diff options
-rw-r--r-- | ssh-keygen.c | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index aa4ec0655..cf8e1ba97 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keygen.c,v 1.402 2020/03/06 18:29:14 markus Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.403 2020/03/13 03:12:17 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -2960,18 +2960,25 @@ do_download_sk(const char *skprovider, const char *device) | |||
2960 | struct sshkey **keys; | 2960 | struct sshkey **keys; |
2961 | size_t nkeys, i; | 2961 | size_t nkeys, i; |
2962 | int r, ok = -1; | 2962 | int r, ok = -1; |
2963 | char *fp, *pin, *pass = NULL, *path, *pubpath; | 2963 | char *fp, *pin = NULL, *pass = NULL, *path, *pubpath; |
2964 | const char *ext; | 2964 | const char *ext; |
2965 | 2965 | ||
2966 | if (skprovider == NULL) | 2966 | if (skprovider == NULL) |
2967 | fatal("Cannot download keys without provider"); | 2967 | fatal("Cannot download keys without provider"); |
2968 | 2968 | ||
2969 | pin = read_passphrase("Enter PIN for authenticator: ", RP_ALLOW_STDIN); | 2969 | for (i = 0; i < 2; i++) { |
2970 | if ((r = sshsk_load_resident(skprovider, device, pin, | 2970 | if (i == 1) { |
2971 | &keys, &nkeys)) != 0) { | 2971 | pin = read_passphrase("Enter PIN for authenticator: ", |
2972 | freezero(pin, strlen(pin)); | 2972 | RP_ALLOW_STDIN); |
2973 | error("Unable to load resident keys: %s", ssh_err(r)); | 2973 | } |
2974 | return -1; | 2974 | if ((r = sshsk_load_resident(skprovider, device, pin, |
2975 | &keys, &nkeys)) != 0) { | ||
2976 | if (i == 0 && r == SSH_ERR_KEY_WRONG_PASSPHRASE) | ||
2977 | continue; | ||
2978 | freezero(pin, strlen(pin)); | ||
2979 | error("Unable to load resident keys: %s", ssh_err(r)); | ||
2980 | return -1; | ||
2981 | } | ||
2975 | } | 2982 | } |
2976 | if (nkeys == 0) | 2983 | if (nkeys == 0) |
2977 | logit("No keys to download"); | 2984 | logit("No keys to download"); |