tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-27 15:54:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

upstream: ssh-keygen: fix touch prompt, pin retries;

Browse Source 
part of GHPR329 from Pedro Martelletto

OpenBSD-Commit-ID: 75d1005bd2ef8f29fa834c90d2684e73556fffe8
This commit is contained in:
djm@openbsd.org 2022-07-20 03:33:22 +00:00 committed by Damien Miller
parent 8638a2ce7e
commit f208e3b9ff
1 changed files with 10 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
ssh-keygen.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-keygen.c,v 1.456 2022/07/20 03:29:14 djm Exp $ */ /* $OpenBSD: ssh-keygen.c,v 1.457 2022/07/20 03:33:22 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -3230,7 +3230,6 @@ confirm_sk_overwrite(const char *application, const char *user)
return 0; return 0;
if (yesno[0] != 'y' && yesno[0] != 'Y') if (yesno[0] != 'y' && yesno[0] != 'Y')
return 0; return 0;
printf("Touch your authenticator to authorize key generation.\n");
return 1; return 1;
} }
@ -3800,10 +3799,6 @@ main(int argc, char **argv)
"FIDO authenticator enrollment", opts[i]); "FIDO authenticator enrollment", opts[i]);
} }
} }
if (!quiet) {
printf("You may need to touch your authenticator "
"to authorize key generation.\n");
}
if ((attest = sshbuf_new()) == NULL) if ((attest = sshbuf_new()) == NULL)
fatal("sshbuf_new failed"); fatal("sshbuf_new failed");
if ((sk_flags & if ((sk_flags &
@ -3813,7 +3808,14 @@ main(int argc, char **argv)
} else { } else {
passphrase = NULL; passphrase = NULL;
} }
for (i = 0 ; ; i++) { r = 0;
for (i = 0 ;;) {
if (!quiet) {
printf("You may need to touch your "
"authenticator%s to authorize key "
"generation.\n",
r == 0 ? "" : " again");
}
fflush(stdout); fflush(stdout);
r = sshsk_enroll(type, sk_provider, sk_device, r = sshsk_enroll(type, sk_provider, sk_device,
sk_application == NULL ? "ssh:" : sk_application, sk_application == NULL ? "ssh:" : sk_application,
@ -3835,15 +3837,10 @@ main(int argc, char **argv)
freezero(passphrase, strlen(passphrase)); freezero(passphrase, strlen(passphrase));
passphrase = NULL; passphrase = NULL;
} }
if (i >= 3) if (++i >= 3)
fatal("Too many incorrect PINs"); fatal("Too many incorrect PINs");
passphrase = read_passphrase("Enter PIN for " passphrase = read_passphrase("Enter PIN for "
"authenticator: ", RP_ALLOW_STDIN); "authenticator: ", RP_ALLOW_STDIN);
if (!quiet) {
printf("You may need to touch your "
"authenticator (again) to authorize "
"key generation.\n");
}
} }
if (passphrase != NULL) { if (passphrase != NULL) {
freezero(passphrase, strlen(passphrase)); freezero(passphrase, strlen(passphrase));