version 1.52, 2017/06/09 06:40:24 |
version 1.53, 2017/06/28 01:09:22 |
|
|
|
|
/* Sign a certified key, (re-)generating the signed certblob. */ |
/* Sign a certified key, (re-)generating the signed certblob. */ |
int |
int |
sshkey_certify(struct sshkey *k, struct sshkey *ca, const char *alg) |
sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, |
|
sshkey_certify_signer *signer, void *signer_ctx) |
{ |
{ |
struct sshbuf *principals = NULL; |
struct sshbuf *principals = NULL; |
u_char *ca_blob = NULL, *sig_blob = NULL, nonce[32]; |
u_char *ca_blob = NULL, *sig_blob = NULL, nonce[32]; |
|
|
goto out; |
goto out; |
|
|
/* Sign the whole mess */ |
/* Sign the whole mess */ |
if ((ret = sshkey_sign(ca, &sig_blob, &sig_len, sshbuf_ptr(cert), |
if ((ret = signer(ca, &sig_blob, &sig_len, sshbuf_ptr(cert), |
sshbuf_len(cert), alg, 0)) != 0) |
sshbuf_len(cert), alg, 0, signer_ctx)) != 0) |
goto out; |
goto out; |
|
|
/* Append signature and we are done */ |
/* Append signature and we are done */ |
|
|
free(ca_blob); |
free(ca_blob); |
sshbuf_free(principals); |
sshbuf_free(principals); |
return ret; |
return ret; |
|
} |
|
|
|
static int |
|
default_key_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, |
|
const u_char *data, size_t datalen, |
|
const char *alg, u_int compat, void *ctx) |
|
{ |
|
if (ctx != NULL) |
|
return SSH_ERR_INVALID_ARGUMENT; |
|
return sshkey_sign(key, sigp, lenp, data, datalen, alg, compat); |
|
} |
|
|
|
int |
|
sshkey_certify(struct sshkey *k, struct sshkey *ca, const char *alg) |
|
{ |
|
return sshkey_certify_custom(k, ca, alg, default_key_sign, NULL); |
} |
} |
|
|
int |
int |