upstream: ssh-agent: attempt FIDO key signing without PIN and use

the error to determine whether a PIN is required and prompt only if necessary. from Corinna Vinschen OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd
author: djm@openbsd.org <djm@openbsd.org> 2022-09-14 00:02:03 +0000
committer: Damien Miller <djm@mindrot.org> 2022-09-14 10:16:05 +1000
commit: 4b5f91cb959358141181b934156513fcb8a6c1e3 (patch)
tree: e44c766ee58d3c9cb76bc632eca0942a88bf889f
parent: 113523bf0bc33600b07ebb083572c8c346b6fdf4 (diff)
1 files changed, 2 insertions, 11 deletions
diff --git a/ssh-agent.c b/ssh-agent.c
index e8fb7a4f..ddda4d77 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.289 2022/09/09 03:31:42 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.290 2022/09/14 00:02:03 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -813,16 +813,7 @@ process_sign_request2(SocketEntry *e)
 			/* error already logged */
 			goto send;
 		}
-		if ((id->key->sk_flags & SSH_SK_USER_VERIFICATION_REQD)) {
-			/* XXX include sig_dest */
-			xasprintf(&prompt, "Enter PIN%sfor %s key %s: ",
-			    (id->key->sk_flags & SSH_SK_USER_PRESENCE_REQD) ?
-			    " and confirm user presence " : " ",
-			    sshkey_type(id->key), fp);
-			pin = read_passphrase(prompt, RP_USE_ASKPASS);
-			free(prompt);
-			prompt = NULL;
-		} else if ((id->key->sk_flags & SSH_SK_USER_PRESENCE_REQD)) {
+		if (id->key->sk_flags & SSH_SK_USER_PRESENCE_REQD) {
 			notifier = notify_start(0,
 			    "Confirm user presence for key %s %s%s%s",
 			    sshkey_type(id->key), fp,
author	djm@openbsd.org <djm@openbsd.org>	2022-09-14 00:02:03 +0000
committer	Damien Miller <djm@mindrot.org>	2022-09-14 10:16:05 +1000
commit	4b5f91cb959358141181b934156513fcb8a6c1e3 (patch)
tree	e44c766ee58d3c9cb76bc632eca0942a88bf889f
parent	113523bf0bc33600b07ebb083572c8c346b6fdf4 (diff)