summaryrefslogtreecommitdiff
path: root/ssh-sk.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2019-11-19 22:23:19 +0000
committerDamien Miller <djm@mindrot.org>2019-11-20 09:27:29 +1100
commita70d92f236576c032a45c39e68ca0d71e958d19d (patch)
tree400d69ea26ab873458581f682a0a24e85bbac442 /ssh-sk.c
parent26369a5f7d9c4e4ef44a3e04910126e1bcea43d8 (diff)
upstream: adjust on-wire signature encoding for ecdsa-sk keys to
better match ec25519-sk keys. Discussed with markus@ and Sebastian Kinne NB. if you are depending on security keys (already?) then make sure you update both your clients and servers. OpenBSD-Commit-ID: 53d88d8211f0dd02a7954d3af72017b1a79c0679
Diffstat (limited to 'ssh-sk.c')
-rw-r--r--ssh-sk.c10
1 files changed, 5 insertions, 5 deletions
diff --git a/ssh-sk.c b/ssh-sk.c
index df2f040ef..2b25c42ff 100644
--- a/ssh-sk.c
+++ b/ssh-sk.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-sk.c,v 1.15 2019/11/18 16:08:57 naddy Exp $ */ 1/* $OpenBSD: ssh-sk.c,v 1.16 2019/11/19 22:23:19 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2019 Google LLC 3 * Copyright (c) 2019 Google LLC
4 * 4 *
@@ -411,13 +411,13 @@ sshsk_ecdsa_sig(struct sk_sign_response *resp, struct sshbuf *sig)
411 if ((r = sshbuf_put_bignum2_bytes(inner_sig, 411 if ((r = sshbuf_put_bignum2_bytes(inner_sig,
412 resp->sig_r, resp->sig_r_len)) != 0 || 412 resp->sig_r, resp->sig_r_len)) != 0 ||
413 (r = sshbuf_put_bignum2_bytes(inner_sig, 413 (r = sshbuf_put_bignum2_bytes(inner_sig,
414 resp->sig_s, resp->sig_s_len)) != 0 || 414 resp->sig_s, resp->sig_s_len)) != 0) {
415 (r = sshbuf_put_u8(inner_sig, resp->flags)) != 0 ||
416 (r = sshbuf_put_u32(inner_sig, resp->counter)) != 0) {
417 debug("%s: buffer error: %s", __func__, ssh_err(r)); 415 debug("%s: buffer error: %s", __func__, ssh_err(r));
418 goto out; 416 goto out;
419 } 417 }
420 if ((r = sshbuf_put_stringb(sig, inner_sig)) != 0) { 418 if ((r = sshbuf_put_stringb(sig, inner_sig)) != 0 ||
419 (r = sshbuf_put_u8(sig, resp->flags)) != 0 ||
420 (r = sshbuf_put_u32(sig, resp->counter)) != 0) {
421 debug("%s: buffer error: %s", __func__, ssh_err(r)); 421 debug("%s: buffer error: %s", __func__, ssh_err(r));
422 goto out; 422 goto out;
423 } 423 }