upstream: Hash challenge supplied by client during FIDO key enrollment
prior to passing it to libfido2, which does expect a hash.
There is no effect for users who are simply generating FIDO keys using
ssh-keygen - by default we generate a random 256 bit challenge, but
people building attestation workflows around our tools should now have
a more consistent experience (esp. fewer failures when they fail to
guess the magic 32-byte challenge length requirement).
ok markus@
OpenBSD-Commit-ID:
b8d5363a6a7ca3b23dc28f3ca69470472959f2b5
projects / thirdparty / openssh-portable.git / commit
