mbedtls_ctr_drbg_context());
-            if (rc != 0) {
-                ssh_signature_free(sig);
-                return NULL;
-            }
-            break;
-        case SSH_KEYTYPE_ED25519:
-            /* ED25519 handled in caller */
-        default:
-            ssh_signature_free(sig);
-            return NULL;
-    }
-
-    return sig;
-}
-#endif /* WITH_SERVER */
-
 const char *pki_key_ecdsa_nid_to_name(int nid)
 {
    switch (nid) {