diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | scard.c | 68 | ||||
-rw-r--r-- | scard.h | 3 | ||||
-rw-r--r-- | ssh-agent.c | 5 |
4 files changed, 61 insertions, 20 deletions
@@ -7,6 +7,9 @@ | |||
7 | - markus@cvs.openbsd.org 2001/07/04 22:47:19 | 7 | - markus@cvs.openbsd.org 2001/07/04 22:47:19 |
8 | [ssh-agent.c] | 8 | [ssh-agent.c] |
9 | ignore SIGPIPE when debugging, too | 9 | ignore SIGPIPE when debugging, too |
10 | - markus@cvs.openbsd.org 2001/07/04 23:13:10 | ||
11 | [scard.c scard.h ssh-agent.c] | ||
12 | handle card removal more gracefully, add sc_close() to scard.h | ||
10 | 13 | ||
11 | 20010711 | 14 | 20010711 |
12 | - (djm) dirname(3) may modify its argument on glibc and other systems. | 15 | - (djm) dirname(3) may modify its argument on glibc and other systems. |
@@ -5982,4 +5985,4 @@ | |||
5982 | - Wrote replacements for strlcpy and mkdtemp | 5985 | - Wrote replacements for strlcpy and mkdtemp |
5983 | - Released 1.0pre1 | 5986 | - Released 1.0pre1 |
5984 | 5987 | ||
5985 | $Id: ChangeLog,v 1.1387 2001/07/14 02:12:55 djm Exp $ | 5988 | $Id: ChangeLog,v 1.1388 2001/07/14 02:13:26 djm Exp $ |
@@ -24,7 +24,7 @@ | |||
24 | 24 | ||
25 | #ifdef SMARTCARD | 25 | #ifdef SMARTCARD |
26 | #include "includes.h" | 26 | #include "includes.h" |
27 | RCSID("$OpenBSD: scard.c,v 1.4 2001/07/02 22:40:17 markus Exp $"); | 27 | RCSID("$OpenBSD: scard.c,v 1.5 2001/07/04 23:13:09 markus Exp $"); |
28 | 28 | ||
29 | #include <openssl/engine.h> | 29 | #include <openssl/engine.h> |
30 | #include <sectok.h> | 30 | #include <sectok.h> |
@@ -43,31 +43,31 @@ RCSID("$OpenBSD: scard.c,v 1.4 2001/07/02 22:40:17 markus Exp $"); | |||
43 | #define MAX_BUF_SIZE 256 | 43 | #define MAX_BUF_SIZE 256 |
44 | 44 | ||
45 | static int sc_fd = -1; | 45 | static int sc_fd = -1; |
46 | static int sc_reader_num = 0; | 46 | static int sc_reader_num = -1; |
47 | static int cla = 0x00; /* class */ | 47 | static int cla = 0x00; /* class */ |
48 | 48 | ||
49 | /* interface to libsectok */ | 49 | /* interface to libsectok */ |
50 | 50 | ||
51 | static int | 51 | static int |
52 | sc_open(int num) | 52 | sc_open(void) |
53 | { | 53 | { |
54 | u_char atr[256]; | 54 | u_char atr[256]; |
55 | int sw; | 55 | int sw; |
56 | 56 | ||
57 | if (sc_fd >= 0) | 57 | if (sc_fd >= 0) |
58 | return sc_fd; | 58 | return sc_fd; |
59 | sc_reader_num = num; | ||
60 | 59 | ||
61 | sc_fd = sectok_open(sc_reader_num, 0, NULL); | 60 | sc_fd = sectok_open(sc_reader_num, 0, &sw); |
62 | if (sc_fd < 0) { | 61 | if (sc_fd < 0) { |
63 | error("sectok_open failed %d", sc_fd); | 62 | error("sectok_open failed: %s", sectok_get_sw(sw)); |
64 | return sc_fd; | 63 | return -1; |
65 | } | 64 | } |
66 | if (sectok_reset(sc_fd, 0, atr, &sw) <= 0) { | 65 | if (sectok_reset(sc_fd, 0, atr, &sw) <= 0) { |
67 | error("sectok_reset failed: %s", sectok_get_sw(sw)); | 66 | error("sectok_reset failed: %s", sectok_get_sw(sw)); |
