summaryrefslogtreecommitdiff
path: root/sshconnect2.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2019-10-31 21:23:19 +0000
committerDamien Miller <djm@mindrot.org>2019-11-01 09:46:10 +1100
commit9a14c64c38fc14d0029f1c7bc70cf62cc7f0fdf9 (patch)
treed79bb8d66eeba8e353f18dac919cb65d0ad896c7 /sshconnect2.c
parent07da39f71d36fb547749a5b16aa8892e621a7e4a (diff)
upstream: Refactor signing - use sshkey_sign for everything,
including the new U2F signatures. Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that. Suggested by / ok markus@ OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c
Diffstat (limited to 'sshconnect2.c')
-rw-r--r--sshconnect2.c17
1 files changed, 3 insertions, 14 deletions
diff --git a/sshconnect2.c b/sshconnect2.c
index 62f0c3e76..867d463d6 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect2.c,v 1.309 2019/10/31 21:18:28 djm Exp $ */ 1/* $OpenBSD: sshconnect2.c,v 1.310 2019/10/31 21:23:19 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2008 Damien Miller. All rights reserved. 4 * Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -1178,19 +1178,8 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp,
1178 } 1178 }
1179 sign_key = prv; 1179 sign_key = prv;
1180 } 1180 }
1181 1181 if ((r = sshkey_sign(sign_key, sigp, lenp, data, datalen,
1182 if (sshkey_type_plain(sign_key->type) == KEY_ECDSA_SK) { 1182 alg, options.sk_provider, compat)) != 0) {
1183 if (options.sk_provider == NULL) {
1184 /* Shouldn't happen here; checked in pubkey_prepare() */
1185 fatal("%s: missing SecurityKeyProvider", __func__);
1186 }
1187 if ((r = sshsk_ecdsa_sign(options.sk_provider, sign_key,
1188 sigp, lenp, data, datalen, compat)) != 0) {
1189 debug("%s: sshsk_ecdsa_sign: %s", __func__, ssh_err(r));
1190 goto out;
1191 }
1192 } else if ((r = sshkey_sign(sign_key, sigp, lenp, data, datalen,
1193 alg, compat)) != 0) {
1194 debug("%s: sshkey_sign: %s", __func__, ssh_err(r)); 1183 debug("%s: sshkey_sign: %s", __func__, ssh_err(r));
1195 goto out; 1184 goto out;
1196 } 1185 }