bmh10 / rpms / openssh

Forked from rpms/openssh a day ago
Clone
Source Code
GIT

Files

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   c9s-sig-hyperscale
  2.   openssh-8.7p1-sk-ecdsa-webauthn.patch
Blob Blame History Raw 
Index: openssh-8.7p1/ssh-ecdsa-sk.c
===================================================================
--- openssh-8.7p1.orig/ssh-ecdsa-sk.c
+++ openssh-8.7p1/ssh-ecdsa-sk.c
@@ -191,14 +191,17 @@ ssh_ecdsa_sk_verify(const struct sshkey
 		ret = SSH_ERR_INVALID_FORMAT;
 		goto out;
 	}
-	if (is_webauthn) {
-		if (sshbuf_get_cstring(b, &webauthn_origin, NULL) != 0 ||
-		    sshbuf_froms(b, &webauthn_wrapper) != 0 ||
-		    sshbuf_froms(b, &webauthn_exts) != 0) {
-			ret = SSH_ERR_INVALID_FORMAT;
-			goto out;
-		}
-	}
+	if (sshbuf_get_cstring(b, &webauthn_origin, NULL) != 0 ||
+            sshbuf_froms(b, &webauthn_wrapper) != 0 ||
+            sshbuf_froms(b, &webauthn_exts) != 0) {
+                if (is_webauthn) {
+		    ret = SSH_ERR_INVALID_FORMAT;
+		    goto out;
+                }
+        } else {
+            // webauthn signature detected based on structure
+            is_webauthn = 1;
+        }
 	if (sshbuf_len(b) != 0) {
 		ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
 		goto out;

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation