diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-11-19 22:23:19 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-11-20 09:27:29 +1100 |
commit | a70d92f236576c032a45c39e68ca0d71e958d19d (patch) | |
tree | 400d69ea26ab873458581f682a0a24e85bbac442 /ssh-sk.c | |
parent | 26369a5f7d9c4e4ef44a3e04910126e1bcea43d8 (diff) |
upstream: adjust on-wire signature encoding for ecdsa-sk keys to
better match ec25519-sk keys. Discussed with markus@ and Sebastian Kinne
NB. if you are depending on security keys (already?) then make sure you
update both your clients and servers.
OpenBSD-Commit-ID: 53d88d8211f0dd02a7954d3af72017b1a79c0679
Diffstat (limited to 'ssh-sk.c')
-rw-r--r-- | ssh-sk.c | 10 |
1 files changed, 5 insertions, 5 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-sk.c,v 1.15 2019/11/18 16:08:57 naddy Exp $ */ | 1 | /* $OpenBSD: ssh-sk.c,v 1.16 2019/11/19 22:23:19 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2019 Google LLC | 3 | * Copyright (c) 2019 Google LLC |
4 | * | 4 | * |
@@ -411,13 +411,13 @@ sshsk_ecdsa_sig(struct sk_sign_response *resp, struct sshbuf *sig) | |||
411 | if ((r = sshbuf_put_bignum2_bytes(inner_sig, | 411 | if ((r = sshbuf_put_bignum2_bytes(inner_sig, |
412 | resp->sig_r, resp->sig_r_len)) != 0 || | 412 | resp->sig_r, resp->sig_r_len)) != 0 || |
413 | (r = sshbuf_put_bignum2_bytes(inner_sig, | 413 | (r = sshbuf_put_bignum2_bytes(inner_sig, |
414 | resp->sig_s, resp->sig_s_len)) != 0 || | 414 | resp->sig_s, resp->sig_s_len)) != 0) { |
415 | (r = sshbuf_put_u8(inner_sig, resp->flags)) != 0 || | ||
416 | (r = sshbuf_put_u32(inner_sig, resp->counter)) != 0) { | ||
417 | debug("%s: buffer error: %s", __func__, ssh_err(r)); | 415 | debug("%s: buffer error: %s", __func__, ssh_err(r)); |
418 | goto out; | 416 | goto out; |
419 | } | 417 | } |
420 | if ((r = sshbuf_put_stringb(sig, inner_sig)) != 0) { | 418 | if ((r = sshbuf_put_stringb(sig, inner_sig)) != 0 || |
419 | (r = sshbuf_put_u8(sig, resp->flags)) != 0 || | ||
420 | (r = sshbuf_put_u32(sig, resp->counter)) != 0) { | ||
421 | debug("%s: buffer error: %s", __func__, ssh_err(r)); | 421 | debug("%s: buffer error: %s", __func__, ssh_err(r)); |
422 | goto out; | 422 | goto out; |
423 | } | 423 | } |