diff options
author | djm@openbsd.org <djm@openbsd.org> | 2020-01-25 23:13:09 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2020-01-26 10:18:42 +1100 |
commit | 59d01f1d720ebede4da42882f592d1093dac7adc (patch) | |
tree | d79871dcec88b95a6df86dd6821cbdf5e467f719 /ssh-sk.c | |
parent | 99aa8035554ddb976348d2a9253ab3653019728d (diff) |
upstream: improve the error message for u2f enrollment errors by
making ssh-keygen be solely responsible for printing the error message and
convertint some more common error responses from the middleware to a useful
ssherr.h status code. more detail remains visible via -v of course.
also remove indepedent copy of sk-api.h declarations in sk-usbhid.c
and just include it.
feedback & ok markus@
OpenBSD-Commit-ID: a4a8ffa870d9a3e0cfd76544bcdeef5c9fb1f1bb
Diffstat (limited to 'ssh-sk.c')
-rw-r--r-- | ssh-sk.c | 6 |
1 files changed, 4 insertions, 2 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-sk.c,v 1.24 2020/01/06 02:00:47 djm Exp $ */ | 1 | /* $OpenBSD: ssh-sk.c,v 1.25 2020/01/25 23:13:09 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2019 Google LLC | 3 | * Copyright (c) 2019 Google LLC |
4 | * | 4 | * |
@@ -338,6 +338,8 @@ skerr_to_ssherr(int skerr) | |||
338 | return SSH_ERR_FEATURE_UNSUPPORTED; | 338 | return SSH_ERR_FEATURE_UNSUPPORTED; |
339 | case SSH_SK_ERR_PIN_REQUIRED: | 339 | case SSH_SK_ERR_PIN_REQUIRED: |
340 | return SSH_ERR_KEY_WRONG_PASSPHRASE; | 340 | return SSH_ERR_KEY_WRONG_PASSPHRASE; |
341 | case SSH_SK_ERR_DEVICE_NOT_FOUND: | ||
342 | return SSH_ERR_DEVICE_NOT_FOUND; | ||
341 | case SSH_SK_ERR_GENERAL: | 343 | case SSH_SK_ERR_GENERAL: |
342 | default: | 344 | default: |
343 | return SSH_ERR_INVALID_FORMAT; | 345 | return SSH_ERR_INVALID_FORMAT; |
@@ -490,7 +492,7 @@ sshsk_enroll(int type, const char *provider_path, const char *device, | |||
490 | /* enroll key */ | 492 | /* enroll key */ |
491 | if ((r = skp->sk_enroll(alg, challenge, challenge_len, application, | 493 | if ((r = skp->sk_enroll(alg, challenge, challenge_len, application, |
492 | flags, pin, opts, &resp)) != 0) { | 494 | flags, pin, opts, &resp)) != 0) { |
493 | error("Security key provider \"%s\" returned failure %d", | 495 | debug("%s: provider \"%s\" returned failure %d", __func__, |
494 | provider_path, r); | 496 | provider_path, r); |
495 | r = skerr_to_ssherr(r); | 497 | r = skerr_to_ssherr(r); |
496 | goto out; | 498 | goto out; |