68 | sc_fd = -1; | 67 | sc_fd = -1; |
69 | return sc_fd; | 68 | return sc_fd; |
70 | } | 69 | } |
70 | |||
71 | debug("sc_open ok %d", sc_fd); | 71 | debug("sc_open ok %d", sc_fd); |
72 | return sc_fd; | 72 | return sc_fd; |
73 | } | 73 | } |
@@ -85,10 +85,12 @@ sc_enable_applet(void) | |||
85 | if (sectok_selectfile(sc_fd, cla, root_fid, &sw) < 0) { | 85 | if (sectok_selectfile(sc_fd, cla, root_fid, &sw) < 0) { |
86 | error("sectok_selectfile root_fid failed: %s", | 86 | error("sectok_selectfile root_fid failed: %s", |
87 | sectok_get_sw(sw)); | 87 | sectok_get_sw(sw)); |
88 | sc_close(); | ||
88 | return -1; | 89 | return -1; |
89 | } | 90 | } |
90 | if (sectok_selectfile(sc_fd, cla, contID, &sw) < 0) { | 91 | if (sectok_selectfile(sc_fd, cla, contID, &sw) < 0) { |
91 | error("sectok_selectfile failed: %s", sectok_get_sw(sw)); | 92 | error("sectok_selectfile failed: %s", sectok_get_sw(sw)); |
93 | sc_close(); | ||
92 | return -1; | 94 | return -1; |
93 | } | 95 | } |
94 | /* send appled id */ | 96 | /* send appled id */ |
@@ -98,6 +100,21 @@ sc_enable_applet(void) | |||
98 | sectok_apdu(sc_fd, cla, 0xa4, 0x04, 0, aid_len, aid, 0, NULL, &sw); | 100 | sectok_apdu(sc_fd, cla, 0xa4, 0x04, 0, aid_len, aid, 0, NULL, &sw); |
99 | if (!sectok_swOK(sw)) { | 101 | if (!sectok_swOK(sw)) { |
100 | error("sectok_apdu failed: %s", sectok_get_sw(sw)); | 102 | error("sectok_apdu failed: %s", sectok_get_sw(sw)); |
103 | sc_close(); | ||
104 | return -1; | ||
105 | } | ||
106 | return 0; | ||
107 | } | ||
108 | |||
109 | static int | ||
110 | sc_init(void) | ||
111 | { | ||
112 | if (sc_open() < 0) { | ||
113 | error("sc_open failed"); | ||
114 | return -1; | ||
115 | } | ||
116 | if (sc_enable_applet() < 0) { | ||
117 | error("sc_enable_applet failed"); | ||
101 | return -1; | 118 | return -1; |
102 | } | 119 | } |
103 | return 0; | 120 | return 0; |
@@ -112,11 +129,16 @@ sc_read_pubkey(Key * k) | |||
112 | 129 | ||
113 | len = sw = 0; | 130 | len = sw = 0; |
114 | 131 | ||
132 | if (sc_fd < 0) | ||
133 | if (sc_init() < 0) | ||
134 | return -1; | ||
135 | |||
115 | /* get key size */ | 136 | /* get key size */ |
116 | sectok_apdu(sc_fd, CLA_SSH, INS_GET_KEYLENGTH, 0, 0, 0, NULL, | 137 | sectok_apdu(sc_fd, CLA_SSH, INS_GET_KEYLENGTH, 0, 0, 0, NULL, |
117 | sizeof(buf), buf, &sw); | 138 | sizeof(buf), buf, &sw); |
118 | if (!sectok_swOK(sw)) { | 139 | if (!sectok_swOK(sw)) { |
119 | error("could not obtain key length: %s", sectok_get_sw(sw)); | 140 | error("could not obtain key length: %s", sectok_get_sw(sw)); |
141 | sc_close(); | ||
120 | return -1; | 142 | return -1; |
121 | } | 143 | } |
122 | len = (buf[0] << 8) | buf[1]; | 144 | len = (buf[0] << 8) | buf[1]; |
@@ -136,6 +158,7 @@ sc_read_pubkey(Key * k) | |||
136 | if (BN_bin2bn(n, len, k->rsa->n) == NULL) { | 158 | if (BN_bin2bn(n, len, k->rsa->n) == NULL) { |
137 | error("c_read_pubkey: BN_bin2bn failed"); | 159 | error("c_read_pubkey: BN_bin2bn failed"); |
