[openssh-commits] [openssh] 04/05: upstream: ssh-keygen: fix touch prompt, pin retries;

git+noreply at mindrot.org git+noreply at mindrot.org
Wed Jul 20 13:39:32 AEST 2022 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit f208e3b9ffb5ee76cf9c95df7ff967adc7f51c7d
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Wed Jul 20 03:33:22 2022 +0000

    upstream: ssh-keygen: fix touch prompt, pin retries;
    
    part of GHPR329 from Pedro Martelletto
    
    OpenBSD-Commit-ID: 75d1005bd2ef8f29fa834c90d2684e73556fffe8
---
 ssh-keygen.c | 23 ++++++++++-------------
 1 file changed, 10 insertions(+), 13 deletions(-)

diff --git a/ssh-keygen.c b/ssh-keygen.c
index 51cb7e32..77f79013 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.456 2022/07/20 03:29:14 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.457 2022/07/20 03:33:22 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -3230,7 +3230,6 @@ confirm_sk_overwrite(const char *application, const char *user)
 		return 0;
 	if (yesno[0] != 'y' && yesno[0] != 'Y')
 		return 0;
-	printf("Touch your authenticator to authorize key generation.\n");
 	return 1;
 }
 
@@ -3800,10 +3799,6 @@ main(int argc, char **argv)
 				    "FIDO authenticator enrollment", opts[i]);
 			}
 		}
-		if (!quiet) {
-			printf("You may need to touch your authenticator "
-			    "to authorize key generation.\n");
-		}
 		if ((attest = sshbuf_new()) == NULL)
 			fatal("sshbuf_new failed");
 		if ((sk_flags &
@@ -3813,7 +3808,14 @@ main(int argc, char **argv)
 		} else {
 			passphrase = NULL;
 		}
-		for (i = 0 ; ; i++) {
+		r = 0;
+		for (i = 0 ;;) {
+			if (!quiet) {
+				printf("You may need to touch your "
+				    "authenticator%s to authorize key "
+				    "generation.\n",
+				    r == 0 ? "" : " again");
+			}
 			fflush(stdout);
 			r = sshsk_enroll(type, sk_provider, sk_device,
 			    sk_application == NULL ? "ssh:" : sk_application,
@@ -3835,15 +3837,10 @@ main(int argc, char **argv)
 				freezero(passphrase, strlen(passphrase));
 				passphrase = NULL;
 			}
-			if (i >= 3)
+			if (++i >= 3)
 				fatal("Too many incorrect PINs");
 			passphrase = read_passphrase("Enter PIN for "
 			    "authenticator: ", RP_ALLOW_STDIN);
-			if (!quiet) {
-				printf("You may need to touch your "
-				    "authenticator (again) to authorize "
-				    "key generation.\n");
-			}
 		}
 		if (passphrase != NULL) {
 			freezero(passphrase, strlen(passphrase));

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list