summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog7
-rw-r--r--scard.c38
2 files changed, 24 insertions, 21 deletions
diff --git a/ChangeLog b/ChangeLog
index d00aaadab..53e9808bc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -15,6 +15,11 @@
15 - stevesk@cvs.openbsd.org 2001/09/17 19:27:15 15 - stevesk@cvs.openbsd.org 2001/09/17 19:27:15
16 [kexdh.c kexgex.c key.c key.h ssh-dss.c ssh-keygen.c ssh-rsa.c] 16 [kexdh.c kexgex.c key.c key.h ssh-dss.c ssh-keygen.c ssh-rsa.c]
17 u_char*/char* cleanup; ok markus 17 u_char*/char* cleanup; ok markus
18 - markus@cvs.openbsd.org 2001/09/17 20:22:14
19 [scard.c]
20 never keep a connection to the smartcard open.
21 allows ssh-keygen -D U while the agent is running; report from
22 jakob@
18 23
1920010917 2420010917
20 - (djm) x11-ssh-askpass-1.2.4 in RPM spec, revert workarounds 25 - (djm) x11-ssh-askpass-1.2.4 in RPM spec, revert workarounds
@@ -6475,4 +6480,4 @@
6475 - Wrote replacements for strlcpy and mkdtemp 6480 - Wrote replacements for strlcpy and mkdtemp
6476 - Released 1.0pre1 6481 - Released 1.0pre1
6477 6482
6478$Id: ChangeLog,v 1.1533 2001/09/18 05:41:19 mouring Exp $ 6483$Id: ChangeLog,v 1.1534 2001/09/18 05:45:44 mouring Exp $
diff --git a/scard.c b/scard.c
index 3a0288aaa..f67f7e7ef 100644
--- a/scard.c
+++ b/scard.c
@@ -24,7 +24,7 @@
24 24
25#include "includes.h" 25#include "includes.h"
26#ifdef SMARTCARD 26#ifdef SMARTCARD
27RCSID("$OpenBSD: scard.c,v 1.13 2001/08/02 16:14:05 jakob Exp $"); 27RCSID("$OpenBSD: scard.c,v 1.14 2001/09/17 20:22:14 markus Exp $");
28 28
29#include <openssl/engine.h> 29#include <openssl/engine.h>
30#include <sectok.h> 30#include <sectok.h>
@@ -120,14 +120,14 @@ sc_read_pubkey(Key * k)
120{ 120{
121 u_char buf[2], *n; 121 u_char buf[2], *n;
122 char *p; 122 char *p;
123 int len, sw, status; 123 int len, sw, status = -1;
124 124
125 len = sw = 0; 125 len = sw = 0;
126 126
127 if (sc_fd < 0) { 127 if (sc_fd < 0) {
128 status = sc_init(); 128 status = sc_init();
129 if (status < 0 ) 129 if (status < 0 )
130 return status; 130 goto err;
131 } 131 }
132 132
133 /* get key size */ 133 /* get key size */
@@ -135,8 +135,7 @@ sc_read_pubkey(Key * k)
135 sizeof(buf), buf, &sw); 135 sizeof(buf), buf, &sw);
136 if (!sectok_swOK(sw)) { 136 if (!sectok_swOK(sw)) {
137 error("could not obtain key length: %s", sectok_get_sw(sw)); 137 error("could not obtain key length: %s", sectok_get_sw(sw));
138 sc_close(); 138 goto err;
139 return -1;
140 } 139 }
141 len = (buf[0] << 8) | buf[1]; 140 len = (buf[0] << 8) | buf[1];
142 len /= 8; 141 len /= 8;
@@ -147,30 +146,32 @@ sc_read_pubkey(Key * k)
147 sectok_apdu(sc_fd, CLA_SSH, INS_GET_PUBKEY, 0, 0, 0, NULL, len, n, &sw); 146 sectok_apdu(sc_fd, CLA_SSH, INS_GET_PUBKEY, 0, 0, 0, NULL, len, n, &sw);
148 if (!sectok_swOK(sw)) { 147 if (!sectok_swOK(sw)) {
149 error("could not obtain public key: %s", sectok_get_sw(sw)); 148 error("could not obtain public key: %s", sectok_get_sw(sw));
150 xfree(n); 149 goto err;
151 return -1;
152 } 150 }
151
153 debug("INS_GET_KEYLENGTH: sw %s", sectok_get_sw(sw)); 152 debug("INS_GET_KEYLENGTH: sw %s", sectok_get_sw(sw));
154 153
155 if (BN_bin2bn(n, len, k->rsa->n) == NULL) { 154 if (BN_bin2bn(n, len, k->rsa->n) == NULL) {
156 error("c_read_pubkey: BN_bin2bn failed"); 155 error("c_read_pubkey: BN_bin2bn failed");
157 xfree(n); 156 goto err;
158 sc_close();
159 return -1;
160 } 157 }
161 xfree(n);
162 158
163 /* currently the java applet just stores 'n' */ 159 /* currently the java applet just stores 'n' */
164 if (!BN_set_word(k->rsa->e, 35)) { 160 if (!BN_set_word(k->rsa->e, 35)) {
165 error("c_read_pubkey: BN_set_word(e, 35) failed"); 161 error("c_read_pubkey: BN_set_word(e, 35) failed");