138 | xfree(n); | 160 | xfree(n); |
161 | sc_close(); | ||
139 | return -1; | 162 | return -1; |
140 | } | 163 | } |
141 | xfree(n); | 164 | xfree(n); |
@@ -164,6 +187,9 @@ sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding) | |||
164 | debug("sc_private_decrypt called"); | 187 | debug("sc_private_decrypt called"); |
165 | 188 | ||
166 | olen = len = sw = 0; | 189 | olen = len = sw = 0; |
190 | if (sc_fd < 0) | ||
191 | if (sc_init() < 0) | ||
192 | goto err; | ||
167 | if (padding != RSA_PKCS1_PADDING) | 193 | if (padding != RSA_PKCS1_PADDING) |
168 | goto err; | 194 | goto err; |
169 | 195 | ||
@@ -174,6 +200,7 @@ sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding) | |||
174 | if (!sectok_swOK(sw)) { | 200 | if (!sectok_swOK(sw)) { |
175 | error("sc_private_decrypt: INS_DECRYPT failed: %s", | 201 | error("sc_private_decrypt: INS_DECRYPT failed: %s", |
176 | sectok_get_sw(sw)); | 202 | sectok_get_sw(sw)); |
203 | sc_close(); | ||
177 | goto err; | 204 | goto err; |
178 | } | 205 | } |
179 | sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL, | 206 | sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL, |
@@ -181,6 +208,7 @@ sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding) | |||
181 | if (!sectok_swOK(sw)) { | 208 | if (!sectok_swOK(sw)) { |
182 | error("sc_private_decrypt: INS_GET_RESPONSE failed: %s", | 209 | error("sc_private_decrypt: INS_GET_RESPONSE failed: %s", |
183 | sectok_get_sw(sw)); | 210 | sectok_get_sw(sw)); |
211 | sc_close(); | ||
184 | goto err; | 212 | goto err; |
185 | } | 213 | } |
186 | olen = RSA_padding_check_PKCS1_type_2(to, len, padded + 1, len - 1, | 214 | olen = RSA_padding_check_PKCS1_type_2(to, len, padded + 1, len - 1, |
@@ -198,6 +226,9 @@ sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding) | |||
198 | int sw, len; | 226 | int sw, len; |
199 | 227 | ||
200 | len = sw = 0; | 228 | len = sw = 0; |
229 | if (sc_fd < 0) | ||
230 | if (sc_init() < 0) | ||
231 | goto err; | ||
201 | if (padding != RSA_PKCS1_PADDING) | 232 | if (padding != RSA_PKCS1_PADDING) |
202 | goto err; | 233 | goto err; |
203 | 234 | ||
@@ -213,6 +244,7 @@ sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding) | |||
213 | if (!sectok_swOK(sw)) { | 244 | if (!sectok_swOK(sw)) { |
214 | error("sc_private_decrypt: INS_DECRYPT failed: %s", | 245 | error("sc_private_decrypt: INS_DECRYPT failed: %s", |
215 | sectok_get_sw(sw)); | 246 | sectok_get_sw(sw)); |
247 | sc_close(); | ||
216 | goto err; | 248 | goto err; |
217 | } | 249 | } |
218 | sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL, | 250 | sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL, |
@@ -220,6 +252,7 @@ sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding) | |||
220 | if (!sectok_swOK(sw)) { | 252 | if (!sectok_swOK(sw)) { |
221 | error("sc_private_decrypt: INS_GET_RESPONSE failed: %s", | 253 | error("sc_private_decrypt: INS_GET_RESPONSE failed: %s", |
