5 files changed, 125 insertions, 91 deletions

diff --git a/include/libssh/libgcrypt.h b/include/libssh/libgcrypt.h
index 3afbcb4..6554555 100644
--- a/include/libssh/libgcrypt.h
+++ b/include/libssh/libgcrypt.h
@@ -37,7 +37,9 @@ typedef gcry_md_hd_t HMACCTX;
 #define SHA384_DIGEST_LENGTH 48
 #define SHA512_DIGEST_LENGTH 64
 
+#ifndef EVP_MAX_MD_SIZE
 #define EVP_MAX_MD_SIZE 36
+#endif
 
 typedef gcry_mpi_t bignum;
 
diff --git a/include/libssh/pki.h b/include/libssh/pki.h
index 182079f..615b7c0 100644
--- a/include/libssh/pki.h
+++ b/include/libssh/pki.h
@@ -62,5 +62,7 @@ ssh_key pki_private_key_from_base64(ssh_session session,
                                     const char *b64_key,
                                     const char *passphrase);
 ssh_key pki_publickey_from_privatekey(ssh_key privkey);
+struct signature_struct *pki_do_sign(ssh_key privatekey,
+                                     const unsigned char *hash);
 
 #endif /* PKI_H_ */
diff --git a/src/pki.c b/src/pki.c
index 593cc41..e53659b 100644
--- a/src/pki.c
+++ b/src/pki.c
@@ -354,108 +354,49 @@ ssh_key ssh_pki_publickey_from_privatekey(ssh_key privkey) {
  * the content of sigbuf */
 ssh_string ssh_pki_do_sign(ssh_session session, ssh_buffer sigbuf,
     ssh_key privatekey) {
-  struct ssh_crypto_struct *crypto = session->current_crypto ? session->current_crypto :
-    session->next_crypto;
-  unsigned char hash[SHA_DIGEST_LEN + 1] = {0};
-  ssh_string session_str = NULL;
-  ssh_string signature = NULL;
-  SIGNATURE *sign = NULL;
-  SHACTX ctx = NULL;
-#ifdef HAVE_LIBGCRYPT
-  gcry_sexp_t gcryhash;
-#endif
+    struct ssh_crypto_struct *crypto = session->current_crypto ? session->current_crypto :
+        session->next_crypto;
+    unsigned char hash[SHA_DIGEST_LEN + 1] = {0};
+    ssh_string session_str = NULL;
+    ssh_string signature = NULL;
+    struct signature_struct *sign = NULL;
+    SHACTX ctx = NULL;
+
+    if (privatekey == NULL || !ssh_key_is_private(privatekey)) {
+        return NULL;
+    }
 
-  if(privatekey == NULL || !ssh_key_is_private(privatekey)) {
-      return NULL;
-  }
+    session_str = ssh_string_new(SHA_DIGEST_LEN);
+    if (session_str == NULL) {
+        return NULL;
+    }
+    ssh_string_fill(session_str, crypto->session_id, SHA_DIGEST_LEN);
 
-  session_str = ssh_string_new(SHA_DIGEST_LEN);
-  if (session_str == NULL) {
-    return NULL;
-  }
-  ssh_string_fill(session_str, crypto->session_id, SHA_DIGEST_LEN);
+    ctx = sha1_init();
+    if (ctx == NULL) {
+        ssh_string_free(session_str);
+        return NULL;
+    }
 
-  ctx = sha1_init();
-  if (ctx == NULL) {
+    sha1_update(ctx, session_str, ssh_string_len(session_str) + 4);
     ssh_string_free(session_str);
-    return NULL;
-  }
-
-  sha1_update(ctx, session_str, ssh_string_len(session_str) + 4);
-  ssh_string_free(session_str);
-  sha1_update(ctx, buffer_get_rest(sigbuf), buffer_get_rest_len(sigbuf));
-  sha1_final(hash + 1,ctx);
-  hash[0] = 0;
+    sha1_update(ctx, buffer_get_rest(sigbuf), buffer_get_rest_len(sigbuf));
+    sha1_final(hash + 1,ctx);
+    hash[0] = 0;
 
 #ifdef DEBUG_CRYPTO
-  ssh_print_hexa("Hash being signed with dsa", hash + 1, SHA_DIGEST_LEN);
+    ssh_print_hexa("Hash being signed with dsa", hash + 1, SHA_DIGEST_LEN);
 #endif
 
