rpms / openssh

Clone
Source Code
GIT

#9 Merge webauthn patch to c10s-sig-hyperscale
Merged 12 days ago by rcolebaugh. Opened 13 days ago by vishalmishra434.
rpms/ vishalmishra434/openssh c10s-sig-hyperscale-2  into  c10s-sig-hyperscale

file added
+30 
@@ -0,0 +1,30 @@ 
 

+ Index: openssh-8.7p1/ssh-ecdsa-sk.c
 

+ ===================================================================
 

+ --- openssh-8.7p1.orig/ssh-ecdsa-sk.c
 

+ +++ openssh-8.7p1/ssh-ecdsa-sk.c
 

+ @@ -191,14 +191,17 @@ ssh_ecdsa_sk_verify(const struct sshkey
 

+  		ret = SSH_ERR_INVALID_FORMAT;
 

+  		goto out;
 

+  	}
 

+ -	if (is_webauthn) {
 

+ -		if (sshbuf_get_cstring(b, &webauthn_origin, NULL) != 0 ||
 

+ -		    sshbuf_froms(b, &webauthn_wrapper) != 0 ||
 

+ -		    sshbuf_froms(b, &webauthn_exts) != 0) {
 

+ -			ret = SSH_ERR_INVALID_FORMAT;
 

+ -			goto out;
 

+ -		}
 

+ -	}
 

+ +	if (sshbuf_get_cstring(b, &webauthn_origin, NULL) != 0 ||
 

+ +            sshbuf_froms(b, &webauthn_wrapper) != 0 ||
 

+ +            sshbuf_froms(b, &webauthn_exts) != 0) {
 

+ +                if (is_webauthn) {
 

+ +		    ret = SSH_ERR_INVALID_FORMAT;
 

+ +		    goto out;
 

+ +                }
 

+ +        } else {
 

+ +            // webauthn signature detected based on structure
 

+ +            is_webauthn = 1;
 

+ +        }
 

+  	if (sshbuf_len(b) != 0) {
 

+  		ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
 

+  		goto out;

file modified
+7 -1 
@@ -44,7 +44,7 @@ 
 

  

  %global openssh_ver 9.9p1
 

  %global openssh_rel 4
 

- %global hyperscale_rel 1
 

+ %global hyperscale_rel 2
 

  

  

  Summary: An open source implementation of SSH protocol version 2
 
@@ -236,6 +236,8 @@ 
 

  # Log extra authentication information to the auth_info structured
 

  # logging field, and add tests for pubkey and cert auth.
 

  Patch2019: fb87_log_auth_info.patch
 

+ # Detect webauthn-sk-ecdsa signatures based on signature format.
 

+ Patch2020: fb87_sk_ecdsa_webauthn.patch
 

  

  License: BSD-3-Clause AND BSD-2-Clause AND ISC AND SSH-OpenSSH AND ssh-keyscan AND sprintf AND LicenseRef-Fedora-Public-Domain AND X11-distribute-modifications-variant
 

  Requires: /sbin/nologin
 
@@ -434,6 +436,7 @@ 
 

  %patch -P 2017 -p1 -b .log_accept_env
 

  %patch -P 2018 -p1 -b .pass_principals_to_child
 

  %patch -P 2019 -p1 -b .log_auth_info
 

+ %patch -P 2020 -p1 -b .sk_ecdsa_webauthn
 

  %endif
 

  

  %if 0%{?facebook} && 0%{?use_quilt}
 
@@ -717,6 +720,9 @@ 
 

  %attr(0755,root,root) %{_libdir}/sshtest/sk-dummy.so
 

  

  %changelog
 

+ * Thu Dec 19 2024 Ben Homer <bmhomer13@gmail.com> 9.9p1-4.2
 

+ -  Allow webauthn-sk-ecdsa signatures to be detected based on format
 

+ 

  * Fri Nov 22 2024 Vishal Mishra <vishalmishra@meta.com> 9.9p1-4.1
 

  - Merge fb patches to c10s to create c10s-sig-hyperscale

Cherry picking https://git.centos.org/rpms/openssh/pull-request/8# onto c10s-sig-hyperscale branch.

Nice looks good to me, thanks for porting this over! :D

Pull-Request has been merged by rcolebaugh
12 days ago
Metadata
None
No Tags
Changes Summary 2
+30
file added
fb87_sk_ecdsa_webauthn.patch
+7 -1
file changed
openssh.spec

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation