upstream: Refactor signing - use sshkey_sign for everything,

including the new U2F signatures.

Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign() like all other signature operations. This means that
we need to add a provider argument to sshkey_sign(), so most of this
change is mechanically adding that.

Suggested by / ok markus@

OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c

1 files changed, 4 insertions, 3 deletions

diff --git a/ssh-agent.c b/ssh-agent.c
index 6bf9536fb..07f19c53a 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.238 2019/10/31 21:22:01 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.239 2019/10/31 21:23:19 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -430,12 +430,13 @@ process_sign_request2(SocketEntry *e)
                 if ((r = provider_sign(id->sk_provider, id->key, &signature,
                     &slen, data, dlen, agent_decode_alg(key, flags),
                     compat)) != 0) {
-                        error("%s: sshkey_sign: %s", __func__, ssh_err(r));
+                        error("%s: sign: %s", __func__, ssh_err(r));
                         goto send;
                 }
         } else {
                 if ((r = sshkey_sign(id->key, &signature, &slen,
-                    data, dlen, agent_decode_alg(key, flags), compat)) != 0) {
+                    data, dlen, agent_decode_alg(key, flags),
+                    NULL, compat)) != 0) {
                         error("%s: sshkey_sign: %s", __func__, ssh_err(r));
                         goto send;
                 }