summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2001-07-14 12:13:26 +1000
committerDamien Miller <djm@mindrot.org>2001-07-14 12:13:26 +1000
commit694be4b1d5b42ff176bafbed1c8f2aaa680ff21c (patch)
tree42c727e7807d61f8999c42ef4baa2571e1f3dba6
parent48bfa9cafaff0a8f615cb16449f9a3a2fdc39d67 (diff)
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/07/04 23:13:10 [scard.c scard.h ssh-agent.c] handle card removal more gracefully, add sc_close() to scard.h
Diffstat
-rw-r--r--ChangeLog5
-rw-r--r--scard.c68
-rw-r--r--scard.h3
-rw-r--r--ssh-agent.c5
4 files changed, 61 insertions, 20 deletions
diff --git a/ChangeLog b/ChangeLog
index 374be9208..7eacb0ec3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,9 @@
7 - markus@cvs.openbsd.org 2001/07/04 22:47:19 7 - markus@cvs.openbsd.org 2001/07/04 22:47:19
8 [ssh-agent.c] 8 [ssh-agent.c]
9 ignore SIGPIPE when debugging, too 9 ignore SIGPIPE when debugging, too
10 - markus@cvs.openbsd.org 2001/07/04 23:13:10
11 [scard.c scard.h ssh-agent.c]
12 handle card removal more gracefully, add sc_close() to scard.h
10 13
1120010711 1420010711
12 - (djm) dirname(3) may modify its argument on glibc and other systems. 15 - (djm) dirname(3) may modify its argument on glibc and other systems.
@@ -5982,4 +5985,4 @@
5982 - Wrote replacements for strlcpy and mkdtemp 5985 - Wrote replacements for strlcpy and mkdtemp
5983 - Released 1.0pre1 5986 - Released 1.0pre1
5984 5987
5985$Id: ChangeLog,v 1.1387 2001/07/14 02:12:55 djm Exp $ 5988$Id: ChangeLog,v 1.1388 2001/07/14 02:13:26 djm Exp $
diff --git a/scard.c b/scard.c
index 4f038ddac..721e021fb 100644
--- a/scard.c
+++ b/scard.c
@@ -24,7 +24,7 @@
24 24
25#ifdef SMARTCARD 25#ifdef SMARTCARD
26#include "includes.h" 26#include "includes.h"
27RCSID("$OpenBSD: scard.c,v 1.4 2001/07/02 22:40:17 markus Exp $"); 27RCSID("$OpenBSD: scard.c,v 1.5 2001/07/04 23:13:09 markus Exp $");
28 28
29#include <openssl/engine.h> 29#include <openssl/engine.h>
30#include <sectok.h> 30#include <sectok.h>
@@ -43,31 +43,31 @@ RCSID("$OpenBSD: scard.c,v 1.4 2001/07/02 22:40:17 markus Exp $");
43#define MAX_BUF_SIZE 256 43#define MAX_BUF_SIZE 256
44 44
45static int sc_fd = -1; 45static int sc_fd = -1;
46static int sc_reader_num = 0; 46static int sc_reader_num = -1;
47static int cla = 0x00; /* class */ 47static int cla = 0x00; /* class */
48 48
49/* interface to libsectok */ 49/* interface to libsectok */
50 50
51static int 51static int
52sc_open(int num) 52sc_open(void)
53{ 53{
54 u_char atr[256]; 54 u_char atr[256];
55 int sw; 55 int sw;
56 56
57 if (sc_fd >= 0) 57 if (sc_fd >= 0)
58 return sc_fd; 58 return sc_fd;
59 sc_reader_num = num;
60 59
61 sc_fd = sectok_open(sc_reader_num, 0, NULL); 60 sc_fd = sectok_open(sc_reader_num, 0, &sw);
62 if (sc_fd < 0) { 61 if (sc_fd < 0) {
63 error("sectok_open failed %d", sc_fd); 62 error("sectok_open failed: %s", sectok_get_sw(sw));
64 return sc_fd; 63 return -1;
65 } 64 }
66 if (sectok_reset(sc_fd, 0, atr, &sw) <= 0) { 65 if (sectok_reset(sc_fd, 0, atr, &sw) <= 0) {
67 error("sectok_reset failed: %s", sectok_get_sw(sw)); 66 error("sectok_reset failed: %s", sectok_get_sw(sw));
68 sc_fd = -1; 67 sc_fd = -1;
69 return sc_fd; 68 return sc_fd;
70 } 69 }
70
71 debug("sc_open ok %d", sc_fd); 71 debug("sc_open ok %d", sc_fd);
72 return sc_fd; 72 return sc_fd;
73} 73}
@@ -85,10 +85,12 @@ sc_enable_applet(void)
85 if (sectok_selectfile(sc_fd, cla, root_fid, &sw) < 0) { 85 if (sectok_selectfile(sc_fd, cla, root_fid, &sw) < 0) {
86 error("sectok_selectfile root_fid failed: %s", 86 error("sectok_selectfile root_fid failed: %s",
