diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2024-12-03 08:31:50 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2024-12-03 08:31:50 +0000 |
| commit | d26cf8511bcba4a74eb0188a544993b5a9e62550 (patch) | |
| tree | c77318b7b1ec45104b3f13a4493e4f20fc9a7c4d | |
| parent | 52c029ff228354e66c987a234493a4ea355d7056 (diff) | |
support FIDO tokens that return no attestation data, e.g. recent
WinHello. From Michael Braun via GHPR542
| -rw-r--r-- | usr.bin/ssh/sk-usbhid.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/usr.bin/ssh/sk-usbhid.c b/usr.bin/ssh/sk-usbhid.c index fd528c50f1e..def4ce2998b 100644 --- a/usr.bin/ssh/sk-usbhid.c +++ b/usr.bin/ssh/sk-usbhid.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sk-usbhid.c,v 1.46 2023/03/28 06:12:38 dtucker Exp $ */ +/* $OpenBSD: sk-usbhid.c,v 1.47 2024/12/03 08:31:49 djm Exp $ */ /* * Copyright (c) 2019 Markus Friedl * Copyright (c) 2020 Pedro Martelletto @@ -826,13 +826,15 @@ sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len, fido_strerr(r)); goto out; } - } else { + } else if (strcmp(fido_cred_fmt(cred), "none") != 0) { skdebug(__func__, "self-attested credential"); if ((r = fido_cred_verify_self(cred)) != FIDO_OK) { skdebug(__func__, "fido_cred_verify_self: %s", fido_strerr(r)); goto out; } + } else { + skdebug(__func__, "no attestation data"); } if ((response = calloc(1, sizeof(*response))) == NULL) { skdebug(__func__, "calloc response failed"); |