version 1.26, 2020/01/28 08:01:34 |
version 1.27, 2020/02/06 22:30:54 |
|
|
return ret; |
return ret; |
} |
} |
if ((ret->dlhandle = dlopen(path, RTLD_NOW)) == NULL) { |
if ((ret->dlhandle = dlopen(path, RTLD_NOW)) == NULL) { |
error("Security key provider \"%s\" dlopen failed: %s", |
error("Provider \"%s\" dlopen failed: %s", path, dlerror()); |
path, dlerror()); |
|
goto fail; |
goto fail; |
} |
} |
if ((ret->sk_api_version = dlsym(ret->dlhandle, |
if ((ret->sk_api_version = dlsym(ret->dlhandle, |
"sk_api_version")) == NULL) { |
"sk_api_version")) == NULL) { |
error("Security key provider \"%s\" dlsym(sk_api_version) " |
error("Provider \"%s\" dlsym(sk_api_version) failed: %s", |
"failed: %s", path, dlerror()); |
path, dlerror()); |
goto fail; |
goto fail; |
} |
} |
version = ret->sk_api_version(); |
version = ret->sk_api_version(); |
debug("%s: provider %s implements version 0x%08lx", __func__, |
debug("%s: provider %s implements version 0x%08lx", __func__, |
ret->path, (u_long)version); |
ret->path, (u_long)version); |
if ((version & SSH_SK_VERSION_MAJOR_MASK) != SSH_SK_VERSION_MAJOR) { |
if ((version & SSH_SK_VERSION_MAJOR_MASK) != SSH_SK_VERSION_MAJOR) { |
error("Security key provider \"%s\" implements unsupported " |
error("Provider \"%s\" implements unsupported " |
"version 0x%08lx (supported: 0x%08lx)", |
"version 0x%08lx (supported: 0x%08lx)", |
path, (u_long)version, (u_long)SSH_SK_VERSION_MAJOR); |
path, (u_long)version, (u_long)SSH_SK_VERSION_MAJOR); |
goto fail; |
goto fail; |
} |
} |
if ((ret->sk_enroll = dlsym(ret->dlhandle, "sk_enroll")) == NULL) { |
if ((ret->sk_enroll = dlsym(ret->dlhandle, "sk_enroll")) == NULL) { |
error("Security key provider %s dlsym(sk_enroll) " |
error("Provider %s dlsym(sk_enroll) failed: %s", |
"failed: %s", path, dlerror()); |
path, dlerror()); |
goto fail; |
goto fail; |
} |
} |
if ((ret->sk_sign = dlsym(ret->dlhandle, "sk_sign")) == NULL) { |
if ((ret->sk_sign = dlsym(ret->dlhandle, "sk_sign")) == NULL) { |
error("Security key provider \"%s\" dlsym(sk_sign) failed: %s", |
error("Provider \"%s\" dlsym(sk_sign) failed: %s", |
path, dlerror()); |
path, dlerror()); |
goto fail; |
goto fail; |
} |
} |
if ((ret->sk_load_resident_keys = dlsym(ret->dlhandle, |
if ((ret->sk_load_resident_keys = dlsym(ret->dlhandle, |
"sk_load_resident_keys")) == NULL) { |
"sk_load_resident_keys")) == NULL) { |
error("Security key provider \"%s\" " |
error("Provider \"%s\" dlsym(sk_load_resident_keys) " |
"dlsym(sk_load_resident_keys) failed: %s", path, dlerror()); |
"failed: %s", path, dlerror()); |
goto fail; |
goto fail; |
} |
} |
/* success */ |
/* success */ |
|
|
goto out; |
goto out; |
} |
} |
if (sshkey_ec_validate_public(EC_KEY_get0_group(key->ecdsa), q) != 0) { |
if (sshkey_ec_validate_public(EC_KEY_get0_group(key->ecdsa), q) != 0) { |
error("Security key returned invalid ECDSA key"); |
error("Authenticator returned invalid ECDSA key"); |
r = SSH_ERR_KEY_INVALID_EC_VALUE; |
r = SSH_ERR_KEY_INVALID_EC_VALUE; |
goto out; |
goto out; |
} |
} |
|
|
goto out; |
goto out; |
} |
} |
if ((r = skp->sk_load_resident_keys(pin, opts, &rks, &nrks)) != 0) { |
if ((r = skp->sk_load_resident_keys(pin, opts, &rks, &nrks)) != 0) { |
error("Security key provider \"%s\" returned failure %d", |
error("Provider \"%s\" returned failure %d", provider_path, r); |
provider_path, r); |
|
r = skerr_to_ssherr(r); |
r = skerr_to_ssherr(r); |
goto out; |
goto out; |
} |
} |