87 sectok_get_sw(sw)); 87 sectok_get_sw(sw));
88 sc_close();
88 return -1; 89 return -1;
89 } 90 }
90 if (sectok_selectfile(sc_fd, cla, contID, &sw) < 0) { 91 if (sectok_selectfile(sc_fd, cla, contID, &sw) < 0) {
91 error("sectok_selectfile failed: %s", sectok_get_sw(sw)); 92 error("sectok_selectfile failed: %s", sectok_get_sw(sw));
93 sc_close();
92 return -1; 94 return -1;
93 } 95 }
94 /* send appled id */ 96 /* send appled id */
@@ -98,6 +100,21 @@ sc_enable_applet(void)
98 sectok_apdu(sc_fd, cla, 0xa4, 0x04, 0, aid_len, aid, 0, NULL, &sw); 100 sectok_apdu(sc_fd, cla, 0xa4, 0x04, 0, aid_len, aid, 0, NULL, &sw);
99 if (!sectok_swOK(sw)) { 101 if (!sectok_swOK(sw)) {
100 error("sectok_apdu failed: %s", sectok_get_sw(sw)); 102 error("sectok_apdu failed: %s", sectok_get_sw(sw));
103 sc_close();
104 return -1;
105 }
106 return 0;
107}
108
109static int
110sc_init(void)
111{
112 if (sc_open() < 0) {
113 error("sc_open failed");
114 return -1;
115 }
116 if (sc_enable_applet() < 0) {
117 error("sc_enable_applet failed");
101 return -1; 118 return -1;
102 } 119 }
103 return 0; 120 return 0;
@@ -112,11 +129,16 @@ sc_read_pubkey(Key * k)
112 129
113 len = sw = 0; 130 len = sw = 0;
114 131
132 if (sc_fd < 0)
133 if (sc_init() < 0)
134 return -1;
135
115 /* get key size */ 136 /* get key size */
116 sectok_apdu(sc_fd, CLA_SSH, INS_GET_KEYLENGTH, 0, 0, 0, NULL, 137 sectok_apdu(sc_fd, CLA_SSH, INS_GET_KEYLENGTH, 0, 0, 0, NULL,
117 sizeof(buf), buf, &sw); 138 sizeof(buf), buf, &sw);
118 if (!sectok_swOK(sw)) { 139 if (!sectok_swOK(sw)) {
119 error("could not obtain key length: %s", sectok_get_sw(sw)); 140 error("could not obtain key length: %s", sectok_get_sw(sw));
141 sc_close();
120 return -1; 142 return -1;
121 } 143 }
122 len = (buf[0] << 8) | buf[1]; 144 len = (buf[0] << 8) | buf[1];
@@ -136,6 +158,7 @@ sc_read_pubkey(Key * k)
136 if (BN_bin2bn(n, len, k->rsa->n) == NULL) { 158 if (BN_bin2bn(n, len, k->rsa->n) == NULL) {
137 error("c_read_pubkey: BN_bin2bn failed"); 159 error("c_read_pubkey: BN_bin2bn failed");
138 xfree(n); 160 xfree(n);
161 sc_close();
139 return -1; 162 return -1;
140 } 163 }
141 xfree(n); 164 xfree(n);
@@ -164,6 +187,9 @@ sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding)
164 debug("sc_private_decrypt called"); 187 debug("sc_private_decrypt called");
165 188
166 olen = len = sw = 0; 189 olen = len = sw = 0;
190 if (sc_fd < 0)
191 if (sc_init() < 0)
192 goto err;
167 if (padding != RSA_PKCS1_PADDING) 193 if (padding != RSA_PKCS1_PADDING)
168 goto err; 194 goto err;
169 195
@@ -174,6 +200,7 @@ sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding)
174 if (!sectok_swOK(sw)) { 200 if (!sectok_swOK(sw)) {
175 error("sc_private_decrypt: INS_DECRYPT failed: %s", 201 error("sc_private_decrypt: INS_DECRYPT failed: %s",
176 sectok_get_sw(sw)); 202 sectok_get_sw(sw));
203 sc_close();
177 goto err; 204 goto err;
178 } 205 }
179 sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL, 206 sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL,
@@ -181,6 +208,7 @@ sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding)
181 if (!sectok_swOK(sw)) { 208 if (!sectok_swOK(sw)) {
182 error("sc_private_decrypt: INS_GET_RESPONSE failed: %s", 209 error("sc_private_decrypt: INS_GET_RESPONSE failed: %s",
183 sectok_get_sw(sw)); 210 sectok_get_sw(sw));
211 sc_close();
184 goto err; 212 goto err;
185 } 213 }
186 olen = RSA_padding_check_PKCS1_type_2(to, len, padded + 1, len - 1, 214 olen = RSA_padding_check_PKCS1_type_2(to, len, padded + 1, len - 1,
@@ -198,6 +226,9 @@ sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding)
198 int sw, len; 226 int sw, len;
199 227
200 len = sw = 0; 228 len = sw = 0;
229 if (sc_fd < 0)
230 if (sc_init() < 0)
231 goto err;
201 if (padding != RSA_PKCS1_PADDING) 232 if (padding != RSA_PKCS1_PADDING)
202 goto err; 233 goto err;
203 234
@@ -213,6 +244,7 @@ sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding)
213 if (!sectok_swOK(sw)) { 244 if (!sectok_swOK(sw)) {
214 error("sc_private_decrypt: INS_DECRYPT failed: %s", 245 error("sc_private_decrypt: INS_DECRYPT failed: %s",
215 sectok_get_sw(sw)); 246 sectok_get_sw(sw));
247 sc_close();
216 goto err; 248 goto err;
217 } 249 }
218 sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL, 250 sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL,
@@ -220,6 +252,7 @@ sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding)
220 if (!sectok_swOK(sw)) { 252 if (!sectok_swOK(sw)) {
221 error("sc_private_decrypt: INS_GET_RESPONSE failed: %s", 253 error("sc_private_decrypt: INS_GET_RESPONSE failed: %s",
222 sectok_get_sw(sw)); 254 sectok_get_sw(sw));
255 sc_close();
223 goto err; 256 goto err;
224 } 257 }
225err: 258err:
@@ -282,19 +315,21 @@ sc_get_engine(void)
282 return smart_engine; 315 return smart_engine;
283} 316}
284 317
318void
319sc_close(void)
320{
321 if (sc_fd >= 0) {
322 sectok_close(sc_fd);
323 sc_fd = -1;
324 }
325}
326
285Key * 327Key *
286sc_get_key(int sc_reader_num) 328sc_get_key(int num)
287{ 329{
288 Key *k; 330 Key *k;
289 331
290 if (sc_open(sc_reader_num) < 0) { 332 sc_reader_num = num;
291 error("sc_open failed");
292 return NULL;
293 }
294 if (sc_enable_applet() < 0) {
295 error("sc_enable_applet failed");
296 return NULL;
297 }
298 k = key_new(KEY_RSA); 333 k = key_new(KEY_RSA);
299 if (k == NULL) { 334 if (k == NULL) {
300 return NULL; 335 return NULL;
@@ -305,5 +340,6 @@ sc_get_key(int sc_reader_num)
305 return NULL; 340 return NULL;
306 } 341 }
307 return k; 342 return k;
343 sc_close();
308} 344}
309#endif 345#endif
diff --git a/scard.h b/scard.h
index 480be0764..a4303c379 100644
--- a/scard.h
+++ b/scard.h
@@ -22,7 +22,7 @@
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */ 23 */
24 24
25/* $OpenBSD: scard.h,v 1.3 2001/06/26 17:27:24 markus Exp $ */ 25/* $OpenBSD: scard.h,v 1.4 2001/07/04 23:13:10 markus Exp $ */
26 26
27#include <openssl/engine.h> 27#include <openssl/engine.h>
28 28
@@ -31,5 +31,6 @@
31 31
32Key *sc_get_key(int); 32Key *sc_get_key(int);
33ENGINE *sc_get_engine(void); 33ENGINE *sc_get_engine(void);
34void sc_close(void);
34 35
35#endif 36#endif
diff --git a/ssh-agent.c b/ssh-agent.c
index 392d1a0cd..61e79c5fc 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-agent.c,v 1.61 2001/07/04 22:47:19 markus Exp $ */ 1/* $OpenBSD: ssh-agent.c,v 1.62 2001/07/04 23:13:10 markus Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -36,7 +36,7 @@
36 */ 36 */
37 37
38#include "includes.h" 38#include "includes.h"
39RCSID("$OpenBSD: ssh-agent.c,v 1.61 2001/07/04 22:47:19 markus Exp $"); 39RCSID("$OpenBSD: ssh-agent.c,v 1.62 2001/07/04 23:13:10 markus Exp $");
40 40
41#include <openssl/evp.h> 41#include <openssl/evp.h>
42#include <openssl/md5.h> 42#include <openssl/md5.h>
@@ -536,6 +536,7 @@ process_remove_smartcard_key(SocketEntry *e)
536 success = 1; 536 success = 1;
537 } 537 }
538 key_free(k); 538 key_free(k);
539 sc_close();
539 } 540 }
540 541
541 buffer_put_int(&e->output, 1); 542 buffer_put_int(&e->output, 1);
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-05 12:43:14 +0000