From 7a31e386bf17f78a5df04735a19059c648d96e95 Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Sat, 11 May 2024 06:43:50 +0000
Subject: [PATCH] Remove unused DSA methods

There are no accessors to set them, so this has been involved in a bunch
of dead logic ever since we made DSA opaque a few years ago.

ok jsing
---
 lib/libcrypto/dsa/dsa_gen.c   | 31 +++++++++++++------------------
 lib/libcrypto/dsa/dsa_key.c   |  5 +----
 lib/libcrypto/dsa/dsa_local.h | 13 +------------
 lib/libcrypto/dsa/dsa_ossl.c  | 25 ++++++-------------------
 4 files changed, 21 insertions(+), 53 deletions(-)

diff --git a/lib/libcrypto/dsa/dsa_gen.c b/lib/libcrypto/dsa/dsa_gen.c
index 8b966871b4f..dc04eba0328 100644
--- a/lib/libcrypto/dsa/dsa_gen.c
+++ b/lib/libcrypto/dsa/dsa_gen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_gen.c,v 1.31 2024/03/02 09:33:14 tb Exp $ */
+/* $OpenBSD: dsa_gen.c,v 1.32 2024/05/11 06:43:50 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -75,24 +75,19 @@ int
 DSA_generate_parameters_ex(DSA *ret, int bits, const unsigned char *seed_in,
     int seed_len, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
 {
-	if (ret->meth->dsa_paramgen)
-		return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
-		    counter_ret, h_ret, cb);
-	else {
-		const EVP_MD *evpmd;
-		size_t qbits;
-
-		if (bits >= 2048) {
-			qbits = 256;
-			evpmd = EVP_sha256();
-		} else {
-			qbits = 160;
-			evpmd = EVP_sha1();
-		}
-
-		return dsa_builtin_paramgen(ret, bits, qbits, evpmd, seed_in,
-		    seed_len, NULL, counter_ret, h_ret, cb);
+	const EVP_MD *evpmd;
+	size_t qbits;
+
+	if (bits >= 2048) {
+		qbits = 256;
+		evpmd = EVP_sha256();
+	} else {
+		qbits = 160;
+		evpmd = EVP_sha1();
 	}
+
+	return dsa_builtin_paramgen(ret, bits, qbits, evpmd, seed_in, seed_len,
+	    NULL, counter_ret, h_ret, cb);
 }
 LCRYPTO_ALIAS(DSA_generate_parameters_ex);
 
diff --git a/lib/libcrypto/dsa/dsa_key.c b/lib/libcrypto/dsa/dsa_key.c
index 46ec9cfce97..5fbedcf705a 100644
--- a/lib/libcrypto/dsa/dsa_key.c
+++ b/lib/libcrypto/dsa/dsa_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_key.c,v 1.36 2024/05/10 04:53:55 tb Exp $ */
+/* $OpenBSD: dsa_key.c,v 1.37 2024/05/11 06:43:50 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -76,9 +76,6 @@ DSA_generate_key(DSA *dsa)
 	BN_CTX *ctx = NULL;
 	int ok = 0;
 
-	if (dsa->meth->dsa_keygen != NULL)
-		return dsa->meth->dsa_keygen(dsa);
-
 	if ((priv_key = BN_new()) == NULL)
 		goto err;
 	if ((pub_key = BN_new()) == NULL)
diff --git a/lib/libcrypto/dsa/dsa_local.h b/lib/libcrypto/dsa/dsa_local.h
index 3e688b8ce6d..46248f0edfe 100644
--- a/lib/libcrypto/dsa/dsa_local.h
+++ b/lib/libcrypto/dsa/dsa_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_local.h,v 1.3 2023/11/29 21:35:57 tb Exp $ */
+/* $OpenBSD: dsa_local.h,v 1.4 2024/05/11 06:43:50 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
  *
@@ -69,20 +69,9 @@ struct dsa_method {
 	    BIGNUM **rp);
 	int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
 	    DSA_SIG *sig, DSA *dsa);
-	int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
-	    BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
-	    BN_MONT_CTX *in_mont);
-	int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-	    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); /* Can be null */
 	int (*init)(DSA *dsa);
 	int (*finish)(DSA *dsa);
 	int flags;
-	char *app_data;
-	/* If this is non-NULL, it is used to generate DSA parameters */
-	int (*dsa_paramgen)(DSA *dsa, int bits, const unsigned char *seed,
-	    int seed_len, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
-	/* If this is non-NULL, it is used to generate DSA keys */
-	int (*dsa_keygen)(DSA *dsa);
 } /* DSA_METHOD */;
 
 struct dsa_st {
diff --git a/lib/libcrypto/dsa/dsa_ossl.c b/lib/libcrypto/dsa/dsa_ossl.c
index 943d038796b..c53c8b9001c 100644
--- a/lib/libcrypto/dsa/dsa_ossl.c
+++ b/lib/libcrypto/dsa/dsa_ossl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_ossl.c,v 1.55 2024/05/09 20:57:49 tb Exp $ */
+/* $OpenBSD: dsa_ossl.c,v 1.56 2024/05/11 06:43:50 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -268,15 +268,8 @@ dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 	    !bn_copy(k, BN_num_bits(l) > q_bits ? l : m))
 		goto err;
 
-	if (dsa->meth->bn_mod_exp != NULL) {
-		if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, k, dsa->p, ctx,
-		    dsa->method_mont_p))
-			goto err;
-	} else {
-		if (!BN_mod_exp_mont_ct(r, dsa->g, k, dsa->p, ctx,
-		    dsa->method_mont_p))
-			goto err;
-	}
+	if (!BN_mod_exp_mont_ct(r, dsa->g, k, dsa->p, ctx, dsa->method_mont_p))
+		goto err;
 
 	if (!BN_mod_ct(r, r, dsa->q, ctx))
 		goto err;
@@ -372,15 +365,9 @@ dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa)
 			goto err;
 	}
 
-	if (dsa->meth->dsa_mod_exp != NULL) {
-		if (!dsa->meth->dsa_mod_exp(dsa, t1, dsa->g, u1, dsa->pub_key,
-		    u2, dsa->p, ctx, mont))
-			goto err;
-	} else {
-		if (!BN_mod_exp2_mont(t1, dsa->g, u1, dsa->pub_key, u2,
-		    dsa->p, ctx, mont))
-			goto err;
-	}
+	if (!BN_mod_exp2_mont(t1, dsa->g, u1, dsa->pub_key, u2, dsa->p,
+	    ctx, mont))
+		goto err;
 
 	/* let u1 = u1 mod q */
 	if (!BN_mod_ct(u1, t1, dsa->q, ctx))
-- 
2.20.1