pki: Add pki_do_sign().

include/libssh/libgcrypt.h

@@ -37,7 +37,9 @@ typedef gcry_md_hd_t HMACCTX;
 #define SHA384_DIGEST_LENGTH 48
 #define SHA512_DIGEST_LENGTH 64
 
+#ifndef EVP_MAX_MD_SIZE
 #define EVP_MAX_MD_SIZE 36
+#endif
 
 typedef gcry_mpi_t bignum;
 

include/libssh/pki.h

@@ -62,5 +62,7 @@ ssh_key pki_private_key_from_base64(ssh_session session,
                                     const char *b64_key,
                                     const char *passphrase);
 ssh_key pki_publickey_from_privatekey(ssh_key privkey);
+struct signature_struct *pki_do_sign(ssh_key privatekey,
+                                     const unsigned char *hash);
 
 #endif /* PKI_H_ */

src/pki.c

@@ -359,13 +359,10 @@ ssh_string ssh_pki_do_sign(ssh_session session, ssh_buffer sigbuf,
     unsigned char hash[SHA_DIGEST_LEN + 1] = {0};
     ssh_string session_str = NULL;
     ssh_string signature = NULL;
-  SIGNATURE *sign = NULL;
+    struct signature_struct *sign = NULL;
     SHACTX ctx = NULL;
-#ifdef HAVE_LIBGCRYPT
-  gcry_sexp_t gcryhash;
-#endif
 
-  if(privatekey == NULL || !ssh_key_is_private(privatekey)) {
+    if (privatekey == NULL || !ssh_key_is_private(privatekey)) {
         return NULL;
     }
 
@@ -391,67 +388,11 @@ ssh_string ssh_pki_do_sign(ssh_session session, ssh_buffer sigbuf,
     ssh_print_hexa("Hash being signed with dsa", hash + 1, SHA_DIGEST_LEN);
 #endif
 
-  sign = malloc(sizeof(SIGNATURE));
+    sign = pki_do_sign(privatekey, hash);
     if (sign == NULL) {
         return NULL;
     }
 
-  switch(privatekey->type) {
-    case SSH_KEYTYPE_DSS:
-#ifdef HAVE_LIBGCRYPT
-      if (gcry_sexp_build(&gcryhash, NULL, "%b", SHA_DIGEST_LEN + 1, hash) ||
-          gcry_pk_sign(&sign->dsa_sign, gcryhash, privatekey->dsa)) {
-        ssh_set_error(session, SSH_FATAL, "Signing: libcrypt error");
-        gcry_sexp_release(gcryhash);
-        signature_free(sign);
-        return NULL;
-      }
-#elif defined HAVE_LIBCRYPTO
-      sign->dsa_sign = DSA_do_sign(hash + 1, SHA_DIGEST_LEN,
-          privatekey->dsa);
-      if (sign->dsa_sign == NULL) {
-        ssh_set_error(session, SSH_FATAL, "Signing: openssl error");
-        signature_free(sign);
-        return NULL;
-      }
-#ifdef DEBUG_CRYPTO
-      ssh_print_bignum("r", sign->dsa_sign->r);
-      ssh_print_bignum("s", sign->dsa_sign->s);
-#endif
-#endif /* HAVE_LIBCRYPTO */
-      sign->rsa_sign = NULL;
-      break;
-    case SSH_KEYTYPE_RSA:
-#ifdef HAVE_LIBGCRYPT
-      if (gcry_sexp_build(&gcryhash, NULL, "(data(flags pkcs1)(hash sha1 %b))",
-            SHA_DIGEST_LEN, hash + 1) ||
-          gcry_pk_sign(&sign->rsa_sign, gcryhash, privatekey->rsa)) {
-        ssh_set_error(session, SSH_FATAL, "Signing: libcrypt error");
-        gcry_sexp_release(gcryhash);
-        signature_free(sign);
-        return NULL;
-      }
-#elif defined HAVE_LIBCRYPTO
-      sign->rsa_sign = RSA_do_sign(hash + 1, SHA_DIGEST_LEN,
-          privatekey->rsa);
-      if (sign->rsa_sign == NULL) {
-        ssh_set_error(session, SSH_FATAL, "Signing: openssl error");
-        signature_free(sign);
-        return NULL;
-      }
-#endif
-      sign->dsa_sign = NULL;
-      break;
-    default:
-      signature_free(sign);
-      return NULL;
-  }
-#ifdef HAVE_LIBGCRYPT
-  gcry_sexp_release(gcryhash);
-#endif
-
-  sign->type = privatekey->type;
-
     signature = signature_to_string(sign);
     signature_free(sign);
 

