upstream: Refactor signing - use sshkey_sign for everything,

including the new U2F signatures. Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that. Suggested by / ok markus@ OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c
author: djm@openbsd.org <djm@openbsd.org> 2019-10-31 21:23:19 +0000
committer: Damien Miller <djm@mindrot.org> 2019-11-01 09:46:10 +1100
commit: 9a14c64c38fc14d0029f1c7bc70cf62cc7f0fdf9 (patch)
tree: d79bb8d66eeba8e353f18dac919cb65d0ad896c7 /sshconnect2.c
parent: 07da39f71d36fb547749a5b16aa8892e621a7e4a (diff)
1 files changed, 3 insertions, 14 deletions
diff --git a/sshconnect2.c b/sshconnect2.c
index 62f0c3e76..867d463d6 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.309 2019/10/31 21:18:28 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.310 2019/10/31 21:23:19 djm Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -1178,19 +1178,8 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp,
                }
                sign_key = prv;
        }
+        if ((r = sshkey_sign(sign_key, sigp, lenp, data, datalen,
-        if (sshkey_type_plain(sign_key->type) == KEY_ECDSA_SK) {
+            alg, options.sk_provider, compat)) != 0) {
-                if (options.sk_provider == NULL) {
-                        /* Shouldn't happen here; checked in pubkey_prepare() */
-                        fatal("%s: missing SecurityKeyProvider", __func__);
-                }
-                if ((r = sshsk_ecdsa_sign(options.sk_provider, sign_key,
-                    sigp, lenp, data, datalen, compat)) != 0) {
-                        debug("%s: sshsk_ecdsa_sign: %s", __func__, ssh_err(r));
-                        goto out;
-                }
-        } else if ((r = sshkey_sign(sign_key, sigp, lenp, data, datalen,
-            alg, compat)) != 0) {
                debug("%s: sshkey_sign: %s", __func__, ssh_err(r));
                goto out;
        }
author	djm@openbsd.org <djm@openbsd.org>	2019-10-31 21:23:19 +0000
committer	Damien Miller <djm@mindrot.org>	2019-11-01 09:46:10 +1100
commit	9a14c64c38fc14d0029f1c7bc70cf62cc7f0fdf9 (patch)
tree	d79bb8d66eeba8e353f18dac919cb65d0ad896c7 /sshconnect2.c
parent	07da39f71d36fb547749a5b16aa8892e621a7e4a (diff)

diff --git a/sshconnect2.c b/sshconnect2.c index 62f0c3e76..867d463d6 100644 --- a/sshconnect2.c +++ b/sshconnect2.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sshconnect2.c,v 1.309 2019/10/31 21:18:28 djm Exp $ */	1	/* $OpenBSD: sshconnect2.c,v 1.310 2019/10/31 21:23:19 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000 Markus Friedl. All rights reserved.
4	* Copyright (c) 2008 Damien Miller. All rights reserved.	4	* Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -1178,19 +1178,8 @@ identity_sign(struct identity id, u_char sigp, size_t lenp,
1178	}	1178	}
1179	sign_key = prv;	1179	sign_key = prv;
1180	}	1180	}
1181		1181	if ((r = sshkey_sign(sign_key, sigp, lenp, data, datalen,
1182	if (sshkey_type_plain(sign_key->type) == KEY_ECDSA_SK) {	1182	alg, options.sk_provider, compat)) != 0) {
1183	if (options.sk_provider == NULL) {
1184	/* Shouldn't happen here; checked in pubkey_prepare() */
1185	fatal("%s: missing SecurityKeyProvider", __func__);
1186	}
1187	if ((r = sshsk_ecdsa_sign(options.sk_provider, sign_key,
1188	sigp, lenp, data, datalen, compat)) != 0) {
1189	debug("%s: sshsk_ecdsa_sign: %s", __func__, ssh_err(r));
1190	goto out;
1191	}
1192	} else if ((r = sshkey_sign(sign_key, sigp, lenp, data, datalen,
1193	alg, compat)) != 0) {
1194	debug("%s: sshkey_sign: %s", __func__, ssh_err(r));	1183	debug("%s: sshkey_sign: %s", __func__, ssh_err(r));
1195	goto out;	1184	goto out;
1196	}	1185	}