summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ssh-keygen.c18
1 files changed, 12 insertions, 6 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c
index a6ba6cc7a..0d6ed1fff 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.397 2020/02/06 22:30:54 naddy Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.398 2020/02/07 03:27:54 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -3588,7 +3588,7 @@ main(int argc, char **argv)
passphrase = NULL;
if ((attest = sshbuf_new()) == NULL)
fatal("sshbuf_new failed");
- for (i = 0 ; i < 3; i++) {
+ for (i = 0 ; ; i++) {
fflush(stdout);
r = sshsk_enroll(type, sk_provider, sk_device,
sk_application == NULL ? "ssh:" : sk_application,
@@ -3598,15 +3598,21 @@ main(int argc, char **argv)
break;
if (r != SSH_ERR_KEY_WRONG_PASSPHRASE)
fatal("Key enrollment failed: %s", ssh_err(r));
- if (passphrase != NULL)
+ else if (i > 0)
+ error("PIN incorrect");
+ if (passphrase != NULL) {
freezero(passphrase, strlen(passphrase));
+ passphrase = NULL;
+ }
+ if (i >= 3)
+ fatal("Too many incorrect PINs");
passphrase = read_passphrase("Enter PIN for "
"authenticator: ", RP_ALLOW_STDIN);
}
- if (passphrase != NULL)
+ if (passphrase != NULL) {
freezero(passphrase, strlen(passphrase));
- if (i > 3)
- fatal("Too many incorrect PINs");
+ passphrase = NULL;
+ }
break;
default:
if ((r = sshkey_generate(type, bits, &private)) != 0)