Mailing List Archive

Re: SSHSIG format discrepancy?
On Wed, 2 Oct 2019, Mantas Mikul?nas wrote:

> Hello,
>
> I'm trying to implement OpenSSH's new SSHSIG format in my own Python
> script (an older project for signing data using ssh-agent), and it seems
> like the "data wrapper" format used by ssh-keygen doesn't exactly match
> what is documented in PROTOCOL.
>
> The documentation says that H(message) is written as a `string`, which
> implies it being prefixed with uint32 length as other SSH strings are.
>
> However, I found that sshsig_wrap_sign() uses sshbuf_putb() and not
> put_string(), and I've *only* managed to achieve compatibility by
> directly appending h_message *without* the string-length prefix.
>
> Which format is the correct one?

The PROTOCOL.sshsig file is correct. I've committed a fix.

> (Additionally: Shouldn't ssh-keygen reject -n "" to enforce the "empty
> namespace is forbidden" rule?)

I've fixed this too.

Thanks!
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: SSHSIG format discrepancy? [ In reply to ]
On Wed, 2 Oct 2019, Mantas Mikul?nas wrote:


> Looking over the commit, shouldn't it use || instead of &&? The current fix
> seems like it will result in a null deref. 

doh; fixed
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev