diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2022-07-20 03:33:22 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2022-07-20 13:38:48 +1000 |
| commit | f208e3b9ffb5ee76cf9c95df7ff967adc7f51c7d (patch) | |
| tree | 0d4b7a69155f9d8d84db7abf3cbf0d41dac92dac /ssh-keygen.c | |
| parent | 8638a2ce7e90c8a51d9af3143404282126c524f8 (diff) | |
| download | openssh-git-f208e3b9ffb5ee76cf9c95df7ff967adc7f51c7d.tar.gz | |
upstream: ssh-keygen: fix touch prompt, pin retries;
part of GHPR329 from Pedro Martelletto
OpenBSD-Commit-ID: 75d1005bd2ef8f29fa834c90d2684e73556fffe8
Diffstat (limited to 'ssh-keygen.c')
| -rw-r--r-- | ssh-keygen.c | 23 |
1 files changed, 10 insertions, 13 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index 51cb7e32..77f79013 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.456 2022/07/20 03:29:14 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.457 2022/07/20 03:33:22 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -3230,7 +3230,6 @@ confirm_sk_overwrite(const char *application, const char *user) return 0; if (yesno[0] != 'y' && yesno[0] != 'Y') return 0; - printf("Touch your authenticator to authorize key generation.\n"); return 1; } @@ -3800,10 +3799,6 @@ main(int argc, char **argv) "FIDO authenticator enrollment", opts[i]); } } - if (!quiet) { - printf("You may need to touch your authenticator " - "to authorize key generation.\n"); - } if ((attest = sshbuf_new()) == NULL) fatal("sshbuf_new failed"); if ((sk_flags & @@ -3813,7 +3808,14 @@ main(int argc, char **argv) } else { passphrase = NULL; } - for (i = 0 ; ; i++) { + r = 0; + for (i = 0 ;;) { + if (!quiet) { + printf("You may need to touch your " + "authenticator%s to authorize key " + "generation.\n", + r == 0 ? "" : " again"); + } fflush(stdout); r = sshsk_enroll(type, sk_provider, sk_device, sk_application == NULL ? "ssh:" : sk_application, @@ -3835,15 +3837,10 @@ main(int argc, char **argv) freezero(passphrase, strlen(passphrase)); passphrase = NULL; } - if (i >= 3) + if (++i >= 3) fatal("Too many incorrect PINs"); passphrase = read_passphrase("Enter PIN for " "authenticator: ", RP_ALLOW_STDIN); - if (!quiet) { - printf("You may need to touch your " - "authenticator (again) to authorize " - "key generation.\n"); - } } if (passphrase != NULL) { freezero(passphrase, strlen(passphrase)); |