From 02fda2ef804c2bfa8d58f8c67e1fc2e85048c168 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 11 Jan 2023 12:33:09 +0100
Subject: [PATCH] Remove needless ifdefs for Ed25519 support ...

... through bundled code with OpenSSL. These were needed with older OpenSSL
versions before 1.1.1.
After removal in 358ce465517eb494146d33b794cf7999f7430707 these were just static
ifdef so this will simplify the code.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
---
 include/libssh/pki.h      |  7 ++--
 include/libssh/pki_priv.h |  2 ++
 src/pki_crypto.c          | 74 +--------------------------------------
 3 files changed, 6 insertions(+), 77 deletions(-)

diff --git a/include/libssh/pki.h b/include/libssh/pki.h
index 795942d9..5706ad80 100644
--- a/include/libssh/pki.h
+++ b/include/libssh/pki.h
@@ -77,14 +77,13 @@ struct ssh_key_struct {
     /* This holds either ENGINE key for PKCS#11 support or just key in
      * high-level format required by OpenSSL 3.0 */
     EVP_PKEY *key;
-#endif /* HAVE_LIBGCRYPT */
-#ifdef HAVE_LIBCRYPTO
     uint8_t *ed25519_pubkey;
     uint8_t *ed25519_privkey;
-#else
+#endif /* HAVE_LIBGCRYPT */
+#ifndef HAVE_LIBCRYPTO
     ed25519_pubkey *ed25519_pubkey;
     ed25519_privkey *ed25519_privkey;
-#endif
+#endif /* HAVE_LIBCRYPTO */
     ssh_string sk_application;
     void *cert;
     enum ssh_keytypes_e cert_type;
diff --git a/include/libssh/pki_priv.h b/include/libssh/pki_priv.h
index d0e1ef44..96dd5a04 100644
--- a/include/libssh/pki_priv.h
+++ b/include/libssh/pki_priv.h
@@ -146,10 +146,12 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
                                const unsigned char *hash,
                                size_t hlen,
                                enum ssh_digest_e hash_type);
+#ifndef HAVE_LIBCRYPTO
 int pki_ed25519_sign(const ssh_key privkey, ssh_signature sig,
         const unsigned char *hash, size_t hlen);
 int pki_ed25519_verify(const ssh_key pubkey, ssh_signature sig,
         const unsigned char *hash, size_t hlen);
+#endif /* HAVE_LIBCRYPTO */
 int pki_ed25519_key_cmp(const ssh_key k1,
                 const ssh_key k2,
                 enum ssh_keycmp_e what);
diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index a3aeba56..00744c00 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -1178,7 +1178,6 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
             break;
 #endif /* OPENSSL_VERSION_NUMBER */
         case SSH_KEYTYPE_ED25519:
-#ifdef HAVE_LIBCRYPTO
             /* In OpenSSL, the input is the private key seed only, which means
              * the first half of the SSH private key (the second half is the
              * public key) */
@@ -1195,10 +1194,6 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
             /* Mark the operation as successful as for the other key types */
             rc = 1;
             break;
-#else
-            SSH_LOG(SSH_LOG_TRACE, "PEM output not supported for key type ssh-ed25519");
-            goto err;
-#endif /* HAVE_LIBCRYPTO */
         case SSH_KEYTYPE_DSS_CERT01:
         case SSH_KEYTYPE_RSA_CERT01:
         case SSH_KEYTYPE_ECDSA_P256_CERT01:
@@ -1275,11 +1270,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
 #else
     void *ecdsa = NULL;
 #endif /* HAVE_OPENSSL_ECC */
-#ifdef HAVE_LIBCRYPTO
     uint8_t *ed25519 = NULL;
-#else
-    ed25519_privkey *ed25519 = NULL;
-#endif /* HAVE_LIBCRYPTO */
     ssh_key key = NULL;
     enum ssh_keytypes_e type = SSH_KEYTYPE_UNKNOWN;
     EVP_PKEY *pkey = NULL;
@@ -1352,7 +1343,6 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
  */
         break;
 #endif /* HAVE_OPENSSL_ECC */
-#ifdef HAVE_LIBCRYPTO
     case EVP_PKEY_ED25519:
     {
         size_t key_len;
@@ -1389,7 +1379,6 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
 
     }
     break;
-#endif /* HAVE_LIBCRYPTO */
     default:
         SSH_LOG(SSH_LOG_TRACE, "Unknown or invalid private key type %d",
                 EVP_PKEY_base_id(pkey));
@@ -1437,9 +1426,7 @@ fail:
 #ifdef HAVE_OPENSSL_ECC
     EC_KEY_free(ecdsa);
 #endif
-#ifdef HAVE_LIBCRYPTO
     SAFE_FREE(ed25519);
-#endif
     return NULL;
 }
 
