upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV

explicitly test whether the token performs built-in UV (e.g. biometric
tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388

OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd

diff --git a/sk-usbhid.c b/sk-usbhid.c
index 7bc11ccf4329ea27290814ff499b9f824efb8014..3ba2cf26815bde6f3b31fb0f20de1dd1ed0b6f4d 100644 (file)
--- a/sk-usbhid.c
+++ b/sk-usbhid.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sk-usbhid.c,v 1.43 2022/08/19 05:53:28 djm Exp $ */
+/* $OpenBSD: sk-usbhid.c,v 1.44 2022/09/02 04:20:02 djm Exp $ */
 /*
  * Copyright (c) 2019 Markus Friedl
  * Copyright (c) 2020 Pedro Martelletto
@@ -783,6 +783,7 @@ key_lookup(fido_dev_t *dev, const char *application, const uint8_t *user_id,
        fido_assert_t *assert = NULL;
        uint8_t message[32];
        int r = FIDO_ERR_INTERNAL;
+       int sk_supports_uv, uv;
        size_t i;
 
        memset(message, '\0', sizeof(message));
@@ -802,7 +803,15 @@ key_lookup(fido_dev_t *dev, const char *application, const uint8_t *user_id,
                goto out;
        }
        if ((r = fido_assert_set_up(assert, FIDO_OPT_FALSE)) != FIDO_OK) {
-               skdebug(__func__, "fido_assert_up: %s", fido_strerr(r));
+               skdebug(__func__, "fido_assert_set_up: %s", fido_strerr(r));
+               goto out;
+       }
+       uv = FIDO_OPT_OMIT;
+       if (pin == NULL && check_sk_options(dev, "uv", &sk_supports_uv) == 0 &&
+           sk_supports_uv != -1)
+               uv = FIDO_OPT_TRUE;
+       if ((r = fido_assert_set_uv(assert, uv)) != FIDO_OK) {
+               skdebug(__func__, "fido_assert_set_uv: %s", fido_strerr(r));
                goto out;
        }
        if ((r = fido_dev_get_assert(dev, assert, pin)) != FIDO_OK) {