diff options
author | Damien Miller <djm@mindrot.org> | 2003-06-05 19:19:35 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2003-06-05 19:19:35 +1000 |
commit | 76b5c8a83acab596c45624a5353b0ad5930321b3 (patch) | |
tree | 36b1c2f8a10a9c5aedbab6792ba6fa2e6e8d7855 | |
parent | f49078dfdfaaaa323fa133a3e97c4b7f88510163 (diff) | |
download | openssh-git-76b5c8a83acab596c45624a5353b0ad5930321b3.tar.gz |
- (djm) Bug #589 - scard-opensc: load only keys with a private keys
Patch from larsch@trustcenter.de
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | scard-opensc.c | 13 |
2 files changed, 14 insertions, 3 deletions
@@ -8,6 +8,8 @@ - (djm) Merge all the openbsd/fake-* into fake-rfc2553.[ch] - (djm) Bug #588 - Add scard-opensc.o back to Makefile.in Patch from larsch@trustcenter.de + - (djm) Bug #589 - scard-opensc: load only keys with a private keys + Patch from larsch@trustcenter.de 20030604 - (djm) Bug #573 - Remove unneeded Krb headers and compat goop. Patch from @@ -469,4 +471,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.2786 2003/06/05 08:53:42 djm Exp $ +$Id: ChangeLog,v 1.2787 2003/06/05 09:19:35 djm Exp $ diff --git a/scard-opensc.c b/scard-opensc.c index c670428a..9766d46c 100644 --- a/scard-opensc.c +++ b/scard-opensc.c @@ -135,7 +135,11 @@ sc_prkey_op_init(RSA *rsa, struct sc_pkcs15_object **key_obj_out) &pin_obj); if (r == SC_ERROR_OBJECT_NOT_FOUND) { /* no pin required */ - sc_lock(card); + r = sc_lock(card); + if (r) { + error("Unable to lock smartcard: %s", sc_strerror(r)); + goto err; + } *key_obj_out = key_obj; return 0; } else if (r) { @@ -429,9 +433,14 @@ sc_get_keys(const char *id, const char *pin) } key_count = r; } - /* FIXME: only keep entries with a corresponding private key */ keys = xmalloc(sizeof(Key *) * (key_count*2+1)); for (i = 0; i < key_count; i++) { + sc_pkcs15_object_t *tmp_obj = NULL; + cert_id = ((sc_pkcs15_cert_info_t *)(certs[i]->data))->id; + if (sc_pkcs15_find_prkey_by_id(p15card, &cert_id, &tmp_obj)) + /* skip the public key (certificate) if no + * corresponding private key is present */ + continue; k = key_new(KEY_RSA); if (k == NULL) break; |