X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/71b7a18e6c06a8f5ed96ac4c9d39c9889ca910fb..b2bab0595c6a00d00c7c3208fc7ee4f84d2a5151:/scard.c

diff --git a/scard.c b/scard.c
index 9f22fdf3..e8319314 100644
--- a/scard.c
+++ b/scard.c
@@ -22,9 +22,9 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#ifdef SMARTCARD
 #include "includes.h"
-RCSID("$OpenBSD: scard.c,v 1.9 2001/07/31 08:41:10 jakob Exp $");
+#ifdef SMARTCARD
+RCSID("$OpenBSD: scard.c,v 1.17 2001/12/27 18:22:16 markus Exp $");
 
 #include <openssl/engine.h>
 #include <sectok.h>
@@ -43,12 +43,12 @@ RCSID("$OpenBSD: scard.c,v 1.9 2001/07/31 08:41:10 jakob Exp $");
 #define MAX_BUF_SIZE 256
 
 static int sc_fd = -1;
-static int sc_reader_num = -1;
+static char *sc_reader_id = NULL;
 static int cla = 0x00;	/* class */
 
 /* interface to libsectok */
 
-static int 
+static int
 sc_open(void)
 {
 	int sw;
@@ -56,14 +56,15 @@ sc_open(void)
 	if (sc_fd >= 0)
 		return sc_fd;
 
-	sc_fd = sectok_open(sc_reader_num, STONOWAIT, &sw);
+	sc_fd = sectok_friendly_open(sc_reader_id, STONOWAIT, &sw);
 	if (sc_fd < 0) {
 		error("sectok_open failed: %s", sectok_get_sw(sw));
 		return SCARD_ERROR_FAIL;
 	}
 	if (! sectok_cardpresent(sc_fd)) {
-		debug("smartcard in reader %d not present, skipping",
-		    sc_reader_num);
+		debug("smartcard in reader %s not present, skipping",
+		    sc_reader_id);
+		sc_close();
 		return SCARD_ERROR_NOCARD;
 	}
 	if (sectok_reset(sc_fd, 0, NULL, &sw) <= 0) {
@@ -78,7 +79,7 @@ sc_open(void)
 	return sc_fd;
 }
 
-static int 
+static int
 sc_enable_applet(void)
 {
 	static u_char aid[] = {0xfc, 0x53, 0x73, 0x68, 0x2e, 0x62, 0x69, 0x6e};
@@ -94,7 +95,7 @@ sc_enable_applet(void)
 	return 0;
 }
 
-static int 
+static int
 sc_init(void)
 {
 	int status;
@@ -114,28 +115,28 @@ sc_init(void)
 	return 0;
 }
 
-static int 
+static int
 sc_read_pubkey(Key * k)
 {
 	u_char buf[2], *n;
 	char *p;
-	int len, sw, status;
+	int len, sw, status = -1;
 
 	len = sw = 0;
+	n = NULL;
 
 	if (sc_fd < 0) {
 		status = sc_init();
 		if (status < 0 )
-			return status;
+			goto err;
 	}
 
 	/* get key size */
 	sectok_apdu(sc_fd, CLA_SSH, INS_GET_KEYLENGTH, 0, 0, 0, NULL,
-	     sizeof(buf), buf, &sw);
+	    sizeof(buf), buf, &sw);
 	if (!sectok_swOK(sw)) {
 		error("could not obtain key length: %s", sectok_get_sw(sw));
-		sc_close();
-		return -1;
+		goto err;
 	}
 	len = (buf[0] << 8) | buf[1];
 	len /= 8;
@@ -146,30 +147,32 @@ sc_read_pubkey(Key * k)
 	sectok_apdu(sc_fd, CLA_SSH, INS_GET_PUBKEY, 0, 0, 0, NULL, len, n, &sw);
 	if (!sectok_swOK(sw)) {
 		error("could not obtain public key: %s", sectok_get_sw(sw));
-		xfree(n);
-		return -1;
+		goto err;
 	}
+
 	debug("INS_GET_KEYLENGTH: sw %s", sectok_get_sw(sw));
 
 	if (BN_bin2bn(n, len, k->rsa->n) == NULL) {
 		error("c_read_pubkey: BN_bin2bn failed");
-		xfree(n);
-		sc_close();
-		return -1;
+		goto err;
 	}
-	xfree(n);
 
 	/* currently the java applet just stores 'n' */
 	if (!BN_set_word(k->rsa->e, 35)) {
 		error("c_read_pubkey: BN_set_word(e, 35) failed");
-		return -1;
+		goto err;
 	}
 
+	status = 0;
 	p = key_fingerprint(k, SSH_FP_MD5, SSH_FP_HEX);
 	debug("fingerprint %d %s", key_size(k), p);
 	xfree(p);
 
-	return 0;
+err:
+	if (n != NULL)
+		xfree(n);
+	sc_close();
+	return status;
 }
 
 /* private key operations */
@@ -178,7 +181,7 @@ static int
 sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding)
 {
 	u_char *padded = NULL;
-	int sw, len, olen, status;
+	int sw, len, olen, status = -1;
 
 	debug("sc_private_decrypt called");
 
@@ -198,15 +201,13 @@ sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding)
 	if (!sectok_swOK(sw)) {
 		error("sc_private_decrypt: INS_DECRYPT failed: %s",
 		    sectok_get_sw(sw));
-		sc_close();
 		goto err;
 	}
 	sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL,
-	     len, padded, &sw);
+	    len, padded, &sw);
 	if (!sectok_swOK(sw)) {
 		error("sc_private_decrypt: INS_GET_RESPONSE failed: %s",
 		    sectok_get_sw(sw));
-		sc_close();
 		goto err;
 	}
 	olen = RSA_padding_check_PKCS1_type_2(to, len, padded + 1, len - 1,
@@ -214,6 +215,7 @@ sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding)
 err:
 	if (padded)
 		xfree(padded);
+	sc_close();
 	return (olen >= 0 ? olen : status);
 }
 
@@ -221,7 +223,7 @@ static int
 sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding)
 {
 	u_char *padded = NULL;
-	int sw, len, status;
+	int sw, len, status = -1;
 
 	len = sw = 0;
 	if (sc_fd < 0) {
@@ -244,23 +246,36 @@ sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding)
 	if (!sectok_swOK(sw)) {
 		error("sc_private_decrypt: INS_DECRYPT failed: %s",
 		    sectok_get_sw(sw));
-		sc_close();
 		goto err;
 	}
 	sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL,
-	     len, to, &sw);
+	    len, to, &sw);
 	if (!sectok_swOK(sw)) {
 		error("sc_private_decrypt: INS_GET_RESPONSE failed: %s",
 		    sectok_get_sw(sw));
-		sc_close();
 		goto err;
 	}
 err:
 	if (padded)
 		xfree(padded);
+	sc_close();
 	return (len >= 0 ? len : status);
 }
 
+/* called on free */
+
+static int (*orig_finish)(RSA *rsa) = NULL;
+
+static int
+sc_finish(RSA *rsa)
+{
+	if (orig_finish)
+		orig_finish(rsa);
+	sc_close();
+	return 1;
+}
+
+
 /* engine for overloading private key operations */
 
 static ENGINE *smart_engine = NULL;
@@ -290,19 +305,23 @@ sc_get_engine(void)
 	smart_rsa.rsa_priv_enc	= sc_private_encrypt;
 	smart_rsa.rsa_priv_dec	= sc_private_decrypt;
 
+	/* save original */
+	orig_finish		= def->finish;
+	smart_rsa.finish	= sc_finish;
+
 	/* just use the OpenSSL version */
 	smart_rsa.rsa_pub_enc   = def->rsa_pub_enc;
 	smart_rsa.rsa_pub_dec   = def->rsa_pub_dec;
 	smart_rsa.rsa_mod_exp	= def->rsa_mod_exp;
 	smart_rsa.bn_mod_exp	= def->bn_mod_exp;
 	smart_rsa.init		= def->init;
-	smart_rsa.finish	= def->finish;
 	smart_rsa.flags		= def->flags;
 	smart_rsa.app_data	= def->app_data;
 	smart_rsa.rsa_sign	= def->rsa_sign;
 	smart_rsa.rsa_verify	= def->rsa_verify;
 
-	smart_engine = ENGINE_new();
+	if ((smart_engine = ENGINE_new()) == NULL)
+		fatal("ENGINE_new failed");
 
 	ENGINE_set_id(smart_engine, "sectok");
 	ENGINE_set_name(smart_engine, "libsectok");
@@ -325,12 +344,15 @@ sc_close(void)
 }
 
 Key *
-sc_get_key(int num)
+sc_get_key(const char *id)
 {
 	Key *k;
 	int status;
 
-	sc_reader_num = num;
+	if (sc_reader_id != NULL)
+		xfree(sc_reader_id);
+	sc_reader_id = xstrdup(id);
+
 	k = key_new(KEY_RSA);
 	if (k == NULL) {
 		return NULL;
@@ -346,6 +368,5 @@ sc_get_key(int num)
 		return NULL;
 	}
 	return k;
-	sc_close();
 }
-#endif
+#endif /* SMARTCARD */