tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-09-25 10:58:56 +02:00
Code Issues Packages Projects Releases Wiki Activity

skip key_lookup() on Windows (#802)

Browse Source
This commit is contained in:
Tess Gauthier 2025-09-22 14:28:15 -04:00 committed by GitHub
parent 6958bcc3df
commit 1b893e63ae
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sk-usbhid.c
View File

@ -774,9 +774,6 @@ static int
key_lookup(fido_dev_t *dev, const char *application, const uint8_t *user_id, key_lookup(fido_dev_t *dev, const char *application, const uint8_t *user_id,
size_t user_id_len, const char *pin) size_t user_id_len, const char *pin)
{ {
#ifdef HAVE_FIDO_DEV_IS_WINHELLO
return FIDO_OK;
#else
fido_assert_t* assert = NULL; fido_assert_t* assert = NULL;
uint8_t message[32]; uint8_t message[32];
int r = FIDO_ERR_INTERNAL; int r = FIDO_ERR_INTERNAL;
@ -830,7 +827,6 @@ out:
fido_assert_free(&assert); fido_assert_free(&assert);
return r; return r;
#endif /* HAVE_FIDO_DEV_IS_WINHELLO */
} }
int int
@ -897,6 +893,9 @@ sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len,
goto out; goto out;
} }
skdebug(__func__, "using device %s", sk->path); skdebug(__func__, "using device %s", sk->path);
// Windows: can skip key_lookup() as it will not be overwritten regardless, per above comment:
// Don't overwrite existing credentials on FIDO authenticators.
#ifndef WINDOWS
if ((flags & SSH_SK_RESIDENT_KEY) != 0 && if ((flags & SSH_SK_RESIDENT_KEY) != 0 &&
(flags & SSH_SK_FORCE_OPERATION) == 0 && (flags & SSH_SK_FORCE_OPERATION) == 0 &&
(r = key_lookup(sk->dev, application, user_id, sizeof(user_id), (r = key_lookup(sk->dev, application, user_id, sizeof(user_id),
@ -910,6 +909,7 @@ sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len,
} }
goto out; goto out;
} }
#endif /* !WINDOWS */
if ((cred = fido_cred_new()) == NULL) { if ((cred = fido_cred_new()) == NULL) {
skdebug(__func__, "fido_cred_new failed"); skdebug(__func__, "fido_cred_new failed");
goto out; goto out;