upstream: Refactor signing - use sshkey_sign for everything,

including the new U2F signatures. Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that. Suggested by / ok markus@ OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c
author: djm@openbsd.org <djm@openbsd.org> 2019-10-31 21:23:19 +0000
committer: Damien Miller <djm@mindrot.org> 2019-11-01 09:46:10 +1100
commit: 9a14c64c38fc14d0029f1c7bc70cf62cc7f0fdf9 (patch)
tree: d79bb8d66eeba8e353f18dac919cb65d0ad896c7 /monitor_wrap.c
parent: 07da39f71d36fb547749a5b16aa8892e621a7e4a (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 4169b7604..d20dc5191 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.c,v 1.113 2019/06/28 13:35:04 deraadt Exp $ */
+/* $OpenBSD: monitor_wrap.c,v 1.114 2019/10/31 21:23:19 djm Exp $ */
 /*
 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -215,7 +215,8 @@ mm_choose_dh(int min, int nbits, int max)
 int
 mm_sshkey_sign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
-    const u_char *data, size_t datalen, const char *hostkey_alg, u_int compat)
+    const u_char *data, size_t datalen, const char *hostkey_alg,
+    const char *sk_provider, u_int compat)
 {
        struct kex *kex = *pmonitor->m_pkex;
        struct sshbuf *m;
@@ -223,7 +224,8 @@ mm_sshkey_sign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
        int r;
        debug3("%s entering", __func__);
+        if (sk_provider != NULL)
+                fatal("%s: sk_provider != NULL", __func__);
        if ((m = sshbuf_new()) == NULL)
                fatal("%s: sshbuf_new failed", __func__);
        if ((r = sshbuf_put_u32(m, ndx)) != 0 ||
author	djm@openbsd.org <djm@openbsd.org>	2019-10-31 21:23:19 +0000
committer	Damien Miller <djm@mindrot.org>	2019-11-01 09:46:10 +1100
commit	9a14c64c38fc14d0029f1c7bc70cf62cc7f0fdf9 (patch)
tree	d79bb8d66eeba8e353f18dac919cb65d0ad896c7 /monitor_wrap.c
parent	07da39f71d36fb547749a5b16aa8892e621a7e4a (diff)

diff --git a/monitor_wrap.c b/monitor_wrap.c index 4169b7604..d20dc5191 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: monitor_wrap.c,v 1.113 2019/06/28 13:35:04 deraadt Exp $ */	1	/* $OpenBSD: monitor_wrap.c,v 1.114 2019/10/31 21:23:19 djm Exp $ */
2	/*	2	/*
3	* Copyright 2002 Niels Provos <provos@citi.umich.edu>	3	* Copyright 2002 Niels Provos <provos@citi.umich.edu>
4	* Copyright 2002 Markus Friedl <markus@openbsd.org>	4	* Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -215,7 +215,8 @@ mm_choose_dh(int min, int nbits, int max)
215		215
216	int	216	int
217	mm_sshkey_sign(struct ssh ssh, struct sshkey key, u_char *sigp, size_t lenp,	217	mm_sshkey_sign(struct ssh ssh, struct sshkey key, u_char *sigp, size_t lenp,
218	const u_char data, size_t datalen, const char hostkey_alg, u_int compat)	218	const u_char data, size_t datalen, const char hostkey_alg,
		219	const char *sk_provider, u_int compat)
219	{	220	{
220	struct kex kex = pmonitor->m_pkex;	221	struct kex kex = pmonitor->m_pkex;
221	struct sshbuf *m;	222	struct sshbuf *m;
@@ -223,7 +224,8 @@ mm_sshkey_sign(struct ssh ssh, struct sshkey key, u_char *sigp, size_t lenp,
223	int r;	224	int r;
224		225
225	debug3("%s entering", __func__);	226	debug3("%s entering", __func__);
226		227	if (sk_provider != NULL)
		228	fatal("%s: sk_provider != NULL", __func__);
227	if ((m = sshbuf_new()) == NULL)	229	if ((m = sshbuf_new()) == NULL)
228	fatal("%s: sshbuf_new failed", __func__);	230	fatal("%s: sshbuf_new failed", __func__);
229	if ((r = sshbuf_put_u32(m, ndx)) != 0 \|\|	231	if ((r = sshbuf_put_u32(m, ndx)) != 0 \|\|