upstream: sshsk_sign: trim call to sshkey_fingerprint()

the resulting fingerprint doesn't appear to be used for anything,
and we end up leaking it.

from Pedro Martelletto; ok dtucker & me

OpenBSD-Commit-ID: 5625cf6c68f082bc2cbbd348e69a3ed731d2f9b7

diff --git a/ssh-sk-client.c b/ssh-sk-client.c
index bcef7a5d019fa659e64adf98eddf1941a9e987fb..7b5752a6e754f7a4c81adeaa74cf49a855248ca1 100644 (file)
--- a/ssh-sk-client.c
+++ b/ssh-sk-client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-sk-client.c,v 1.10 2021/10/28 02:54:18 djm Exp $ */
+/* $OpenBSD: ssh-sk-client.c,v 1.11 2022/01/14 03:32:52 djm Exp $ */
 /*
  * Copyright (c) 2019 Google LLC
  *
@@ -232,7 +232,6 @@ sshsk_sign(const char *provider, struct sshkey *key,
     u_int compat, const char *pin)
 {
        int oerrno, r = SSH_ERR_INTERNAL_ERROR;
-       char *fp = NULL;
        struct sshbuf *kbuf = NULL, *req = NULL, *resp = NULL;
 
        *sigp = NULL;
@@ -262,12 +261,6 @@ sshsk_sign(const char *provider, struct sshkey *key,
                goto out;
        }
 
-       if ((fp = sshkey_fingerprint(key, SSH_FP_HASH_DEFAULT,
-           SSH_FP_DEFAULT)) == NULL) {
-               error_f("sshkey_fingerprint failed");
-               r = SSH_ERR_ALLOC_FAIL;
-               goto out;
-       }
        if ((r = client_converse(req, &resp, SSH_SK_HELPER_SIGN)) != 0)
                goto out;