[openssh-commits] [openssh] 05/05: upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag
git+noreply at mindrot.org
git+noreply at mindrot.org
Wed Sep 14 10:16:18 AEST 2022
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit ff9809fdfd1d9a91067bb14a77d176002edb153c
Author: djm at openbsd.org <djm at openbsd.org>
Date: Wed Sep 14 00:14:37 2022 +0000
upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag
from response
Now that all FIDO signing calls attempt first without PIN and then
fall back to trying PIN only if that attempt fails, we can remove the
hack^wtrick that removed the UV flag from the keys returned during
enroll.
By Corinna Vinschen
OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f
---
sk-usbhid.c | 10 +---------
1 file changed, 1 insertion(+), 9 deletions(-)
diff --git a/sk-usbhid.c b/sk-usbhid.c
index 3ba2cf26..46e09c26 100644
--- a/sk-usbhid.c
+++ b/sk-usbhid.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sk-usbhid.c,v 1.44 2022/09/02 04:20:02 djm Exp $ */
+/* $OpenBSD: sk-usbhid.c,v 1.45 2022/09/14 00:14:37 djm Exp $ */
/*
* Copyright (c) 2019 Markus Friedl
* Copyright (c) 2020 Pedro Martelletto
@@ -847,7 +847,6 @@ sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len,
struct sk_enroll_response *response = NULL;
size_t len;
int credprot;
- int internal_uv;
int cose_alg;
int ret = SSH_SK_ERR_GENERAL;
int r;
@@ -980,13 +979,6 @@ sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len,
goto out;
}
response->flags = flags;
- if ((flags & SSH_SK_USER_VERIFICATION_REQD)) {
- if (check_sk_options(sk->dev, "uv", &internal_uv) == 0 &&
- internal_uv != -1) {
- /* user verification handled by token */
- response->flags &= ~SSH_SK_USER_VERIFICATION_REQD;
- }
- }
if (pack_public_key(alg, cred, response) != 0) {
skdebug(__func__, "pack_public_key failed");
goto out;
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list