-  sign = malloc(sizeof(SIGNATURE));
-  if (sign == NULL) {
-    return NULL;
-  }
-
-  switch(privatekey->type) {
-    case SSH_KEYTYPE_DSS:
-#ifdef HAVE_LIBGCRYPT
-      if (gcry_sexp_build(&gcryhash, NULL, "%b", SHA_DIGEST_LEN + 1, hash) ||
-          gcry_pk_sign(&sign->dsa_sign, gcryhash, privatekey->dsa)) {
-        ssh_set_error(session, SSH_FATAL, "Signing: libcrypt error");
-        gcry_sexp_release(gcryhash);
-        signature_free(sign);
+    sign = pki_do_sign(privatekey, hash);
+    if (sign == NULL) {
         return NULL;
-      }
-#elif defined HAVE_LIBCRYPTO
-      sign->dsa_sign = DSA_do_sign(hash + 1, SHA_DIGEST_LEN,
-          privatekey->dsa);
-      if (sign->dsa_sign == NULL) {
-        ssh_set_error(session, SSH_FATAL, "Signing: openssl error");
-        signature_free(sign);
-        return NULL;
-      }
-#ifdef DEBUG_CRYPTO
-      ssh_print_bignum("r", sign->dsa_sign->r);
-      ssh_print_bignum("s", sign->dsa_sign->s);
-#endif
-#endif /* HAVE_LIBCRYPTO */
-      sign->rsa_sign = NULL;
-      break;
-    case SSH_KEYTYPE_RSA:
-#ifdef HAVE_LIBGCRYPT
-      if (gcry_sexp_build(&gcryhash, NULL, "(data(flags pkcs1)(hash sha1 %b))",
-            SHA_DIGEST_LEN, hash + 1) ||
-          gcry_pk_sign(&sign->rsa_sign, gcryhash, privatekey->rsa)) {
-        ssh_set_error(session, SSH_FATAL, "Signing: libcrypt error");
-        gcry_sexp_release(gcryhash);
-        signature_free(sign);
-        return NULL;
-      }
-#elif defined HAVE_LIBCRYPTO
-      sign->rsa_sign = RSA_do_sign(hash + 1, SHA_DIGEST_LEN,
-          privatekey->rsa);
-      if (sign->rsa_sign == NULL) {
-        ssh_set_error(session, SSH_FATAL, "Signing: openssl error");
-        signature_free(sign);
-        return NULL;
-      }
-#endif
-      sign->dsa_sign = NULL;
-      break;
-    default:
-      signature_free(sign);
-      return NULL;
-  }
-#ifdef HAVE_LIBGCRYPT
-  gcry_sexp_release(gcryhash);
-#endif
-
-  sign->type = privatekey->type;
+    }
 
-  signature = signature_to_string(sign);
-  signature_free(sign);
+    signature = signature_to_string(sign);
+    signature_free(sign);
 
-  return signature;
+    return signature;
 }
 
 
diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index 532e1ea..2c99daf 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -35,6 +35,7 @@
 #include "libssh/session.h"
 #include "libssh/callbacks.h"
 #include "libssh/pki.h"
+#include "libssh/keys.h"
 
 static int pem_get_password(char *buf, int size, int rwflag, void *userdata) {
     ssh_session session = userdata;
@@ -218,4 +219,49 @@ fail:
     return NULL;
 }
 
+struct signature_struct *pki_do_sign(ssh_key privatekey,
+                                     const unsigned char *hash) {
+    struct signature_struct *sign;
+
+    sign = malloc(sizeof(SIGNATURE));
+    if (sign == NULL) {
+        return NULL;
+    }
+    sign->type = privatekey->type;
+
+    switch(privatekey->type) {
+        case SSH_KEYTYPE_DSS:
+            sign->dsa_sign = DSA_do_sign(hash + 1, SHA_DIGEST_LEN,
+                    privatekey->dsa);
+            if (sign->dsa_sign == NULL) {
+                signature_free(sign);
+                return NULL;
+            }
+
+#ifdef DEBUG_CRYPTO
+            ssh_print_bignum("r", sign->dsa_sign->r);
+            ssh_print_bignum("s", sign->dsa_sign->s);
+#endif
+
+            sign->rsa_sign = NULL;
+            break;
+        case SSH_KEYTYPE_RSA:
+        case SSH_KEYTYPE_RSA1:
+            sign->rsa_sign = RSA_do_sign(hash + 1, SHA_DIGEST_LEN,
+                    privatekey->rsa);
+            if (sign->rsa_sign == NULL) {
+                signature_free(sign);
+                return NULL;
+            }
+            sign->dsa_sign = NULL;
+            break;
+        case SSH_KEYTYPE_ECDSA:
+        case SSH_KEYTYPE_UNKNOWN:
+            signature_free(sign);
+            return NULL;
+    }
+
+    return sign;
+}
+
 #endif /* _PKI_CRYPTO_H */
diff --git a/src/pki_gcrypt.c b/src/pki_gcrypt.c
index 30448c2..9c6cd67 100644
--- a/src/pki_gcrypt.c
+++ b/src/pki_gcrypt.c
@@ -856,6 +856,49 @@ fail:
     return NULL;
 }
 
+struct signature_struct *pki_do_sign(ssh_key privatekey,
+                                     const unsigned char *hash) {
+    struct signature_struct *sign;
+    gcry_sexp_t gcryhash;
+
+    sign = malloc(sizeof(SIGNATURE));
+    if (sign == NULL) {
+        return NULL;
+    }
+    sign->type = privatekey->type;
+
+    switch(privatekey->type) {
+        case SSH_KEYTYPE_DSS:
+            if (gcry_sexp_build(&gcryhash, NULL, "%b", SHA_DIGEST_LEN + 1, hash) ||
+                gcry_pk_sign(&sign->dsa_sign, gcryhash, privatekey->dsa)) {
+                gcry_sexp_release(gcryhash);
+                signature_free(sign);
+                return NULL;
+            }
+            sign->rsa_sign = NULL;
+            break;
+        case SSH_KEYTYPE_RSA:
+        case SSH_KEYTYPE_RSA1:
+            if (gcry_sexp_build(&gcryhash, NULL, "(data(flags pkcs1)(hash sha1 %b))",
+                                SHA_DIGEST_LEN, hash + 1) ||
+                gcry_pk_sign(&sign->rsa_sign, gcryhash, privatekey->rsa)) {
+                gcry_sexp_release(gcryhash);
+                signature_free(sign);
+                return NULL;
+            }
+            sign->dsa_sign = NULL;
+            break;
+        case SSH_KEYTYPE_ECDSA:
+        case SSH_KEYTYPE_UNKNOWN:
+            signature_free(sign);
+            return NULL;
+    }
+
+    gcry_sexp_release(gcryhash);
+
+    return sign;
+}
+
 #endif /* HAVE_LIBGCRYPT */
 
 /**