diff options
Diffstat (limited to 'ssh-keygen.c')
-rw-r--r-- | ssh-keygen.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index a6ba6cc7a..0d6ed1fff 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keygen.c,v 1.397 2020/02/06 22:30:54 naddy Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.398 2020/02/07 03:27:54 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -3588,7 +3588,7 @@ main(int argc, char **argv) | |||
3588 | passphrase = NULL; | 3588 | passphrase = NULL; |
3589 | if ((attest = sshbuf_new()) == NULL) | 3589 | if ((attest = sshbuf_new()) == NULL) |
3590 | fatal("sshbuf_new failed"); | 3590 | fatal("sshbuf_new failed"); |
3591 | for (i = 0 ; i < 3; i++) { | 3591 | for (i = 0 ; ; i++) { |
3592 | fflush(stdout); | 3592 | fflush(stdout); |
3593 | r = sshsk_enroll(type, sk_provider, sk_device, | 3593 | r = sshsk_enroll(type, sk_provider, sk_device, |
3594 | sk_application == NULL ? "ssh:" : sk_application, | 3594 | sk_application == NULL ? "ssh:" : sk_application, |
@@ -3598,15 +3598,21 @@ main(int argc, char **argv) | |||
3598 | break; | 3598 | break; |
3599 | if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) | 3599 | if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) |
3600 | fatal("Key enrollment failed: %s", ssh_err(r)); | 3600 | fatal("Key enrollment failed: %s", ssh_err(r)); |
3601 | if (passphrase != NULL) | 3601 | else if (i > 0) |
3602 | error("PIN incorrect"); | ||
3603 | if (passphrase != NULL) { | ||
3602 | freezero(passphrase, strlen(passphrase)); | 3604 | freezero(passphrase, strlen(passphrase)); |
3605 | passphrase = NULL; | ||
3606 | } | ||
3607 | if (i >= 3) | ||
3608 | fatal("Too many incorrect PINs"); | ||
3603 | passphrase = read_passphrase("Enter PIN for " | 3609 | passphrase = read_passphrase("Enter PIN for " |
3604 | "authenticator: ", RP_ALLOW_STDIN); | 3610 | "authenticator: ", RP_ALLOW_STDIN); |
3605 | } | 3611 | } |
3606 | if (passphrase != NULL) | 3612 | if (passphrase != NULL) { |
3607 | freezero(passphrase, strlen(passphrase)); | 3613 | freezero(passphrase, strlen(passphrase)); |
3608 | if (i > 3) | 3614 | passphrase = NULL; |
3609 | fatal("Too many incorrect PINs"); | 3615 | } |
3610 | break; | 3616 | break; |
3611 | default: | 3617 | default: |
3612 | if ((r = sshkey_generate(type, bits, &private)) != 0) | 3618 | if ((r = sshkey_generate(type, bits, &private)) != 0) |