aboutsummaryrefslogtreecommitdiff
path: root/crypto/openssh/ssh-sk.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssh/ssh-sk.c')
-rw-r--r--crypto/openssh/ssh-sk.c13
1 files changed, 9 insertions, 4 deletions
diff --git a/crypto/openssh/ssh-sk.c b/crypto/openssh/ssh-sk.c
index a1ff5cc485e8..d1c18803ff83 100644
--- a/crypto/openssh/ssh-sk.c
+++ b/crypto/openssh/ssh-sk.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-sk.c,v 1.38 2022/01/14 03:35:10 djm Exp $ */
+/* $OpenBSD: ssh-sk.c,v 1.40 2023/07/19 14:02:27 djm Exp $ */
/*
* Copyright (c) 2019 Google LLC
*
@@ -127,15 +127,18 @@ sshsk_open(const char *path)
ret->sk_enroll = ssh_sk_enroll;
ret->sk_sign = ssh_sk_sign;
ret->sk_load_resident_keys = ssh_sk_load_resident_keys;
+ return ret;
#else
error("internal security key support not enabled");
+ goto fail;
#endif
- return ret;
}
- if ((ret->dlhandle = dlopen(path, RTLD_NOW)) == NULL) {
- error("Provider \"%s\" dlopen failed: %s", path, dlerror());
+ if (lib_contains_symbol(path, "sk_api_version") != 0) {
+ error("provider %s is not an OpenSSH FIDO library", path);
goto fail;
}
+ if ((ret->dlhandle = dlopen(path, RTLD_NOW)) == NULL)
+ fatal("Provider \"%s\" dlopen failed: %s", path, dlerror());
if ((ret->sk_api_version = dlsym(ret->dlhandle,
"sk_api_version")) == NULL) {
error("Provider \"%s\" dlsym(sk_api_version) failed: %s",
@@ -353,6 +356,8 @@ skerr_to_ssherr(int skerr)
return SSH_ERR_KEY_WRONG_PASSPHRASE;
case SSH_SK_ERR_DEVICE_NOT_FOUND:
return SSH_ERR_DEVICE_NOT_FOUND;
+ case SSH_SK_ERR_CREDENTIAL_EXISTS:
+ return SSH_ERR_KEY_BAD_PERMISSIONS;
case SSH_SK_ERR_GENERAL:
default:
return SSH_ERR_INVALID_FORMAT;
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-09 12:24:32 +0000