- (djm) Bug #589 - scard-opensc: load only keys with a private keys

   Patch from larsch@trustcenter.de

2 files changed, 14 insertions, 3 deletions

diff --git a/ChangeLog b/ChangeLog
index 3fa476dc..47891b52 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,8 @@
  - (djm) Merge all the openbsd/fake-* into fake-rfc2553.[ch]
  - (djm) Bug #588 - Add scard-opensc.o back to Makefile.in
    Patch from larsch@trustcenter.de
+ - (djm) Bug #589 - scard-opensc: load only keys with a private keys
+   Patch from larsch@trustcenter.de
 
 20030604
  - (djm) Bug #573 - Remove unneeded Krb headers and compat goop. Patch from
@@ -469,4 +471,4 @@
  - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
    Report from murple@murple.net, diagnosis from dtucker@zip.com.au
 
-$Id: ChangeLog,v 1.2786 2003/06/05 08:53:42 djm Exp $
+$Id: ChangeLog,v 1.2787 2003/06/05 09:19:35 djm Exp $
diff --git a/scard-opensc.c b/scard-opensc.c
index c670428a..9766d46c 100644
--- a/scard-opensc.c
+++ b/scard-opensc.c
@@ -135,7 +135,11 @@ sc_prkey_op_init(RSA *rsa, struct sc_pkcs15_object **key_obj_out)
 					  &pin_obj);
 	if (r == SC_ERROR_OBJECT_NOT_FOUND) {
 		/* no pin required */
-		sc_lock(card);
+		r = sc_lock(card);
+		if (r) {
+			error("Unable to lock smartcard: %s", sc_strerror(r));
+			goto err;
+		}
 		*key_obj_out = key_obj;
 		return 0;
 	} else if (r) {
@@ -429,9 +433,14 @@ sc_get_keys(const char *id, const char *pin)
 		}
 		key_count = r;
 	}
-	/* FIXME: only keep entries with a corresponding private key */
 	keys = xmalloc(sizeof(Key *) * (key_count*2+1));
 	for (i = 0; i < key_count; i++) {
+		sc_pkcs15_object_t *tmp_obj = NULL;
+		cert_id = ((sc_pkcs15_cert_info_t *)(certs[i]->data))->id;
+		if (sc_pkcs15_find_prkey_by_id(p15card, &cert_id, &tmp_obj))
+			/* skip the public key (certificate) if no
+			 * corresponding private key is present */
+			continue;
 		k = key_new(KEY_RSA);
 		if (k == NULL)
 			break;