222 | sectok_get_sw(sw)); | 254 | sectok_get_sw(sw)); |
255 | sc_close(); | ||
223 | goto err; | 256 | goto err; |
224 | } | 257 | } |
225 | err: | 258 | err: |
@@ -282,19 +315,21 @@ sc_get_engine(void) | |||
282 | return smart_engine; | 315 | return smart_engine; |
283 | } | 316 | } |
284 | 317 | ||
318 | void | ||
319 | sc_close(void) | ||
320 | { | ||
321 | if (sc_fd >= 0) { | ||
322 | sectok_close(sc_fd); | ||
323 | sc_fd = -1; | ||
324 | } | ||
325 | } | ||
326 | |||
285 | Key * | 327 | Key * |
286 | sc_get_key(int sc_reader_num) | 328 | sc_get_key(int num) |
287 | { | 329 | { |
288 | Key *k; | 330 | Key *k; |
289 | 331 | ||
290 | if (sc_open(sc_reader_num) < 0) { | 332 | sc_reader_num = num; |
291 | error("sc_open failed"); | ||
292 | return NULL; | ||
293 | } | ||
294 | if (sc_enable_applet() < 0) { | ||
295 | error("sc_enable_applet failed"); | ||
296 | return NULL; | ||
297 | } | ||
298 | k = key_new(KEY_RSA); | 333 | k = key_new(KEY_RSA); |
299 | if (k == NULL) { | 334 | if (k == NULL) { |
300 | return NULL; | 335 | return NULL; |
@@ -305,5 +340,6 @@ sc_get_key(int sc_reader_num) | |||
305 | return NULL; | 340 | return NULL; |
306 | } | 341 | } |
307 | return k; | 342 | return k; |
343 | sc_close(); | ||
308 | } | 344 | } |
309 | #endif | 345 | #endif |
@@ -22,7 +22,7 @@ | |||
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
23 | */ | 23 | */ |
24 | 24 | ||
25 | /* $OpenBSD: scard.h,v 1.3 2001/06/26 17:27:24 markus Exp $ */ | 25 | /* $OpenBSD: scard.h,v 1.4 2001/07/04 23:13:10 markus Exp $ */ |
26 | 26 | ||
27 | #include <openssl/engine.h> | 27 | #include <openssl/engine.h> |
28 | 28 | ||
@@ -31,5 +31,6 @@ | |||
31 | 31 | ||
32 | Key *sc_get_key(int); | 32 | Key *sc_get_key(int); |
33 | ENGINE *sc_get_engine(void); | 33 | ENGINE *sc_get_engine(void); |
34 | void sc_close(void); | ||
34 | 35 | ||
35 | #endif | 36 | #endif |
diff --git a/ssh-agent.c b/ssh-agent.c index 392d1a0cd..61e79c5fc 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-agent.c,v 1.61 2001/07/04 22:47:19 markus Exp $ */ | 1 | /* $OpenBSD: ssh-agent.c,v 1.62 2001/07/04 23:13:10 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -36,7 +36,7 @@ | |||
36 | */ | 36 | */ |
37 | 37 | ||
38 | #include "includes.h" | 38 | #include "includes.h" |
39 | RCSID("$OpenBSD: ssh-agent.c,v 1.61 2001/07/04 22:47:19 markus Exp $"); | 39 | RCSID("$OpenBSD: ssh-agent.c,v 1.62 2001/07/04 23:13:10 markus Exp $"); |
40 | 40 | ||
41 | #include <openssl/evp.h> | 41 | #include <openssl/evp.h> |
42 | #include <openssl/md5.h> | 42 | #include <openssl/md5.h> |
@@ -536,6 +536,7 @@ process_remove_smartcard_key(SocketEntry *e) | |||
536 | success = 1; | 536 | success = 1; |
537 | } | 537 | } |
538 | key_free(k); | 538 | key_free(k); |
539 | sc_close(); | ||
539 | } | 540 | } |
540 | 541 | ||
541 | buffer_put_int(&e->output, 1); | 542 | buffer_put_int(&e->output, 1); |