diff options
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | scard.c | 55 | ||||
| -rw-r--r-- | scard.h | 6 |
3 files changed, 45 insertions, 21 deletions
| @@ -58,6 +58,9 @@ | |||
| 58 | - mouring@cvs.openbsd.org 2001/07/29 17:02:46 | 58 | - mouring@cvs.openbsd.org 2001/07/29 17:02:46 |
| 59 | [scp.1] | 59 | [scp.1] |
| 60 | Clarified -o option in scp.1 OKed by Markus@ | 60 | Clarified -o option in scp.1 OKed by Markus@ |
| 61 | - jakob@cvs.openbsd.org 2001/07/30 16:06:07 | ||
| 62 | [scard.c scard.h] | ||
| 63 | better errorcodes from sc_*; ok markus@ | ||
| 61 | 64 | ||
| 62 | 20010803 | 65 | 20010803 |
| 63 | - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on | 66 | - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on |
| @@ -6168,4 +6171,4 @@ | |||
| 6168 | - Wrote replacements for strlcpy and mkdtemp | 6171 | - Wrote replacements for strlcpy and mkdtemp |
| 6169 | - Released 1.0pre1 | 6172 | - Released 1.0pre1 |
| 6170 | 6173 | ||
| 6171 | $Id: ChangeLog,v 1.1442 2001/08/06 21:20:22 mouring Exp $ | 6174 | $Id: ChangeLog,v 1.1443 2001/08/06 21:22:10 mouring Exp $ |
| @@ -24,7 +24,7 @@ | |||
| 24 | 24 | ||
| 25 | #ifdef SMARTCARD | 25 | #ifdef SMARTCARD |
| 26 | #include "includes.h" | 26 | #include "includes.h" |
| 27 | RCSID("$OpenBSD: scard.c,v 1.7 2001/07/26 20:04:27 rees Exp $"); | 27 | RCSID("$OpenBSD: scard.c,v 1.8 2001/07/30 16:06:07 jakob Exp $"); |
| 28 | 28 | ||
| 29 | #include <openssl/engine.h> | 29 | #include <openssl/engine.h> |
| 30 | #include <sectok.h> | 30 | #include <sectok.h> |
| @@ -56,15 +56,20 @@ sc_open(void) | |||
| 56 | if (sc_fd >= 0) | 56 | if (sc_fd >= 0) |
| 57 | return sc_fd; | 57 | return sc_fd; |
| 58 | 58 | ||
| 59 | sc_fd = sectok_open(sc_reader_num, 0, &sw); | 59 | sc_fd = sectok_open(sc_reader_num, STONOWAIT, &sw); |
| 60 | if (sc_fd < 0) { | 60 | if (sc_fd < 0) { |
| 61 | error("sectok_open failed: %s", sectok_get_sw(sw)); | 61 | error("sectok_open failed: %s", sectok_get_sw(sw)); |
| 62 | return -1; | 62 | return SCARD_ERROR_FAIL; |
| 63 | } | ||
| 64 | if (! sectok_cardpresent(sc_fd)) { | ||
| 65 | error("smartcard in reader %d not present, skipping", | ||
| 66 | sc_reader_num); | ||
| 67 | return SCARD_ERROR_NOCARD; | ||
| 63 | } | 68 | } |
| 64 | if (sectok_reset(sc_fd, 0, NULL, &sw) <= 0) { | 69 | if (sectok_reset(sc_fd, 0, NULL, &sw) <= 0) { |
| 65 | error("sectok_reset failed: %s", sectok_get_sw(sw)); | 70 | error("sectok_reset failed: %s", sectok_get_sw(sw)); |
| 66 | sc_fd = -1; | 71 | sc_fd = -1; |
| 67 | return sc_fd; | 72 | return SCARD_ERROR_FAIL; |
| 68 | } | 73 | } |
| 69 | if ((cla = cyberflex_inq_class(sc_fd)) < 0) | 74 | if ((cla = cyberflex_inq_class(sc_fd)) < 0) |
| 70 | cla = 0; | 75 | cla = 0; |
| @@ -92,13 +97,19 @@ sc_enable_applet(void) | |||
| 92 | static int | 97 | static int |
| 93 | sc_init(void) | 98 | sc_init(void) |
| 94 | { | 99 | { |
| 95 | if (sc_open() < 0) { | 100 | int status; |
| 101 | |||
| 102 | status = sc_open(); | ||
| 103 | if (status == SCARD_ERROR_NOCARD) { | ||
| 104 | return SCARD_ERROR_NOCARD; | ||
| 105 | } | ||
| 106 | if (status < 0 ) { | ||
| 96 | error("sc_open failed"); | 107 | error("sc_open failed"); |
| 97 | return -1; | 108 | return status; |
| 98 | } | 109 | } |
| 99 | if (sc_enable_applet() < 0) { | 110 | if (sc_enable_applet() < 0) { |
| 100 | error("sc_enable_applet failed"); | 111 | error("sc_enable_applet failed"); |
| 101 | return -1; | 112 | return SCARD_ERROR_APPLET; |
| 102 | } | 113 | } |
| 103 | return 0; | 114 | return 0; |
| 104 | } | 115 | } |
| @@ -108,13 +119,15 @@ sc_read_pubkey(Key * k) | |||
| 108 | { | 119 | { |
| 109 | u_char buf[2], *n; | 120 | u_char buf[2], *n; |
| 110 | char *p; | 121 | char *p; |
| 111 | int len, sw; | 122 | int len, sw, status; |
| 112 | 123 | ||
| 113 | len = sw = 0; | 124 | len = sw = 0; |
| 114 | 125 | ||
| 115 | if (sc_fd < 0) | 126 | if (sc_fd < 0) { |
| 116 | if (sc_init() < 0) | 127 | status = sc_init(); |
| 117 | return -1; | 128 | if (status < 0 ) |
| 129 | return status; | ||
| 130 | } | ||
| 118 | 131 | ||
| 119 | /* get key size */ | 132 | /* get key size */ |
| 120 | sectok_apdu(sc_fd, CLA_SSH, INS_GET_KEYLENGTH, 0, 0, 0, NULL, | 133 | sectok_apdu(sc_fd, CLA_SSH, INS_GET_KEYLENGTH, 0, 0, 0, NULL, |
| @@ -165,14 +178,16 @@ static int | |||
| 165 | sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding) | 178 | sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding) |
| 166 | { | 179 | { |
| 167 | u_char *padded = NULL; | 180 | u_char *padded = NULL; |
| 168 | int sw, len, olen; | 181 | int sw, len, olen, status; |
| 169 | 182 | ||
| 170 | debug("sc_private_decrypt called"); | 183 | debug("sc_private_decrypt called"); |
| 171 | 184 | ||
| 172 | olen = len = sw = 0; | 185 | olen = len = sw = 0; |
| 173 | if (sc_fd < 0) | 186 | if (sc_fd < 0) { |
| 174 | if (sc_init() < 0) | 187 | status = sc_init(); |
| 188 | if (status < 0 ) | ||
| 175 | goto err; | 189 | goto err; |
| 190 | } | ||
| 176 | if (padding != RSA_PKCS1_PADDING) | 191 | if (padding != RSA_PKCS1_PADDING) |
| 177 | goto err; | 192 | goto err; |
| 178 | 193 | ||
| @@ -199,19 +214,21 @@ sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding) | |||
| 199 | err: | 214 | err: |
| 200 | if (padded) | 215 | if (padded) |
| 201 | xfree(padded); | 216 | xfree(padded); |
| 202 | return olen; | 217 | return (olen >= 0 ? olen : status); |
| 203 | } | 218 | } |
| 204 | 219 | ||
| 205 | static int | 220 | static int |
| 206 | sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding) | 221 | sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding) |
| 207 | { | 222 | { |
| 208 | u_char *padded = NULL; | 223 | u_char *padded = NULL; |
| 209 | int sw, len; | 224 | int sw, len, status; |
| 210 | 225 | ||
| 211 | len = sw = 0; | 226 | len = sw = 0; |
| 212 | if (sc_fd < 0) | 227 | if (sc_fd < 0) { |
| 213 | if (sc_init() < 0) | 228 | status = sc_init(); |
| 229 | if (status < 0 ) | ||
| 214 | goto err; | 230 | goto err; |
| 231 | } | ||
| 215 | if (padding != RSA_PKCS1_PADDING) | 232 | if (padding != RSA_PKCS1_PADDING) |
| 216 | goto err; | 233 | goto err; |
| 217 | 234 | ||
| @@ -241,7 +258,7 @@ sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding) | |||
| 241 | err: | 258 | err: |
| 242 | if (padded) | 259 | if (padded) |
| 243 | xfree(padded); | 260 | xfree(padded); |
| 244 | return len; | 261 | return (len >= 0 ? len : status); |
| 245 | } | 262 | } |
| 246 | 263 | ||
| 247 | /* engine for overloading private key operations */ | 264 | /* engine for overloading private key operations */ |
| @@ -22,13 +22,17 @@ | |||
| 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | /* $OpenBSD: scard.h,v 1.4 2001/07/04 23:13:10 markus Exp $ */ | 25 | /* $OpenBSD: scard.h,v 1.5 2001/07/30 16:06:07 jakob Exp $ */ |
| 26 | 26 | ||
| 27 | #include <openssl/engine.h> | 27 | #include <openssl/engine.h> |
| 28 | 28 | ||
| 29 | #ifndef SCARD_H | 29 | #ifndef SCARD_H |
| 30 | #define SCARD_H | 30 | #define SCARD_H |
| 31 | 31 | ||
| 32 | #define SCARD_ERROR_FAIL -1 | ||
| 33 | #define SCARD_ERROR_NOCARD -2 | ||
| 34 | #define SCARD_ERROR_APPLET -3 | ||
| 35 | |||
| 32 | Key *sc_get_key(int); | 36 | Key *sc_get_key(int); |
| 33 | ENGINE *sc_get_engine(void); | 37 | ENGINE *sc_get_engine(void); |
| 34 | void sc_close(void); | 38 | void sc_close(void); |