version 1.357, 2019/10/31 21:17:09 |
version 1.358, 2019/10/31 21:23:19 |
|
|
error("%s: remaining bytes in key blob %d", __func__, rlen); |
error("%s: remaining bytes in key blob %d", __func__, rlen); |
|
|
/* try the key */ |
/* try the key */ |
if (sshkey_sign(key, &sig, &slen, data, sizeof(data), NULL, 0) != 0 || |
if (sshkey_sign(key, &sig, &slen, data, sizeof(data), |
sshkey_verify(key, sig, slen, data, sizeof(data), NULL, 0) != 0) { |
NULL, NULL, 0) != 0 || |
|
sshkey_verify(key, sig, slen, data, sizeof(data), |
|
NULL, 0) != 0) { |
sshkey_free(key); |
sshkey_free(key); |
free(sig); |
free(sig); |
return NULL; |
return NULL; |
|
|
static int |
static int |
agent_signer(struct sshkey *key, u_char **sigp, size_t *lenp, |
agent_signer(struct sshkey *key, u_char **sigp, size_t *lenp, |
const u_char *data, size_t datalen, |
const u_char *data, size_t datalen, |
const char *alg, u_int compat, void *ctx) |
const char *alg, const char *sk_provider, u_int compat, void *ctx) |
{ |
{ |
int *agent_fdp = (int *)ctx; |
int *agent_fdp = (int *)ctx; |
|
|
|
|
|
|
if (agent_fd != -1 && (ca->flags & SSHKEY_FLAG_EXT) != 0) { |
if (agent_fd != -1 && (ca->flags & SSHKEY_FLAG_EXT) != 0) { |
if ((r = sshkey_certify_custom(public, ca, |
if ((r = sshkey_certify_custom(public, ca, |
key_type_name, agent_signer, &agent_fd)) != 0) |
key_type_name, sk_provider, agent_signer, |
|
&agent_fd)) != 0) |
fatal("Couldn't certify key %s via agent: %s", |
fatal("Couldn't certify key %s via agent: %s", |
tmp, ssh_err(r)); |
tmp, ssh_err(r)); |
} else { |
} else { |
if ((sshkey_certify(public, ca, key_type_name)) != 0) |
if ((sshkey_certify(public, ca, key_type_name, |
|
sk_provider)) != 0) |
fatal("Couldn't certify key %s: %s", |
fatal("Couldn't certify key %s: %s", |
tmp, ssh_err(r)); |
tmp, ssh_err(r)); |
} |
} |
|
|
else |
else |
fprintf(stderr, "Signing file %s\n", filename); |
fprintf(stderr, "Signing file %s\n", filename); |
} |
} |
if ((r = sshsig_sign_fd(signkey, NULL, fd, sig_namespace, |
if ((r = sshsig_sign_fd(signkey, NULL, sk_provider, fd, sig_namespace, |
&sigbuf, signer, signer_ctx)) != 0) { |
&sigbuf, signer, signer_ctx)) != 0) { |
error("Signing %s failed: %s", filename, ssh_err(r)); |
error("Signing %s failed: %s", filename, ssh_err(r)); |
goto out; |
goto out; |