From 4b5f91cb959358141181b934156513fcb8a6c1e3 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Wed, 14 Sep 2022 00:02:03 +0000
Subject: upstream: ssh-agent: attempt FIDO key signing without PIN and use

the error to determine whether a PIN is required and prompt only if
necessary. from Corinna Vinschen

OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd
---
 ssh-agent.c | 13 ++-----------
 1 file changed, 2 insertions(+), 11 deletions(-)

(limited to 'ssh-agent.c')

diff --git a/ssh-agent.c b/ssh-agent.c
index e8fb7a4f..ddda4d77 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.289 2022/09/09 03:31:42 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.290 2022/09/14 00:02:03 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -813,16 +813,7 @@ process_sign_request2(SocketEntry *e)
 			/* error already logged */
 			goto send;
 		}
-		if ((id->key->sk_flags & SSH_SK_USER_VERIFICATION_REQD)) {
-			/* XXX include sig_dest */
-			xasprintf(&prompt, "Enter PIN%sfor %s key %s: ",
-			    (id->key->sk_flags & SSH_SK_USER_PRESENCE_REQD) ?
-			    " and confirm user presence " : " ",
-			    sshkey_type(id->key), fp);
-			pin = read_passphrase(prompt, RP_USE_ASKPASS);
-			free(prompt);
-			prompt = NULL;
-		} else if ((id->key->sk_flags & SSH_SK_USER_PRESENCE_REQD)) {
+		if (id->key->sk_flags & SSH_SK_USER_PRESENCE_REQD) {
 			notifier = notify_start(0,
 			    "Confirm user presence for key %s %s%s%s",
 			    sshkey_type(id->key), fp,
-- 
cgit v1.2.1