diff options
| author |   djm <djm@openbsd.org> | 2019-11-15 03:41:57 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2019-11-15 03:41:57 +0000 |
| commit | 7cf8e58d03f52ba13596de733a6c313b098a4e15 (patch) | |
| tree | 8961444b14adc6c957c89c0c56d3ac3cc838a78f | |
| parent | our older gcc requires forced -std=c99 (diff) | |
| download | wireguard-openbsd-7cf8e58d03f52ba13596de733a6c313b098a4e15.tar.xz wireguard-openbsd-7cf8e58d03f52ba13596de733a6c313b098a4e15.zip | |
U2F tokens may return FIDO_ERR_USER_PRESENCE_REQUIRED when probed to
see if they own a key handle. Handle this case so the find_device()
look can work for them. Reported by Michael Forney
| -rw-r--r-- | usr.bin/ssh/sk-usbhid.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/usr.bin/ssh/sk-usbhid.c b/usr.bin/ssh/sk-usbhid.c index 4561297e7fa..0c70b031717 100644 --- a/usr.bin/ssh/sk-usbhid.c +++ b/usr.bin/ssh/sk-usbhid.c @@ -197,6 +197,10 @@ try_device(fido_dev_t *dev, const uint8_t *message, size_t message_len, } r = fido_dev_get_assert(dev, assert, NULL); skdebug(__func__, "fido_dev_get_assert: %s", fido_strerr(r)); + if (r == FIDO_ERR_USER_PRESENCE_REQUIRED) { + /* U2F tokens may return this */ + r = FIDO_OK; + } out: fido_assert_free(&assert); |