upstream: use ssh-sk-helper for all security key signing operations

This extracts and refactors the client interface for ssh-sk-helper
from ssh-agent and generalises it for use by the other programs.
This means that most OpenSSH tools no longer need to link against
libfido2 or directly interact with /dev/uhid*

requested by, feedback and ok markus@

OpenBSD-Commit-ID: 1abcd3aea9a7460eccfbf8ca154cdfa62f1dc93f

1 files changed, 5 insertions, 10 deletions

diff --git a/sshkey.c b/sshkey.c
index 920c0dc3..674303c3 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.c,v 1.96 2019/11/25 00:51:37 djm Exp $ */
+/* $OpenBSD: sshkey.c,v 1.97 2019/12/13 19:09:10 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Alexander von Gernler.  All rights reserved.
@@ -2750,13 +2750,6 @@ sshkey_sign(struct sshkey *key,
 	case KEY_ECDSA:
 		r = ssh_ecdsa_sign(key, sigp, lenp, data, datalen, compat);
 		break;
-#  ifdef ENABLE_SK
-	case KEY_ECDSA_SK_CERT:
-	case KEY_ECDSA_SK:
-		r = sshsk_sign(sk_provider, key, sigp, lenp, data, datalen,
-		    compat);
-		break;
-#  endif /* ENABLE_SK */
 # endif /* OPENSSL_HAS_ECC */
 	case KEY_RSA_CERT:
 	case KEY_RSA:
@@ -2770,8 +2763,10 @@ sshkey_sign(struct sshkey *key,
 #ifdef ENABLE_SK
 	case KEY_ED25519_SK:
 	case KEY_ED25519_SK_CERT:
-		r = sshsk_sign(sk_provider, key, sigp, lenp, data, datalen,
-		    compat);
+	case KEY_ECDSA_SK_CERT:
+	case KEY_ECDSA_SK:
+		r = sshsk_sign(sk_provider, key, sigp, lenp, data,
+		    datalen, compat);
 		break;
 #endif /* ENABLE_SK */
 #ifdef WITH_XMSS