diff options
Diffstat (limited to 'ssh-sk.c')
| -rw-r--r-- | ssh-sk.c | 20 |
1 files changed, 7 insertions, 13 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-sk.c,v 1.27 2020/02/06 22:30:54 naddy Exp $ */ | 1 | /* $OpenBSD: ssh-sk.c,v 1.30 2020/04/28 04:02:29 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2019 Google LLC | 3 | * Copyright (c) 2019 Google LLC |
| 4 | * | 4 | * |
| @@ -100,6 +100,10 @@ sshsk_open(const char *path) | |||
| 100 | struct sshsk_provider *ret = NULL; | 100 | struct sshsk_provider *ret = NULL; |
| 101 | uint32_t version; | 101 | uint32_t version; |
| 102 | 102 | ||
| 103 | if (path == NULL || *path == '\0') { | ||
| 104 | error("No FIDO SecurityKeyProvider specified"); | ||
| 105 | return NULL; | ||
| 106 | } | ||
| 103 | if ((ret = calloc(1, sizeof(*ret))) == NULL) { | 107 | if ((ret = calloc(1, sizeof(*ret))) == NULL) { |
| 104 | error("%s: calloc failed", __func__); | 108 | error("%s: calloc failed", __func__); |
| 105 | return NULL; | 109 | return NULL; |
| @@ -598,7 +602,7 @@ sshsk_ed25519_sig(struct sk_sign_response *resp, struct sshbuf *sig) | |||
| 598 | #endif | 602 | #endif |
| 599 | r = 0; | 603 | r = 0; |
| 600 | out: | 604 | out: |
| 601 | return 0; | 605 | return r; |
| 602 | } | 606 | } |
| 603 | 607 | ||
| 604 | int | 608 | int |
| @@ -611,7 +615,6 @@ sshsk_sign(const char *provider_path, struct sshkey *key, | |||
| 611 | int type, alg; | 615 | int type, alg; |
| 612 | struct sk_sign_response *resp = NULL; | 616 | struct sk_sign_response *resp = NULL; |
| 613 | struct sshbuf *inner_sig = NULL, *sig = NULL; | 617 | struct sshbuf *inner_sig = NULL, *sig = NULL; |
| 614 | uint8_t message[32]; | ||
| 615 | struct sk_option **opts = NULL; | 618 | struct sk_option **opts = NULL; |
| 616 | 619 | ||
| 617 | debug("%s: provider \"%s\", key %s, flags 0x%02x%s", __func__, | 620 | debug("%s: provider \"%s\", key %s, flags 0x%02x%s", __func__, |
| @@ -646,15 +649,7 @@ sshsk_sign(const char *provider_path, struct sshkey *key, | |||
| 646 | goto out; | 649 | goto out; |
| 647 | } | 650 | } |
| 648 | 651 | ||
| 649 | /* hash data to be signed before it goes to the security key */ | 652 | if ((r = skp->sk_sign(alg, data, datalen, key->sk_application, |
| 650 | if ((r = ssh_digest_memory(SSH_DIGEST_SHA256, data, datalen, | ||
| 651 | message, sizeof(message))) != 0) { | ||
| 652 | error("%s: hash application failed: %s", __func__, ssh_err(r)); | ||
| 653 | r = SSH_ERR_INTERNAL_ERROR; | ||
| 654 | goto out; | ||
| 655 | } | ||
| 656 | if ((r = skp->sk_sign(alg, message, sizeof(message), | ||
| 657 | key->sk_application, | ||
| 658 | sshbuf_ptr(key->sk_key_handle), sshbuf_len(key->sk_key_handle), | 653 | sshbuf_ptr(key->sk_key_handle), sshbuf_len(key->sk_key_handle), |
| 659 | key->sk_flags, pin, opts, &resp)) != 0) { | 654 | key->sk_flags, pin, opts, &resp)) != 0) { |
| 660 | debug("%s: sk_sign failed with code %d", __func__, r); | 655 | debug("%s: sk_sign failed with code %d", __func__, r); |
| @@ -703,7 +698,6 @@ sshsk_sign(const char *provider_path, struct sshkey *key, | |||
| 703 | r = 0; | 698 | r = 0; |
| 704 | out: | 699 | out: |
| 705 | sshsk_free_options(opts); | 700 | sshsk_free_options(opts); |
| 706 | explicit_bzero(message, sizeof(message)); | ||
| 707 | sshsk_free(skp); | 701 | sshsk_free(skp); |
| 708 | sshsk_free_sign_response(resp); | 702 | sshsk_free_sign_response(resp); |
| 709 | sshbuf_free(sig); | 703 | sshbuf_free(sig); |