@@ -2930,7 +2917,6 @@ static EVP_PKEY *pki_key_to_pkey(ssh_key key)
     case SSH_KEYTYPE_ED25519_CERT01:
     case SSH_KEYTYPE_SK_ED25519:
     case SSH_KEYTYPE_SK_ED25519_CERT01:
-# ifdef HAVE_LIBCRYPTO
         if (ssh_key_is_private(key)) {
             if (key->ed25519_privkey == NULL) {
                 SSH_LOG(SSH_LOG_TRACE, "NULL key->ed25519_privkey");
@@ -2958,7 +2944,6 @@ static EVP_PKEY *pki_key_to_pkey(ssh_key key)
             return NULL;
         }
         break;
-#endif
     case SSH_KEYTYPE_UNKNOWN:
     default:
         SSH_LOG(SSH_LOG_TRACE, "Unknown private key algorithm for type: %d",
@@ -3014,14 +2999,6 @@ ssh_signature pki_sign_data(const ssh_key privkey,
         return NULL;
     }
 
-#ifndef HAVE_LIBCRYPTO
-    if (privkey->type == SSH_KEYTYPE_ED25519 ||
-        privkey->type == SSH_KEYTYPE_ED25519_CERT01)
-    {
-        return pki_do_sign_hash(privkey, input, input_len, hash_type);
-    }
-#endif
-
     /* Set hash algorithm to be used */
     md = pki_digest_to_md(hash_type);
     if (md == NULL) {
@@ -3137,11 +3114,7 @@ int pki_verify_data_signature(ssh_signature signature,
     int evp_rc;
 
     if (pubkey == NULL || ssh_key_is_private(pubkey) || input == NULL ||
-        signature == NULL || (signature->raw_sig == NULL
-#ifndef HAVE_LIBCRYPTO
-        && signature->ed25519_sig == NULL
-#endif
-        ))
+        signature == NULL || signature->raw_sig == NULL)
     {
         SSH_LOG(SSH_LOG_TRACE, "Bad parameter provided to "
                                "pki_verify_data_signature()");
@@ -3154,16 +3127,6 @@ int pki_verify_data_signature(ssh_signature signature,
         return SSH_ERROR;
     }
 
-#ifndef HAVE_LIBCRYPTO
-    if (pubkey->type == SSH_KEYTYPE_ED25519 ||
-        pubkey->type == SSH_KEYTYPE_ED25519_CERT01 ||
-        pubkey->type == SSH_KEYTYPE_SK_ED25519 ||
-        pubkey->type == SSH_KEYTYPE_SK_ED25519_CERT01)
-    {
-        return pki_ed25519_verify(pubkey, signature, input, input_len);
-    }
-#endif
-
     /* Get the signature to be verified */
     raw_sig_data = ssh_string_data(signature->raw_sig);
     raw_sig_len = ssh_string_len(signature->raw_sig);
@@ -3260,7 +3223,6 @@ int ssh_key_size(ssh_key key)
     }
 }
 
-#ifdef HAVE_LIBCRYPTO
 int pki_key_generate_ed25519(ssh_key key)
 {
     int evp_rc;
@@ -3345,40 +3307,6 @@ error:
 
     return SSH_ERROR;
 }
-#else
-ssh_signature pki_do_sign_hash(const ssh_key privkey,
-                               const unsigned char *hash,
-                               size_t hlen,
-                               enum ssh_digest_e hash_type)
-{
-    ssh_signature sig = NULL;
-    int rc;
-
-    sig = ssh_signature_new();
-    if (sig == NULL) {
-        return NULL;
-    }
-
-    sig->type = privkey->type;
-    sig->type_c = ssh_key_signature_to_char(privkey->type, hash_type);
-    sig->hash_type = hash_type;
-
-    switch(privkey->type) {
-        case SSH_KEYTYPE_ED25519:
-            rc = pki_ed25519_sign(privkey, sig, hash, hlen);
-            if (rc != SSH_OK) {
-                ssh_signature_free(sig);
-                return NULL;
-            }
-            break;
-        default:
-            ssh_signature_free(sig);
-            return NULL;
-    }
-
-    return sig;
-}
-#endif /* HAVE_LIBCRYPTO */
 
 #ifdef WITH_PKCS11_URI
 /**