src/pki_crypto.c

@@ -35,6 +35,7 @@
 #include "libssh/session.h"
 #include "libssh/callbacks.h"
 #include "libssh/pki.h"
+#include "libssh/keys.h"
 
 static int pem_get_password(char *buf, int size, int rwflag, void *userdata) {
     ssh_session session = userdata;
@@ -218,4 +219,49 @@ fail:
     return NULL;
 }
 
+struct signature_struct *pki_do_sign(ssh_key privatekey,
+                                     const unsigned char *hash) {
+    struct signature_struct *sign;
+
+    sign = malloc(sizeof(SIGNATURE));
+    if (sign == NULL) {
+        return NULL;
+    }
+    sign->type = privatekey->type;
+
+    switch(privatekey->type) {
+        case SSH_KEYTYPE_DSS:
+            sign->dsa_sign = DSA_do_sign(hash + 1, SHA_DIGEST_LEN,
+                    privatekey->dsa);
+            if (sign->dsa_sign == NULL) {
+                signature_free(sign);
+                return NULL;
+            }
+
+#ifdef DEBUG_CRYPTO
+            ssh_print_bignum("r", sign->dsa_sign->r);
+            ssh_print_bignum("s", sign->dsa_sign->s);
+#endif
+
+            sign->rsa_sign = NULL;
+            break;
+        case SSH_KEYTYPE_RSA:
+        case SSH_KEYTYPE_RSA1:
+            sign->rsa_sign = RSA_do_sign(hash + 1, SHA_DIGEST_LEN,
+                    privatekey->rsa);
+            if (sign->rsa_sign == NULL) {
+                signature_free(sign);
+                return NULL;
+            }
+            sign->dsa_sign = NULL;
+            break;
+        case SSH_KEYTYPE_ECDSA:
+        case SSH_KEYTYPE_UNKNOWN:
+            signature_free(sign);
+            return NULL;
+    }
+
+    return sign;
+}
+
 #endif /* _PKI_CRYPTO_H */

src/pki_gcrypt.c

@@ -856,6 +856,49 @@ fail:
     return NULL;
 }
 
+struct signature_struct *pki_do_sign(ssh_key privatekey,
+                                     const unsigned char *hash) {
+    struct signature_struct *sign;
+    gcry_sexp_t gcryhash;
+
+    sign = malloc(sizeof(SIGNATURE));
+    if (sign == NULL) {
+        return NULL;
+    }
+    sign->type = privatekey->type;
+
+    switch(privatekey->type) {
+        case SSH_KEYTYPE_DSS:
+            if (gcry_sexp_build(&gcryhash, NULL, "%b", SHA_DIGEST_LEN + 1, hash) ||
+                gcry_pk_sign(&sign->dsa_sign, gcryhash, privatekey->dsa)) {
+                gcry_sexp_release(gcryhash);
+                signature_free(sign);
+                return NULL;
+            }
+            sign->rsa_sign = NULL;
+            break;
+        case SSH_KEYTYPE_RSA:
+        case SSH_KEYTYPE_RSA1:
+            if (gcry_sexp_build(&gcryhash, NULL, "(data(flags pkcs1)(hash sha1 %b))",
+                                SHA_DIGEST_LEN, hash + 1) ||
+                gcry_pk_sign(&sign->rsa_sign, gcryhash, privatekey->rsa)) {
+                gcry_sexp_release(gcryhash);
+                signature_free(sign);
+                return NULL;
+            }
+            sign->dsa_sign = NULL;
+            break;
+        case SSH_KEYTYPE_ECDSA:
+        case SSH_KEYTYPE_UNKNOWN:
+            signature_free(sign);
+            return NULL;
+    }
+
+    gcry_sexp_release(gcryhash);
+
+    return sign;
+}
+
 #endif /* HAVE_LIBGCRYPT */
 
 /**