upstream: adapt dummy FIDO middleware to API change; ok markus@

author djm@openbsd.org <djm@openbsd.org>

Tue, 28 Apr 2020 04:59:29 +0000 (04:59 +0000)

committer Damien Miller <djm@mindrot.org>

Fri, 1 May 2020 03:13:36 +0000 (13:13 +1000)
author djm@openbsd.org <djm@openbsd.org>
Tue, 28 Apr 2020 04:59:29 +0000 (04:59 +0000)
committer Damien Miller <djm@mindrot.org>
Fri, 1 May 2020 03:13:36 +0000 (13:13 +1000)
diff --git a/regress/misc/sk-dummy/sk-dummy.c b/regress/misc/sk-dummy/sk-dummy.c

index dca158ded6fc8043b2874e3a132b4681923a4e23..f3acb2fb7967aee97861868a6a9640ac8ea7e960 100644 (file)
--- a/regress/misc/sk-dummy/sk-dummy.c
+++ b/regress/misc/sk-dummy/sk-dummy.c
@@ -47,7 +47,7 @@
         } while (0)
  #endif
  
-#if SSH_SK_VERSION_MAJOR != 0x00040000
+#if SSH_SK_VERSION_MAJOR != 0x00050000
  # error SK API has changed, sk-dummy.c needs an update
  #endif
  
@@ -468,13 +468,15 @@ sig_ed25519(const uint8_t *message, size_t message_len,
  }
  
  int
-sk_sign(uint32_t alg, const uint8_t *message, size_t message_len,
+sk_sign(uint32_t alg, const uint8_t *data, size_t datalen,
      const char *application, const uint8_t *key_handle, size_t key_handle_len,
      uint8_t flags, const char *pin, struct sk_option **options,
      struct sk_sign_response **sign_response)
  {
         struct sk_sign_response *response = NULL;
         int ret = SSH_SK_ERR_GENERAL;
+       SHA256_CTX ctx;
+       uint8_t message[32];
  
         if (sign_response == NULL) {
                 skdebug(__func__, "sign_response == NULL");
@@ -487,17 +489,20 @@ sk_sign(uint32_t alg, const uint8_t *message, size_t message_len,
                 skdebug(__func__, "calloc response failed");
                 goto out;
         }
+       SHA256_Init(&ctx);
+       SHA256_Update(&ctx, data, datalen);
+       SHA256_Final(message, &ctx);
         response->flags = flags;
         response->counter = 0x12345678;
         switch(alg) {
         case SSH_SK_ECDSA:
-               if (sig_ecdsa(message, message_len, application,
+               if (sig_ecdsa(message, sizeof(message), application,
                     response->counter, flags, key_handle, key_handle_len,
                     response) != 0)
                         goto out;
                 break;
         case SSH_SK_ED25519:
-               if (sig_ed25519(message, message_len, application,
+               if (sig_ed25519(message, sizeof(message), application,
                     response->counter, flags, key_handle, key_handle_len,
                     response) != 0)
                         goto out;
@@ -510,6 +515,7 @@ sk_sign(uint32_t alg, const uint8_t *message, size_t message_len,
         response = NULL;
         ret = 0;
   out:
+       explicit_bzero(message, sizeof(message));
         if (response != NULL) {
                 free(response->sig_r);
                 free(response->sig_s);
author	djm@openbsd.org <djm@openbsd.org>
	Tue, 28 Apr 2020 04:59:29 +0000 (04:59 +0000)
committer	Damien Miller <djm@mindrot.org>
	Fri, 1 May 2020 03:13:36 +0000 (13:13 +1000)