diff options
-rw-r--r-- | ssh-keygen.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index a6ba6cc7a..0d6ed1fff 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.397 2020/02/06 22:30:54 naddy Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.398 2020/02/07 03:27:54 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -3588,7 +3588,7 @@ main(int argc, char **argv) passphrase = NULL; if ((attest = sshbuf_new()) == NULL) fatal("sshbuf_new failed"); - for (i = 0 ; i < 3; i++) { + for (i = 0 ; ; i++) { fflush(stdout); r = sshsk_enroll(type, sk_provider, sk_device, sk_application == NULL ? "ssh:" : sk_application, @@ -3598,15 +3598,21 @@ main(int argc, char **argv) break; if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) fatal("Key enrollment failed: %s", ssh_err(r)); - if (passphrase != NULL) + else if (i > 0) + error("PIN incorrect"); + if (passphrase != NULL) { freezero(passphrase, strlen(passphrase)); + passphrase = NULL; + } + if (i >= 3) + fatal("Too many incorrect PINs"); passphrase = read_passphrase("Enter PIN for " "authenticator: ", RP_ALLOW_STDIN); } - if (passphrase != NULL) + if (passphrase != NULL) { freezero(passphrase, strlen(passphrase)); - if (i > 3) - fatal("Too many incorrect PINs"); + passphrase = NULL; + } break; default: if ((r = sshkey_generate(type, bits, &private)) != 0) |