Blame fb87_sk_ecdsa_webauthn.patch
|
Ben Homer |
ebf6e1 |
Index: openssh-8.7p1/ssh-ecdsa-sk.c
|
|
Ben Homer |
ebf6e1 |
===================================================================
|
|
Ben Homer |
ebf6e1 |
--- openssh-8.7p1.orig/ssh-ecdsa-sk.c
|
|
Ben Homer |
ebf6e1 |
+++ openssh-8.7p1/ssh-ecdsa-sk.c
|
|
Ben Homer |
ebf6e1 |
@@ -191,14 +191,17 @@ ssh_ecdsa_sk_verify(const struct sshkey
|
|
Ben Homer |
ebf6e1 |
ret = SSH_ERR_INVALID_FORMAT;
|
|
Ben Homer |
ebf6e1 |
goto out;
|
|
Ben Homer |
ebf6e1 |
}
|
|
Ben Homer |
ebf6e1 |
- if (is_webauthn) {
|
|
Ben Homer |
ebf6e1 |
- if (sshbuf_get_cstring(b, &webauthn_origin, NULL) != 0 ||
|
|
Ben Homer |
ebf6e1 |
- sshbuf_froms(b, &webauthn_wrapper) != 0 ||
|
|
Ben Homer |
ebf6e1 |
- sshbuf_froms(b, &webauthn_exts) != 0) {
|
|
Ben Homer |
ebf6e1 |
- ret = SSH_ERR_INVALID_FORMAT;
|
|
Ben Homer |
ebf6e1 |
- goto out;
|
|
Ben Homer |
ebf6e1 |
- }
|
|
Ben Homer |
ebf6e1 |
- }
|
|
Ben Homer |
ebf6e1 |
+ if (sshbuf_get_cstring(b, &webauthn_origin, NULL) != 0 ||
|
|
Ben Homer |
ebf6e1 |
+ sshbuf_froms(b, &webauthn_wrapper) != 0 ||
|
|
Ben Homer |
ebf6e1 |
+ sshbuf_froms(b, &webauthn_exts) != 0) {
|
|
Ben Homer |
ebf6e1 |
+ if (is_webauthn) {
|
|
Ben Homer |
ebf6e1 |
+ ret = SSH_ERR_INVALID_FORMAT;
|
|
Ben Homer |
ebf6e1 |
+ goto out;
|
|
Ben Homer |
ebf6e1 |
+ }
|
|
Ben Homer |
ebf6e1 |
+ } else {
|
|
Ben Homer |
ebf6e1 |
+ // webauthn signature detected based on structure
|
|
Ben Homer |
ebf6e1 |
+ is_webauthn = 1;
|
|
Ben Homer |
ebf6e1 |
+ }
|
|
Ben Homer |
ebf6e1 |
if (sshbuf_len(b) != 0) {
|
|
Ben Homer |
ebf6e1 |
ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
|
|
Ben Homer |
ebf6e1 |
goto out;
|