diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2019-11-19 22:23:20 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2019-11-19 22:23:20 +0000 |
| commit | a4a5109c7fd410bef0ec65532bc1c54d3c0590df (patch) | |
| tree | 5a33fc9f320f89526256a8c876bf12bc12674bc7 /usr.bin/ssh/ssh-ecdsa-sk.c | |
| parent | 5221e7a230a5e6cf7a52453fb450e6256c0e9231 (diff) | |
adjust on-wire signature encoding for ecdsa-sk keys to better match
ec25519-sk keys. Discussed with markus@ and Sebastian Kinne
NB. if you are depending on security keys (already?) then make sure you
update both your clients and servers.
Diffstat (limited to 'usr.bin/ssh/ssh-ecdsa-sk.c')
| -rw-r--r-- | usr.bin/ssh/ssh-ecdsa-sk.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/usr.bin/ssh/ssh-ecdsa-sk.c b/usr.bin/ssh/ssh-ecdsa-sk.c index 5edd904f262..1972865ec53 100644 --- a/usr.bin/ssh/ssh-ecdsa-sk.c +++ b/usr.bin/ssh/ssh-ecdsa-sk.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-ecdsa-sk.c,v 1.1 2019/10/31 21:15:14 djm Exp $ */ +/* $OpenBSD: ssh-ecdsa-sk.c,v 1.2 2019/11/19 22:23:19 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -73,7 +73,9 @@ ssh_ecdsa_sk_verify(const struct sshkey *key, if ((b = sshbuf_from(signature, signaturelen)) == NULL) return SSH_ERR_ALLOC_FAIL; if (sshbuf_get_cstring(b, &ktype, NULL) != 0 || - sshbuf_froms(b, &sigbuf) != 0) { + sshbuf_froms(b, &sigbuf) != 0 || + sshbuf_get_u8(b, &sig_flags) != 0 || + sshbuf_get_u32(b, &sig_counter) != 0) { ret = SSH_ERR_INVALID_FORMAT; goto out; } @@ -88,9 +90,7 @@ ssh_ecdsa_sk_verify(const struct sshkey *key, /* parse signature */ if (sshbuf_get_bignum2(sigbuf, &sig_r) != 0 || - sshbuf_get_bignum2(sigbuf, &sig_s) != 0 || - sshbuf_get_u8(sigbuf, &sig_flags) != 0 || - sshbuf_get_u32(sigbuf, &sig_counter) != 0) { + sshbuf_get_bignum2(sigbuf, &sig_s) != 0) { ret = SSH_ERR_INVALID_FORMAT; goto out; } |