upstream: Refactor signing - use sshkey_sign for everything,

including the new U2F signatures.

Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign() like all other signature operations. This means that
we need to add a provider argument to sshkey_sign(), so most of this
change is mechanically adding that.

Suggested by / ok markus@

OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c

1 files changed, 3 insertions, 14 deletions

diff --git a/sshconnect2.c b/sshconnect2.c
index 62f0c3e7..867d463d 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.309 2019/10/31 21:18:28 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.310 2019/10/31 21:23:19 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -1178,19 +1178,8 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp,
 		}
 		sign_key = prv;
 	}
-
-	if (sshkey_type_plain(sign_key->type) == KEY_ECDSA_SK) {
-		if (options.sk_provider == NULL) {
-			/* Shouldn't happen here; checked in pubkey_prepare() */
-			fatal("%s: missing SecurityKeyProvider", __func__);
-		}
-		if ((r = sshsk_ecdsa_sign(options.sk_provider, sign_key,
-		    sigp, lenp, data, datalen, compat)) != 0) {
-			debug("%s: sshsk_ecdsa_sign: %s", __func__, ssh_err(r));
-			goto out;
-		}
-	} else if ((r = sshkey_sign(sign_key, sigp, lenp, data, datalen,
-	    alg, compat)) != 0) {
+	if ((r = sshkey_sign(sign_key, sigp, lenp, data, datalen,
+	    alg, options.sk_provider, compat)) != 0) {
 		debug("%s: sshkey_sign: %s", __func__, ssh_err(r));
 		goto out;
 	}