Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

===================================================================
RCS file: /ftp/cvs/cvsroot/src/crypto/external/bsd/openssh/dist/ssh-agent.c,v
rcsdiff: /ftp/cvs/cvsroot/src/crypto/external/bsd/openssh/dist/ssh-agent.c,v: warning: Unknown phrases like `commitid ...;' are present.
retrieving revision 1.1.1.25
retrieving revision 1.1.1.26
diff -u -p -r1.1.1.25 -r1.1.1.26
--- src/crypto/external/bsd/openssh/dist/ssh-agent.c	2022/02/23 19:04:26	1.1.1.25
+++ src/crypto/external/bsd/openssh/dist/ssh-agent.c	2022/10/05 22:35:33	1.1.1.26
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.287 2022/01/14 03:43:48 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.292 2022/09/17 10:11:29 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -795,21 +795,13 @@ process_sign_request2(SocketEntry *e)
 		goto send;
 	}
 	if (sshkey_is_sk(id->key)) {
-		if (strncmp(id->key->sk_application, "ssh:", 4) != 0 &&
+		if (restrict_websafe &&
+		    strncmp(id->key->sk_application, "ssh:", 4) != 0 &&
 		    !check_websafe_message_contents(key, data)) {
 			/* error already logged */
 			goto send;
 		}
-		if ((id->key->sk_flags & SSH_SK_USER_VERIFICATION_REQD)) {
-			/* XXX include sig_dest */
-			xasprintf(&prompt, "Enter PIN%sfor %s key %s: ",
-			    (id->key->sk_flags & SSH_SK_USER_PRESENCE_REQD) ?
-			    " and confirm user presence " : " ",
-			    sshkey_type(id->key), fp);
-			pin = read_passphrase(prompt, RP_USE_ASKPASS);
-			free(prompt);
-			prompt = NULL;
-		} else if ((id->key->sk_flags & SSH_SK_USER_PRESENCE_REQD)) {
+		if (id->key->sk_flags & SSH_SK_USER_PRESENCE_REQD) {
 			notifier = notify_start(0,
 			    "Confirm user presence for key %s %s%s%s",
 			    sshkey_type(id->key), fp,
@@ -824,10 +816,8 @@ process_sign_request2(SocketEntry *e)
 		debug_fr(r, "sshkey_sign");
 		if (pin == NULL && !retried && sshkey_is_sk(id->key) &&
 		    r == SSH_ERR_KEY_WRONG_PASSPHRASE) {
-			if (notifier) {
-				notify_complete(notifier, NULL);
-				notifier = NULL;
-			}
+			notify_complete(notifier, NULL);
+			notifier = NULL;
 			/* XXX include sig_dest */
 			xasprintf(&prompt, "Enter PIN%sfor %s key %s: ",
 			    (id->key->sk_flags & SSH_SK_USER_PRESENCE_REQD) ?
@@ -843,6 +833,7 @@ process_sign_request2(SocketEntry *e)
 	/* Success */
 	ok = 0;
  send:
+	debug_f("good signature");
 	notify_complete(notifier, "User presence confirmed");
 
 	if (ok == 0) {
@@ -1557,6 +1548,7 @@ process_ext_session_bind(SocketEntry *e)
 	/* success */
 	r = 0;
  out:
+	free(fp);
 	sshkey_free(key);
 	sshbuf_free(sid);
 	sshbuf_free(sig);