diff options
Diffstat (limited to 'sshkey.c')
-rw-r--r-- | sshkey.c | 20 |
1 files changed, 11 insertions, 9 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshkey.c,v 1.110 2020/06/24 15:07:33 markus Exp $ */ | 1 | /* $OpenBSD: sshkey.c,v 1.111 2020/08/27 01:06:19 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Alexander von Gernler. All rights reserved. | 4 | * Copyright (c) 2008 Alexander von Gernler. All rights reserved. |
@@ -2727,7 +2727,7 @@ int | |||
2727 | sshkey_sign(struct sshkey *key, | 2727 | sshkey_sign(struct sshkey *key, |
2728 | u_char **sigp, size_t *lenp, | 2728 | u_char **sigp, size_t *lenp, |
2729 | const u_char *data, size_t datalen, | 2729 | const u_char *data, size_t datalen, |
2730 | const char *alg, const char *sk_provider, u_int compat) | 2730 | const char *alg, const char *sk_provider, const char *sk_pin, u_int compat) |
2731 | { | 2731 | { |
2732 | int was_shielded = sshkey_is_shielded(key); | 2732 | int was_shielded = sshkey_is_shielded(key); |
2733 | int r2, r = SSH_ERR_INTERNAL_ERROR; | 2733 | int r2, r = SSH_ERR_INTERNAL_ERROR; |
@@ -2766,7 +2766,7 @@ sshkey_sign(struct sshkey *key, | |||
2766 | case KEY_ECDSA_SK_CERT: | 2766 | case KEY_ECDSA_SK_CERT: |
2767 | case KEY_ECDSA_SK: | 2767 | case KEY_ECDSA_SK: |
2768 | r = sshsk_sign(sk_provider, key, sigp, lenp, data, | 2768 | r = sshsk_sign(sk_provider, key, sigp, lenp, data, |
2769 | datalen, compat, /* XXX PIN */ NULL); | 2769 | datalen, compat, sk_pin); |
2770 | break; | 2770 | break; |
2771 | #ifdef WITH_XMSS | 2771 | #ifdef WITH_XMSS |
2772 | case KEY_XMSS: | 2772 | case KEY_XMSS: |
@@ -2888,7 +2888,8 @@ sshkey_drop_cert(struct sshkey *k) | |||
2888 | /* Sign a certified key, (re-)generating the signed certblob. */ | 2888 | /* Sign a certified key, (re-)generating the signed certblob. */ |
2889 | int | 2889 | int |
2890 | sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, | 2890 | sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, |
2891 | const char *sk_provider, sshkey_certify_signer *signer, void *signer_ctx) | 2891 | const char *sk_provider, const char *sk_pin, |
2892 | sshkey_certify_signer *signer, void *signer_ctx) | ||
2892 | { | 2893 | { |
2893 | struct sshbuf *principals = NULL; | 2894 | struct sshbuf *principals = NULL; |
2894 | u_char *ca_blob = NULL, *sig_blob = NULL, nonce[32]; | 2895 | u_char *ca_blob = NULL, *sig_blob = NULL, nonce[32]; |
@@ -3026,7 +3027,7 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, | |||
3026 | 3027 | ||
3027 | /* Sign the whole mess */ | 3028 | /* Sign the whole mess */ |
3028 | if ((ret = signer(ca, &sig_blob, &sig_len, sshbuf_ptr(cert), | 3029 | if ((ret = signer(ca, &sig_blob, &sig_len, sshbuf_ptr(cert), |
3029 | sshbuf_len(cert), alg, sk_provider, 0, signer_ctx)) != 0) | 3030 | sshbuf_len(cert), alg, sk_provider, sk_pin, 0, signer_ctx)) != 0) |
3030 | goto out; | 3031 | goto out; |
3031 | /* Check and update signature_type against what was actually used */ | 3032 | /* Check and update signature_type against what was actually used */ |
3032 | if ((ret = sshkey_get_sigtype(sig_blob, sig_len, &sigtype)) != 0) | 3033 | if ((ret = sshkey_get_sigtype(sig_blob, sig_len, &sigtype)) != 0) |
@@ -3056,19 +3057,20 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, | |||
3056 | static int | 3057 | static int |
3057 | default_key_sign(struct sshkey *key, u_char **sigp, size_t *lenp, | 3058 | default_key_sign(struct sshkey *key, u_char **sigp, size_t *lenp, |
3058 | const u_char *data, size_t datalen, | 3059 | const u_char *data, size_t datalen, |
3059 | const char *alg, const char *sk_provider, u_int compat, void *ctx) | 3060 | const char *alg, const char *sk_provider, const char *sk_pin, |
3061 | u_int compat, void *ctx) | ||
3060 | { | 3062 | { |
3061 | if (ctx != NULL) | 3063 | if (ctx != NULL) |
3062 | return SSH_ERR_INVALID_ARGUMENT; | 3064 | return SSH_ERR_INVALID_ARGUMENT; |
3063 | return sshkey_sign(key, sigp, lenp, data, datalen, alg, | 3065 | return sshkey_sign(key, sigp, lenp, data, datalen, alg, |
3064 | sk_provider, compat); | 3066 | sk_provider, sk_pin, compat); |
3065 | } | 3067 | } |
3066 | 3068 | ||
3067 | int | 3069 | int |
3068 | sshkey_certify(struct sshkey *k, struct sshkey *ca, const char *alg, | 3070 | sshkey_certify(struct sshkey *k, struct sshkey *ca, const char *alg, |
3069 | const char *sk_provider) | 3071 | const char *sk_provider, const char *sk_pin) |
3070 | { | 3072 | { |
3071 | return sshkey_certify_custom(k, ca, alg, sk_provider, | 3073 | return sshkey_certify_custom(k, ca, alg, sk_provider, sk_pin, |
3072 | default_key_sign, NULL); | 3074 | default_key_sign, NULL); |
3073 | } | 3075 | } |
3074 | 3076 | ||