diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-11-19 22:23:19 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-11-20 09:27:29 +1100 |
commit | a70d92f236576c032a45c39e68ca0d71e958d19d (patch) | |
tree | 400d69ea26ab873458581f682a0a24e85bbac442 /ssh-sk.c | |
parent | 26369a5f7d9c4e4ef44a3e04910126e1bcea43d8 (diff) |
upstream: adjust on-wire signature encoding for ecdsa-sk keys to
better match ec25519-sk keys. Discussed with markus@ and Sebastian Kinne
NB. if you are depending on security keys (already?) then make sure you
update both your clients and servers.
OpenBSD-Commit-ID: 53d88d8211f0dd02a7954d3af72017b1a79c0679
Diffstat (limited to 'ssh-sk.c')
-rw-r--r-- | ssh-sk.c | 10 |
1 files changed, 5 insertions, 5 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-sk.c,v 1.15 2019/11/18 16:08:57 naddy Exp $ */ +/* $OpenBSD: ssh-sk.c,v 1.16 2019/11/19 22:23:19 djm Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -411,13 +411,13 @@ sshsk_ecdsa_sig(struct sk_sign_response *resp, struct sshbuf *sig) if ((r = sshbuf_put_bignum2_bytes(inner_sig, resp->sig_r, resp->sig_r_len)) != 0 || (r = sshbuf_put_bignum2_bytes(inner_sig, - resp->sig_s, resp->sig_s_len)) != 0 || - (r = sshbuf_put_u8(inner_sig, resp->flags)) != 0 || - (r = sshbuf_put_u32(inner_sig, resp->counter)) != 0) { + resp->sig_s, resp->sig_s_len)) != 0) { debug("%s: buffer error: %s", __func__, ssh_err(r)); goto out; } - if ((r = sshbuf_put_stringb(sig, inner_sig)) != 0) { + if ((r = sshbuf_put_stringb(sig, inner_sig)) != 0 || + (r = sshbuf_put_u8(sig, resp->flags)) != 0 || + (r = sshbuf_put_u32(sig, resp->counter)) != 0) { debug("%s: buffer error: %s", __func__, ssh_err(r)); goto out; } |