From 56584cce75f3d20aaa30befc7cbd331d922927f3 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Sun, 15 Dec 2019 18:57:30 +0000
Subject: upstream: allow security keys to act as host keys as well as user

keys.

Previously we didn't do this because we didn't want to expose
the attack surface presented by USB and FIDO protocol handling,
but now that this is insulated behind ssh-sk-helper there is
less risk.

ok markus@

OpenBSD-Commit-ID: 77b068dd133b8d87e0f010987bd5131e640ee64c
---
 monitor.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'monitor.c')

diff --git a/monitor.c b/monitor.c
index 64eca98d..6ee44204 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.205 2019/11/25 10:23:36 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.206 2019/12/15 18:57:30 djm Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -679,7 +679,7 @@ mm_answer_sign(struct ssh *ssh, int sock, struct sshbuf *m)
 
 	if ((key = get_hostkey_by_index(keyid)) != NULL) {
 		if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg,
-		    NULL, compat)) != 0)
+		    options.sk_provider, compat)) != 0)
 			fatal("%s: sshkey_sign failed: %s",
 			    __func__, ssh_err(r));
 	} else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL &&
-- 
cgit v1.2.1