diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-10-31 21:23:19 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-11-01 09:46:10 +1100 |
commit | 9a14c64c38fc14d0029f1c7bc70cf62cc7f0fdf9 (patch) | |
tree | d79bb8d66eeba8e353f18dac919cb65d0ad896c7 /sshconnect2.c | |
parent | 07da39f71d36fb547749a5b16aa8892e621a7e4a (diff) |
upstream: Refactor signing - use sshkey_sign for everything,
including the new U2F signatures.
Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign() like all other signature operations. This means that
we need to add a provider argument to sshkey_sign(), so most of this
change is mechanically adding that.
Suggested by / ok markus@
OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c
Diffstat (limited to 'sshconnect2.c')
-rw-r--r-- | sshconnect2.c | 17 |
1 files changed, 3 insertions, 14 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index 62f0c3e76..867d463d6 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect2.c,v 1.309 2019/10/31 21:18:28 djm Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.310 2019/10/31 21:23:19 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
@@ -1178,19 +1178,8 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp, | |||
1178 | } | 1178 | } |
1179 | sign_key = prv; | 1179 | sign_key = prv; |
1180 | } | 1180 | } |
1181 | 1181 | if ((r = sshkey_sign(sign_key, sigp, lenp, data, datalen, | |
1182 | if (sshkey_type_plain(sign_key->type) == KEY_ECDSA_SK) { | 1182 | alg, options.sk_provider, compat)) != 0) { |
1183 | if (options.sk_provider == NULL) { | ||
1184 | /* Shouldn't happen here; checked in pubkey_prepare() */ | ||
1185 | fatal("%s: missing SecurityKeyProvider", __func__); | ||
1186 | } | ||
1187 | if ((r = sshsk_ecdsa_sign(options.sk_provider, sign_key, | ||
1188 | sigp, lenp, data, datalen, compat)) != 0) { | ||
1189 | debug("%s: sshsk_ecdsa_sign: %s", __func__, ssh_err(r)); | ||
1190 | goto out; | ||
1191 | } | ||
1192 | } else if ((r = sshkey_sign(sign_key, sigp, lenp, data, datalen, | ||
1193 | alg, compat)) != 0) { | ||
1194 | debug("%s: sshkey_sign: %s", __func__, ssh_err(r)); | 1183 | debug("%s: sshkey_sign: %s", __func__, ssh_err(r)); |
1195 | goto out; | 1184 | goto out; |
1196 | } | 1185 | } |