diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2019-10-31 21:23:19 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2019-11-01 09:46:10 +1100 |
| commit | 9a14c64c38fc14d0029f1c7bc70cf62cc7f0fdf9 (patch) | |
| tree | d79bb8d66eeba8e353f18dac919cb65d0ad896c7 /sshsig.c | |
| parent | 07da39f71d36fb547749a5b16aa8892e621a7e4a (diff) | |
| download | openssh-git-9a14c64c38fc14d0029f1c7bc70cf62cc7f0fdf9.tar.gz | |
upstream: Refactor signing - use sshkey_sign for everything,
including the new U2F signatures.
Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign() like all other signature operations. This means that
we need to add a provider argument to sshkey_sign(), so most of this
change is mechanically adding that.
Suggested by / ok markus@
OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c
Diffstat (limited to 'sshsig.c')
| -rw-r--r-- | sshsig.c | 21 |
1 files changed, 11 insertions, 10 deletions
@@ -151,8 +151,9 @@ done: static int sshsig_wrap_sign(struct sshkey *key, const char *hashalg, - const struct sshbuf *h_message, const char *sig_namespace, - struct sshbuf **out, sshsig_signer *signer, void *signer_ctx) + const char *sk_provider, const struct sshbuf *h_message, + const char *sig_namespace, struct sshbuf **out, + sshsig_signer *signer, void *signer_ctx) { int r; size_t slen = 0; @@ -184,14 +185,14 @@ sshsig_wrap_sign(struct sshkey *key, const char *hashalg, if (signer != NULL) { if ((r = signer(key, &sig, &slen, sshbuf_ptr(tosign), sshbuf_len(tosign), - sign_alg, 0, signer_ctx)) != 0) { + sign_alg, sk_provider, 0, signer_ctx)) != 0) { error("Couldn't sign message: %s", ssh_err(r)); goto done; } } else { if ((r = sshkey_sign(key, &sig, &slen, sshbuf_ptr(tosign), sshbuf_len(tosign), - sign_alg, 0)) != 0) { + sign_alg, sk_provider, 0)) != 0) { error("Couldn't sign message: %s", ssh_err(r)); goto done; } @@ -425,7 +426,7 @@ hash_buffer(const struct sshbuf *m, const char *hashalg, struct sshbuf **bp) } int -sshsig_signb(struct sshkey *key, const char *hashalg, +sshsig_signb(struct sshkey *key, const char *hashalg, const char *sk_provider, const struct sshbuf *message, const char *sig_namespace, struct sshbuf **out, sshsig_signer *signer, void *signer_ctx) { @@ -440,8 +441,8 @@ sshsig_signb(struct sshkey *key, const char *hashalg, error("%s: hash_buffer failed: %s", __func__, ssh_err(r)); goto out; } - if ((r = sshsig_wrap_sign(key, hashalg, b, sig_namespace, out, - signer, signer_ctx)) != 0) + if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, b, + sig_namespace, out, signer, signer_ctx)) != 0) goto out; /* success */ r = 0; @@ -551,7 +552,7 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp) } int -sshsig_sign_fd(struct sshkey *key, const char *hashalg, +sshsig_sign_fd(struct sshkey *key, const char *hashalg, const char *sk_provider, int fd, const char *sig_namespace, struct sshbuf **out, sshsig_signer *signer, void *signer_ctx) { @@ -566,8 +567,8 @@ sshsig_sign_fd(struct sshkey *key, const char *hashalg, error("%s: hash_file failed: %s", __func__, ssh_err(r)); return r; } - if ((r = sshsig_wrap_sign(key, hashalg, b, sig_namespace, out, - signer, signer_ctx)) != 0) + if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, b, + sig_namespace, out, signer, signer_ctx)) != 0) goto out; /* success */ r = 0; |