upstream: allow security keys to act as host keys as well as user

keys. Previously we didn't do this because we didn't want to expose the attack surface presented by USB and FIDO protocol handling, but now that this is insulated behind ssh-sk-helper there is less risk. ok markus@ OpenBSD-Commit-ID: 77b068dd133b8d87e0f010987bd5131e640ee64c
author: djm@openbsd.org <djm@openbsd.org> 2019-12-15 18:57:30 +0000
committer: Damien Miller <djm@mindrot.org> 2019-12-16 14:19:41 +1100
commit: 56584cce75f3d20aaa30befc7cbd331d922927f3 (patch)
tree: d3e9c2b7c9104b6528758b19eb7fa56dae2fcea6 /monitor.c
parent: 5af6fd5461bb709304e6979c8b7856c7af921c9e (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/monitor.c b/monitor.c
index 64eca98d6..6ee44204c 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.205 2019/11/25 10:23:36 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.206 2019/12/15 18:57:30 djm Exp $ */
 /*
 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -679,7 +679,7 @@ mm_answer_sign(struct ssh *ssh, int sock, struct sshbuf *m)
        if ((key = get_hostkey_by_index(keyid)) != NULL) {
                if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg,
-                    NULL, compat)) != 0)
+                    options.sk_provider, compat)) != 0)
                        fatal("%s: sshkey_sign failed: %s",
                            __func__, ssh_err(r));
        } else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL &&
author	djm@openbsd.org <djm@openbsd.org>	2019-12-15 18:57:30 +0000
committer	Damien Miller <djm@mindrot.org>	2019-12-16 14:19:41 +1100
commit	56584cce75f3d20aaa30befc7cbd331d922927f3 (patch)
tree	d3e9c2b7c9104b6528758b19eb7fa56dae2fcea6 /monitor.c
parent	5af6fd5461bb709304e6979c8b7856c7af921c9e (diff)

diff --git a/monitor.c b/monitor.c index 64eca98d6..6ee44204c 100644 --- a/monitor.c +++ b/monitor.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: monitor.c,v 1.205 2019/11/25 10:23:36 djm Exp $ */	1	/* $OpenBSD: monitor.c,v 1.206 2019/12/15 18:57:30 djm Exp $ */
2	/*	2	/*
3	* Copyright 2002 Niels Provos <provos@citi.umich.edu>	3	* Copyright 2002 Niels Provos <provos@citi.umich.edu>
4	* Copyright 2002 Markus Friedl <markus@openbsd.org>	4	* Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -679,7 +679,7 @@ mm_answer_sign(struct ssh ssh, int sock, struct sshbuf m)
679		679
680	if ((key = get_hostkey_by_index(keyid)) != NULL) {	680	if ((key = get_hostkey_by_index(keyid)) != NULL) {
681	if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg,	681	if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg,
682	NULL, compat)) != 0)	682	options.sk_provider, compat)) != 0)
683	fatal("%s: sshkey_sign failed: %s",	683	fatal("%s: sshkey_sign failed: %s",
684	__func__, ssh_err(r));	684	__func__, ssh_err(r));
685	} else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL &&	685	} else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL &&