[openssh-commits] [openssh] 07/07: upstream: adapt dummy FIDO middleware to API change; ok markus@

git+noreply at mindrot.org git+noreply at mindrot.org
Fri May 1 13:13:48 AEST 2020 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit a01817a9f63dbcbbc6293aacc4019993a4cdc7e3
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Tue Apr 28 04:59:29 2020 +0000

    upstream: adapt dummy FIDO middleware to API change; ok markus@
    
    OpenBSD-Regress-ID: 8bb84ee500c2eaa5616044314dd0247709a1790f
---
 regress/misc/sk-dummy/sk-dummy.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/regress/misc/sk-dummy/sk-dummy.c b/regress/misc/sk-dummy/sk-dummy.c
index dca158de..f3acb2fb 100644
--- a/regress/misc/sk-dummy/sk-dummy.c
+++ b/regress/misc/sk-dummy/sk-dummy.c
@@ -47,7 +47,7 @@
 	} while (0)
 #endif
 
-#if SSH_SK_VERSION_MAJOR != 0x00040000
+#if SSH_SK_VERSION_MAJOR != 0x00050000
 # error SK API has changed, sk-dummy.c needs an update
 #endif
 
@@ -468,13 +468,15 @@ sig_ed25519(const uint8_t *message, size_t message_len,
 }
 
 int
-sk_sign(uint32_t alg, const uint8_t *message, size_t message_len,
+sk_sign(uint32_t alg, const uint8_t *data, size_t datalen,
     const char *application, const uint8_t *key_handle, size_t key_handle_len,
     uint8_t flags, const char *pin, struct sk_option **options,
     struct sk_sign_response **sign_response)
 {
 	struct sk_sign_response *response = NULL;
 	int ret = SSH_SK_ERR_GENERAL;
+	SHA256_CTX ctx;
+	uint8_t message[32];
 
 	if (sign_response == NULL) {
 		skdebug(__func__, "sign_response == NULL");
@@ -487,17 +489,20 @@ sk_sign(uint32_t alg, const uint8_t *message, size_t message_len,
 		skdebug(__func__, "calloc response failed");
 		goto out;
 	}
+	SHA256_Init(&ctx);
+	SHA256_Update(&ctx, data, datalen);
+	SHA256_Final(message, &ctx);
 	response->flags = flags;
 	response->counter = 0x12345678;
 	switch(alg) {
 	case SSH_SK_ECDSA:
-		if (sig_ecdsa(message, message_len, application,
+		if (sig_ecdsa(message, sizeof(message), application,
 		    response->counter, flags, key_handle, key_handle_len,
 		    response) != 0)
 			goto out;
 		break;
 	case SSH_SK_ED25519:
-		if (sig_ed25519(message, message_len, application,
+		if (sig_ed25519(message, sizeof(message), application,
 		    response->counter, flags, key_handle, key_handle_len,
 		    response) != 0)
 			goto out;
@@ -510,6 +515,7 @@ sk_sign(uint32_t alg, const uint8_t *message, size_t message_len,
 	response = NULL;
 	ret = 0;
  out:
+	explicit_bzero(message, sizeof(message));
 	if (response != NULL) {
 		free(response->sig_r);
 		free(response->sig_s);

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list