Attachment #374 for bug #608

Lines 38-43 Link Here

(-)scard-opensc.c (-9 / +35 lines)
38	#include "readpass.h"	38	#include "readpass.h"
39	#include "scard.h"	39	#include "scard.h"
40		40
		41	int ask_for_pin=0;
		42
41	#if OPENSSL_VERSION_NUMBER < 0x00907000L && defined(CRYPTO_LOCK_ENGINE)	43	#if OPENSSL_VERSION_NUMBER < 0x00907000L && defined(CRYPTO_LOCK_ENGINE)
42	#define USE_ENGINE	44	#define USE_ENGINE
43	#define RSA_get_default_method RSA_get_default_openssl_method	45	#define RSA_get_default_method RSA_get_default_openssl_method
Lines 119-124 Link Here
119	struct sc_pkcs15_prkey_info *key;	121	struct sc_pkcs15_prkey_info *key;
120	struct sc_pkcs15_object *pin_obj;	122	struct sc_pkcs15_object *pin_obj;
121	struct sc_pkcs15_pin_info *pin;	123	struct sc_pkcs15_pin_info *pin;
		124	char *passphrase = NULL;
122		125
123	priv = (struct sc_priv_data *) RSA_get_app_data(rsa);	126	priv = (struct sc_priv_data *) RSA_get_app_data(rsa);
124	if (priv == NULL)	127	if (priv == NULL)
Lines 156-179 Link Here
156	goto err;	159	goto err;
157	}	160	}
158	pin = pin_obj->data;	161	pin = pin_obj->data;
		162
		163	if (sc_pin)
		164	passphrase = sc_pin;
		165	else if (ask_for_pin) {
		166	/* we need a pin but don't have one => ask for the pin */
		167	char prompt[64];
		168
		169	snprintf(prompt, sizeof(prompt), "Enter PIN for %s: ",
		170	key_obj->label ? key_obj->label : "smartcard key");
		171	passphrase = read_passphrase(prompt, 0);
		172	if (!passphrase \|\| !strcmp(passphrase, ""))
		173	goto err;
		174	} else
		175	/* no pin => error */
		176	goto err;
		177
159	r = sc_lock(card);	178	r = sc_lock(card);
160	if (r) {	179	if (r) {
161	error("Unable to lock smartcard: %s", sc_strerror(r));	180	error("Unable to lock smartcard: %s", sc_strerror(r));
162	goto err;	181	goto err;
163	}	182	}
164	if (sc_pin != NULL) {	183	r = sc_pkcs15_verify_pin(p15card, pin, passphrase,
165	r = sc_pkcs15_verify_pin(p15card, pin, sc_pin,	184	strlen(passphrase));
166	strlen(sc_pin));	185	if (r) {
167	if (r) {	186	sc_unlock(card);
168	sc_unlock(card);	187	error("PIN code verification failed: %s",
169	error("PIN code verification failed: %s",	188	sc_strerror(r));
170	sc_strerror(r));	189	goto err;
171	goto err;
172	}
173	}	190	}
		191
174	*key_obj_out = key_obj;	192	*key_obj_out = key_obj;
		193	if (!sc_pin) {
		194	memset(passphrase, 0, strlen(passphrase));
		195	xfree(passphrase);
		196	}
175	return 0;	197	return 0;
176	err:	198	err:
		199	if (!sc_pin && passphrase) {
		200	memset(passphrase, 0, strlen(passphrase));
		201	xfree(passphrase);
		202	}
177	sc_close();	203	sc_close();
178	return -1;	204	return -1;
179	}	205	}

Lines 35-40 Link Here

(-)scard.c (+3 lines)
35	#include "readpass.h"	35	#include "readpass.h"
36	#include "scard.h"	36	#include "scard.h"
37		37
		38	/* currently unused */
		39	int ask_for_pin = 0;
		40
38	#if OPENSSL_VERSION_NUMBER < 0x00907000L	41	#if OPENSSL_VERSION_NUMBER < 0x00907000L
39	#define USE_ENGINE	42	#define USE_ENGINE
40	#define RSA_get_default_method RSA_get_default_openssl_method	43	#define RSA_get_default_method RSA_get_default_openssl_method

Lines 33-38 Link Here

(-)scard.h (+2 lines)
33	#define SCARD_ERROR_NOCARD -2	33	#define SCARD_ERROR_NOCARD -2
34	#define SCARD_ERROR_APPLET -3	34	#define SCARD_ERROR_APPLET -3
35		35
		36	extern int ask_for_pin;
		37
36	Key *sc_get_keys(const char , const char *);	38	Key *sc_get_keys(const char , const char *);
37	void sc_close(void);	39	void sc_close(void);
38	int sc_put_key(Key , const char );	40	int sc_put_key(Key , const char );

Lines 1155-1160 Link Here

(-)ssh.c (+3 lines)
1155	#ifdef SMARTCARD	1155	#ifdef SMARTCARD
1156	Key **keys;	1156	Key **keys;
1157		1157
		1158	if (!options.batch_mode)
		1159	ask_for_pin = 1;
		1160
1158	if (options.smartcard_device != NULL &&	1161	if (options.smartcard_device != NULL &&
1159	options.num_identity_files < SSH_MAX_IDENTITY_FILES &&	1162	options.num_identity_files < SSH_MAX_IDENTITY_FILES &&
1160	(keys = sc_get_keys(options.smartcard_device, NULL)) != NULL ) {	1163	(keys = sc_get_keys(options.smartcard_device, NULL)) != NULL ) {

Return to bug 608