upstream: Refactor signing - use sshkey_sign for everything,

including the new U2F signatures. Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that. Suggested by / ok markus@ OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c
author: djm@openbsd.org <djm@openbsd.org> 2019-10-31 21:23:19 +0000
committer: Damien Miller <djm@mindrot.org> 2019-11-01 09:46:10 +1100
commit: 9a14c64c38fc14d0029f1c7bc70cf62cc7f0fdf9 (patch)
tree: d79bb8d66eeba8e353f18dac919cb65d0ad896c7 /sshd.c
parent: 07da39f71d36fb547749a5b16aa8892e621a7e4a (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/sshd.c b/sshd.c
index cf7af1c61..e782a99f2 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.538 2019/10/29 07:47:27 dtucker Exp $ */
+/* $OpenBSD: sshd.c,v 1.539 2019/10/31 21:23:19 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2209,17 +2209,17 @@ sshd_hostkey_sign(struct ssh *ssh, struct sshkey *privkey,
        if (use_privsep) {
                if (privkey) {
                        if (mm_sshkey_sign(ssh, privkey, signature, slenp,
-                            data, dlen, alg, ssh->compat) < 0)
+                            data, dlen, alg, NULL, ssh->compat) < 0)
                                fatal("%s: privkey sign failed", __func__);
                } else {
                        if (mm_sshkey_sign(ssh, pubkey, signature, slenp,
-                            data, dlen, alg, ssh->compat) < 0)
+                            data, dlen, alg, NULL, ssh->compat) < 0)
                                fatal("%s: pubkey sign failed", __func__);
                }
        } else {
                if (privkey) {
                        if (sshkey_sign(privkey, signature, slenp, data, dlen,
-                            alg, ssh->compat) < 0)
+                            alg, NULL, ssh->compat) < 0)
                                fatal("%s: privkey sign failed", __func__);
                } else {
                        if ((r = ssh_agent_sign(auth_sock, pubkey,
author	djm@openbsd.org <djm@openbsd.org>	2019-10-31 21:23:19 +0000
committer	Damien Miller <djm@mindrot.org>	2019-11-01 09:46:10 +1100
commit	9a14c64c38fc14d0029f1c7bc70cf62cc7f0fdf9 (patch)
tree	d79bb8d66eeba8e353f18dac919cb65d0ad896c7 /sshd.c
parent	07da39f71d36fb547749a5b16aa8892e621a7e4a (diff)

diff --git a/sshd.c b/sshd.c index cf7af1c61..e782a99f2 100644 --- a/sshd.c +++ b/sshd.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sshd.c,v 1.538 2019/10/29 07:47:27 dtucker Exp $ */	1	/* $OpenBSD: sshd.c,v 1.539 2019/10/31 21:23:19 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2209,17 +2209,17 @@ sshd_hostkey_sign(struct ssh ssh, struct sshkey privkey,
2209	if (use_privsep) {	2209	if (use_privsep) {
2210	if (privkey) {	2210	if (privkey) {
2211	if (mm_sshkey_sign(ssh, privkey, signature, slenp,	2211	if (mm_sshkey_sign(ssh, privkey, signature, slenp,
2212	data, dlen, alg, ssh->compat) < 0)	2212	data, dlen, alg, NULL, ssh->compat) < 0)
2213	fatal("%s: privkey sign failed", __func__);	2213	fatal("%s: privkey sign failed", __func__);
2214	} else {	2214	} else {
2215	if (mm_sshkey_sign(ssh, pubkey, signature, slenp,	2215	if (mm_sshkey_sign(ssh, pubkey, signature, slenp,
2216	data, dlen, alg, ssh->compat) < 0)	2216	data, dlen, alg, NULL, ssh->compat) < 0)
2217	fatal("%s: pubkey sign failed", __func__);	2217	fatal("%s: pubkey sign failed", __func__);
2218	}	2218	}
2219	} else {	2219	} else {
2220	if (privkey) {	2220	if (privkey) {
2221	if (sshkey_sign(privkey, signature, slenp, data, dlen,	2221	if (sshkey_sign(privkey, signature, slenp, data, dlen,
2222	alg, ssh->compat) < 0)	2222	alg, NULL, ssh->compat) < 0)
2223	fatal("%s: privkey sign failed", __func__);	2223	fatal("%s: privkey sign failed", __func__);
2224	} else {	2224	} else {
2225	if ((r = ssh_agent_sign(auth_sock, pubkey,	2225	if ((r = ssh_agent_sign(auth_sock, pubkey,