make signature format match PROTOCOL.sshsig file: the message hash

should be written as a string, not raw bytes. Spotted by Mantas
Mikulėnas

1 files changed, 2 insertions, 2 deletions

diff --git a/usr.bin/ssh/sshsig.c b/usr.bin/ssh/sshsig.c
index 013cf68f352..b44e964d999 100644
--- a/usr.bin/ssh/sshsig.c
+++ b/usr.bin/ssh/sshsig.c
@@ -170,7 +170,7 @@ sshsig_wrap_sign(struct sshkey *key, const char *hashalg,
 	    (r = sshbuf_put_cstring(tosign, sig_namespace)) != 0 ||
 	    (r = sshbuf_put_string(tosign, NULL, 0)) != 0 || /* reserved */
 	    (r = sshbuf_put_cstring(tosign, hashalg)) != 0 ||
-	    (r = sshbuf_putb(tosign, h_message)) != 0) {
+	    (r = sshbuf_put_stringb(tosign, h_message)) != 0) {
 		error("Couldn't construct message to sign: %s", ssh_err(r));
 		goto done;
 	}
@@ -306,7 +306,7 @@ sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg,
 	    (r = sshbuf_put_cstring(toverify, expect_namespace)) != 0 ||
 	    (r = sshbuf_put_string(toverify, NULL, 0)) != 0 || /* reserved */
 	    (r = sshbuf_put_cstring(toverify, hashalg)) != 0 ||
-	    (r = sshbuf_putb(toverify, h_message)) != 0) {
+	    (r = sshbuf_put_stringb(toverify, h_message)) != 0) {
 		error("Couldn't construct message to verify: %s", ssh_err(r));
 		goto done;
 	}