166 return -1; 162 goto err;
167 } 163 }
168 164
165 status = 0;
169 p = key_fingerprint(k, SSH_FP_MD5, SSH_FP_HEX); 166 p = key_fingerprint(k, SSH_FP_MD5, SSH_FP_HEX);
170 debug("fingerprint %d %s", key_size(k), p); 167 debug("fingerprint %d %s", key_size(k), p);
171 xfree(p); 168 xfree(p);
172 169
173 return 0; 170err:
171 if (n != NULL)
172 xfree(n);
173 sc_close();
174 return status;
174} 175}
175 176
176/* private key operations */ 177/* private key operations */
@@ -179,7 +180,7 @@ static int
179sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding) 180sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding)
180{ 181{
181 u_char *padded = NULL; 182 u_char *padded = NULL;
182 int sw, len, olen, status; 183 int sw, len, olen, status = -1;
183 184
184 debug("sc_private_decrypt called"); 185 debug("sc_private_decrypt called");
185 186
@@ -199,7 +200,6 @@ sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding)
199 if (!sectok_swOK(sw)) { 200 if (!sectok_swOK(sw)) {
200 error("sc_private_decrypt: INS_DECRYPT failed: %s", 201 error("sc_private_decrypt: INS_DECRYPT failed: %s",
201 sectok_get_sw(sw)); 202 sectok_get_sw(sw));
202 sc_close();
203 goto err; 203 goto err;
204 } 204 }
205 sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL, 205 sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL,
@@ -207,7 +207,6 @@ sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding)
207 if (!sectok_swOK(sw)) { 207 if (!sectok_swOK(sw)) {
208 error("sc_private_decrypt: INS_GET_RESPONSE failed: %s", 208 error("sc_private_decrypt: INS_GET_RESPONSE failed: %s",
209 sectok_get_sw(sw)); 209 sectok_get_sw(sw));
210 sc_close();
211 goto err; 210 goto err;
212 } 211 }
213 olen = RSA_padding_check_PKCS1_type_2(to, len, padded + 1, len - 1, 212 olen = RSA_padding_check_PKCS1_type_2(to, len, padded + 1, len - 1,
@@ -215,6 +214,7 @@ sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding)
215err: 214err:
216 if (padded) 215 if (padded)
217 xfree(padded); 216 xfree(padded);
217 sc_close();
218 return (olen >= 0 ? olen : status); 218 return (olen >= 0 ? olen : status);
219} 219}
220 220
@@ -222,7 +222,7 @@ static int
222sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding) 222sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding)
223{ 223{
224 u_char *padded = NULL; 224 u_char *padded = NULL;
225 int sw, len, status; 225 int sw, len, status = -1;
226 226
227 len = sw = 0; 227 len = sw = 0;
228 if (sc_fd < 0) { 228 if (sc_fd < 0) {
@@ -245,7 +245,6 @@ sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding)
245 if (!sectok_swOK(sw)) { 245 if (!sectok_swOK(sw)) {
246 error("sc_private_decrypt: INS_DECRYPT failed: %s", 246 error("sc_private_decrypt: INS_DECRYPT failed: %s",
247 sectok_get_sw(sw)); 247 sectok_get_sw(sw));
248 sc_close();
249 goto err; 248 goto err;
250 } 249 }
251 sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL, 250 sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL,
@@ -253,12 +252,12 @@ sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding)
253 if (!sectok_swOK(sw)) { 252 if (!sectok_swOK(sw)) {
254 error("sc_private_decrypt: INS_GET_RESPONSE failed: %s", 253 error("sc_private_decrypt: INS_GET_RESPONSE failed: %s",
255 sectok_get_sw(sw)); 254 sectok_get_sw(sw));
256 sc_close();
257 goto err; 255 goto err;
258 } 256 }
259err: 257err:
260 if (padded) 258 if (padded)
261 xfree(padded); 259 xfree(padded);
260 sc_close();
262 return (len >= 0 ? len : status); 261 return (len >= 0 ? len : status);
263} 262}
264 263
@@ -367,6 +366,5 @@ sc_get_key(const char *id)
367 return NULL; 366 return NULL;
368 } 367 }
369 return k; 368 return k;
370 sc_close();
371} 369}
372#endif /* SMARTCARD */ 370#endif /* SMARTCARD */