diff options
Diffstat (limited to 'crypto/openssh/ssh-sk.c')
-rw-r--r-- | crypto/openssh/ssh-sk.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/crypto/openssh/ssh-sk.c b/crypto/openssh/ssh-sk.c index a1ff5cc485e8..d1c18803ff83 100644 --- a/crypto/openssh/ssh-sk.c +++ b/crypto/openssh/ssh-sk.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-sk.c,v 1.38 2022/01/14 03:35:10 djm Exp $ */ +/* $OpenBSD: ssh-sk.c,v 1.40 2023/07/19 14:02:27 djm Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -127,15 +127,18 @@ sshsk_open(const char *path) ret->sk_enroll = ssh_sk_enroll; ret->sk_sign = ssh_sk_sign; ret->sk_load_resident_keys = ssh_sk_load_resident_keys; + return ret; #else error("internal security key support not enabled"); + goto fail; #endif - return ret; } - if ((ret->dlhandle = dlopen(path, RTLD_NOW)) == NULL) { - error("Provider \"%s\" dlopen failed: %s", path, dlerror()); + if (lib_contains_symbol(path, "sk_api_version") != 0) { + error("provider %s is not an OpenSSH FIDO library", path); goto fail; } + if ((ret->dlhandle = dlopen(path, RTLD_NOW)) == NULL) + fatal("Provider \"%s\" dlopen failed: %s", path, dlerror()); if ((ret->sk_api_version = dlsym(ret->dlhandle, "sk_api_version")) == NULL) { error("Provider \"%s\" dlsym(sk_api_version) failed: %s", @@ -353,6 +356,8 @@ skerr_to_ssherr(int skerr) return SSH_ERR_KEY_WRONG_PASSPHRASE; case SSH_SK_ERR_DEVICE_NOT_FOUND: return SSH_ERR_DEVICE_NOT_FOUND; + case SSH_SK_ERR_CREDENTIAL_EXISTS: + return SSH_ERR_KEY_BAD_PERMISSIONS; case SSH_SK_ERR_GENERAL: default: return SSH_ERR_INVALID_FORMAT; |