diff options
Diffstat (limited to 'ssh-keygen.c')
-rw-r--r-- | ssh-keygen.c | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index ad7a2b4e0..14bf2560d 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keygen.c,v 1.357 2019/10/31 21:17:09 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.358 2019/10/31 21:23:19 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -577,8 +577,10 @@ do_convert_private_ssh2(struct sshbuf *b) | |||
577 | error("%s: remaining bytes in key blob %d", __func__, rlen); | 577 | error("%s: remaining bytes in key blob %d", __func__, rlen); |
578 | 578 | ||
579 | /* try the key */ | 579 | /* try the key */ |
580 | if (sshkey_sign(key, &sig, &slen, data, sizeof(data), NULL, 0) != 0 || | 580 | if (sshkey_sign(key, &sig, &slen, data, sizeof(data), |
581 | sshkey_verify(key, sig, slen, data, sizeof(data), NULL, 0) != 0) { | 581 | NULL, NULL, 0) != 0 || |
582 | sshkey_verify(key, sig, slen, data, sizeof(data), | ||
583 | NULL, 0) != 0) { | ||
582 | sshkey_free(key); | 584 | sshkey_free(key); |
583 | free(sig); | 585 | free(sig); |
584 | return NULL; | 586 | return NULL; |
@@ -1709,7 +1711,7 @@ load_pkcs11_key(char *path) | |||
1709 | static int | 1711 | static int |
1710 | agent_signer(struct sshkey *key, u_char **sigp, size_t *lenp, | 1712 | agent_signer(struct sshkey *key, u_char **sigp, size_t *lenp, |
1711 | const u_char *data, size_t datalen, | 1713 | const u_char *data, size_t datalen, |
1712 | const char *alg, u_int compat, void *ctx) | 1714 | const char *alg, const char *sk_provider, u_int compat, void *ctx) |
1713 | { | 1715 | { |
1714 | int *agent_fdp = (int *)ctx; | 1716 | int *agent_fdp = (int *)ctx; |
1715 | 1717 | ||
@@ -1821,11 +1823,13 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent, | |||
1821 | 1823 | ||
1822 | if (agent_fd != -1 && (ca->flags & SSHKEY_FLAG_EXT) != 0) { | 1824 | if (agent_fd != -1 && (ca->flags & SSHKEY_FLAG_EXT) != 0) { |
1823 | if ((r = sshkey_certify_custom(public, ca, | 1825 | if ((r = sshkey_certify_custom(public, ca, |
1824 | key_type_name, agent_signer, &agent_fd)) != 0) | 1826 | key_type_name, sk_provider, agent_signer, |
1827 | &agent_fd)) != 0) | ||
1825 | fatal("Couldn't certify key %s via agent: %s", | 1828 | fatal("Couldn't certify key %s via agent: %s", |
1826 | tmp, ssh_err(r)); | 1829 | tmp, ssh_err(r)); |
1827 | } else { | 1830 | } else { |
1828 | if ((sshkey_certify(public, ca, key_type_name)) != 0) | 1831 | if ((sshkey_certify(public, ca, key_type_name, |
1832 | sk_provider)) != 0) | ||
1829 | fatal("Couldn't certify key %s: %s", | 1833 | fatal("Couldn't certify key %s: %s", |
1830 | tmp, ssh_err(r)); | 1834 | tmp, ssh_err(r)); |
1831 | } | 1835 | } |
@@ -2507,7 +2511,7 @@ sign_one(struct sshkey *signkey, const char *filename, int fd, | |||
2507 | else | 2511 | else |
2508 | fprintf(stderr, "Signing file %s\n", filename); | 2512 | fprintf(stderr, "Signing file %s\n", filename); |
2509 | } | 2513 | } |
2510 | if ((r = sshsig_sign_fd(signkey, NULL, fd, sig_namespace, | 2514 | if ((r = sshsig_sign_fd(signkey, NULL, sk_provider, fd, sig_namespace, |
2511 | &sigbuf, signer, signer_ctx)) != 0) { | 2515 | &sigbuf, signer, signer_ctx)) != 0) { |
2512 | error("Signing %s failed: %s", filename, ssh_err(r)); | 2516 | error("Signing %s failed: %s", filename, ssh_err(r)); |
2513 | goto out; | 2517 | goto out; |