diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-11-12 22:38:19 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-11-13 10:15:47 +1100 |
commit | fccff339cab5aa66f2554e0188b83f980683490b (patch) | |
tree | da5d2b82dc137b6afe8b9b14f28bc600fdbcc31e /ssh-sk.c | |
parent | e44bb61824e36d0d181a08489c16c378c486a974 (diff) |
upstream: allow an empty attestation certificate returned by a
security key enrollment - these are possible for tokens that only offer self-
attestation. This also needs support from the middleware.
ok markus@
OpenBSD-Commit-ID: 135eeeb937088ef6830a25ca0bbe678dfd2c57cc
Diffstat (limited to 'ssh-sk.c')
-rw-r--r-- | ssh-sk.c | 5 |
1 files changed, 3 insertions, 2 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-sk.c,v 1.9 2019/11/12 19:34:40 markus Exp $ */ | 1 | /* $OpenBSD: ssh-sk.c,v 1.10 2019/11/12 22:38:19 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2019 Google LLC | 3 | * Copyright (c) 2019 Google LLC |
4 | * | 4 | * |
@@ -300,7 +300,8 @@ sshsk_enroll(int type, const char *provider_path, const char *application, | |||
300 | } | 300 | } |
301 | /* Check response validity */ | 301 | /* Check response validity */ |
302 | if (resp->public_key == NULL || resp->key_handle == NULL || | 302 | if (resp->public_key == NULL || resp->key_handle == NULL || |
303 | resp->signature == NULL || resp->attestation_cert == NULL) { | 303 | resp->signature == NULL || |
304 | (resp->attestation_cert == NULL && resp->attestation_cert_len != 0)) { | ||
304 | error("%s: sk_enroll response invalid", __func__); | 305 | error("%s: sk_enroll response invalid", __func__); |
305 | r = SSH_ERR_INVALID_FORMAT; | 306 | r = SSH_ERR_INVALID_FORMAT; |
306 | goto out; | 307 | goto out; |