[openssh-commits] [openssh] 01/01: upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV

Fri Sep 2 14:21:14 AEST 2022

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 5f45c2395c60865e59fa44152ff1d003a128c5bc
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Fri Sep 2 04:20:02 2022 +0000

    upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV
    
    explicitly test whether the token performs built-in UV (e.g. biometric
    tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388
    
    OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd
---
 sk-usbhid.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/sk-usbhid.c b/sk-usbhid.c
index 7bc11ccf..3ba2cf26 100644
--- a/sk-usbhid.c
+++ b/sk-usbhid.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sk-usbhid.c,v 1.43 2022/08/19 05:53:28 djm Exp $ */
+/* $OpenBSD: sk-usbhid.c,v 1.44 2022/09/02 04:20:02 djm Exp $ */
 /*
  * Copyright (c) 2019 Markus Friedl
  * Copyright (c) 2020 Pedro Martelletto
@@ -783,6 +783,7 @@ key_lookup(fido_dev_t *dev, const char *application, const uint8_t *user_id,
 	fido_assert_t *assert = NULL;
 	uint8_t message[32];
 	int r = FIDO_ERR_INTERNAL;
+	int sk_supports_uv, uv;
 	size_t i;
 
 	memset(message, '\0', sizeof(message));
@@ -802,7 +803,15 @@ key_lookup(fido_dev_t *dev, const char *application, const uint8_t *user_id,
 		goto out;
 	}
 	if ((r = fido_assert_set_up(assert, FIDO_OPT_FALSE)) != FIDO_OK) {
-		skdebug(__func__, "fido_assert_up: %s", fido_strerr(r));
+		skdebug(__func__, "fido_assert_set_up: %s", fido_strerr(r));
+		goto out;
+	}
+	uv = FIDO_OPT_OMIT;
+	if (pin == NULL && check_sk_options(dev, "uv", &sk_supports_uv) == 0 &&
+	    sk_supports_uv != -1)
+		uv = FIDO_OPT_TRUE;
+	if ((r = fido_assert_set_uv(assert, uv)) != FIDO_OK) {
+		skdebug(__func__, "fido_assert_set_uv: %s", fido_strerr(r));
 		goto out;
 	}
 	if ((r = fido_dev_get_assert(dev, assert, pin)) != FIDO_OK) {

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
