dh: Remove obsolete signature functions.

include/libssh/dh.h

@@ -49,10 +49,6 @@ int make_sessionid(ssh_session session);
 int hashbufin_add_cookie(ssh_session session, unsigned char *cookie);
 int hashbufout_add_cookie(ssh_session session);
 int generate_session_keys(ssh_session session);
-int sig_verify(ssh_session session, ssh_public_key pubkey,
-    SIGNATURE *signature, unsigned char *digest, int size);
-/* returns 1 if server signature ok, 0 otherwise. The NEXT crypto is checked, not the current one */
-int signature_verify(ssh_session session,ssh_string signature);
 bignum make_string_bn(ssh_string string);
 ssh_string make_bignum_string(bignum num);
 

src/dh.c

@@ -1017,146 +1017,6 @@ ssh_string ssh_get_pubkey(ssh_session session){
     return ssh_string_copy(session->current_crypto->server_pubkey);
 }
 
-int sig_verify(ssh_session session, ssh_public_key pubkey,
-    SIGNATURE *signature, unsigned char *digest, int size) {
-#ifdef HAVE_LIBGCRYPT
-  gcry_error_t valid = 0;
-  gcry_sexp_t gcryhash;
-#elif defined HAVE_LIBCRYPTO
-  int valid = 0;
-#endif
-  unsigned char hash[SHA_DIGEST_LEN + 1] = {0};
-
-  sha1(digest, size, hash + 1);
-
-#ifdef DEBUG_CRYPTO
-  ssh_print_hexa("Hash to be verified with dsa", hash + 1, SHA_DIGEST_LEN);
-#endif
-
-  switch(pubkey->type) {
-    case SSH_KEYTYPE_DSS:
-#ifdef HAVE_LIBGCRYPT
-      valid = gcry_sexp_build(&gcryhash, NULL, "%b", SHA_DIGEST_LEN + 1, hash);
-      if (valid != 0) {
-        ssh_set_error(session, SSH_FATAL,
-            "RSA error: %s", gcry_strerror(valid));
-        return -1;
-      }
-      valid = gcry_pk_verify(signature->dsa_sign, gcryhash, pubkey->dsa_pub);
-      gcry_sexp_release(gcryhash);
-      if (valid == 0) {
-        return 0;
-      }
-
-      if (gcry_err_code(valid) != GPG_ERR_BAD_SIGNATURE) {
-        ssh_set_error(session, SSH_FATAL,
-            "DSA error: %s", gcry_strerror(valid));
-        return -1;
-      }
-#elif defined HAVE_LIBCRYPTO
-      valid = DSA_do_verify(hash + 1, SHA_DIGEST_LEN, signature->dsa_sign,
-          pubkey->dsa_pub);
-      if (valid == 1) {
-        return 0;
-      }
-
-      if (valid == -1) {
-        ssh_set_error(session, SSH_FATAL,
-            "DSA error: %s", ERR_error_string(ERR_get_error(), NULL));
-        return -1;
-      }
-#endif
-      ssh_set_error(session, SSH_FATAL, "Invalid DSA signature");
-      return -1;
-
-    case SSH_KEYTYPE_RSA:
-    case SSH_KEYTYPE_RSA1:
-#ifdef HAVE_LIBGCRYPT
-      valid = gcry_sexp_build(&gcryhash, NULL,
-          "(data(flags pkcs1)(hash sha1 %b))", SHA_DIGEST_LEN, hash + 1);
-      if (valid != 0) {
-        ssh_set_error(session, SSH_FATAL,
-            "RSA error: %s", gcry_strerror(valid));
-        return -1;
-      }
-      valid = gcry_pk_verify(signature->rsa_sign,gcryhash,pubkey->rsa_pub);
-      gcry_sexp_release(gcryhash);
-      if (valid == 0) {
-        return 0;
-      }
-      if (gcry_err_code(valid) != GPG_ERR_BAD_SIGNATURE) {
-        ssh_set_error(session, SSH_FATAL,
-            "RSA error: %s", gcry_strerror(valid));
-        return -1;
-      }
-#elif defined HAVE_LIBCRYPTO
-      valid = RSA_verify(NID_sha1, hash + 1, SHA_DIGEST_LEN,
-          signature->rsa_sign->string, ssh_string_len(signature->rsa_sign),
-          pubkey->rsa_pub);
-      if (valid == 1) {
-        return 0;
-      }
-      if (valid == -1) {
-        ssh_set_error(session, SSH_FATAL,
-            "RSA error: %s", ERR_error_string(ERR_get_error(), NULL));
-        return -1;
-      }
-#endif
-      ssh_set_error(session, SSH_FATAL, "Invalid RSA signature");
-      return -1;
-    default:
-      ssh_set_error(session, SSH_FATAL, "Unknown public key type");
-      return -1;
-  }
-
-  return -1;
-}
-
-int signature_verify(ssh_session session, ssh_string signature) {
-  ssh_public_key pubkey = NULL;
-  SIGNATURE *sign = NULL;
-  int err;
-
-  enter_function();
-
-  pubkey = publickey_from_string(session,session->next_crypto->server_pubkey);
-  if(pubkey == NULL) {
-    leave_function();
-    return -1;
-  }
-
-  if (session->wanted_methods[SSH_HOSTKEYS]) {
-    if(!ssh_match_group(session->wanted_methods[SSH_HOSTKEYS],pubkey->type_c)) {
-      ssh_set_error(session, SSH_FATAL,
-          "Public key from server (%s) doesn't match user preference (%s)",
-          pubkey->type_c, session->wanted_methods[SSH_HOSTKEYS]);
-      publickey_free(pubkey);
-      leave_function();
-      return -1;
-    }
-  }
-
-  sign = signature_from_string(session, signature, pubkey, pubkey->type);
-  if (sign == NULL) {
-    ssh_set_error(session, SSH_FATAL, "Invalid signature blob");
-    publickey_free(pubkey);
-    leave_function();
-    return -1;
-  }
-
-  ssh_log(session, SSH_LOG_FUNCTIONS,
-      "Going to verify a %s type signature", pubkey->type_c);
-
-  err = sig_verify(session,pubkey,sign,
-      session->next_crypto->session_id, session->next_crypto->digest_len);
-  signature_free(sign);
-  session->next_crypto->server_pubkey_type = pubkey->type_c;
-  publickey_free(pubkey);
-
-  leave_function();
-  return err;
-}
-
 /** @} */
 
 /* vim: set ts=4 sw=4 et cindent: */