upstream: improve error messages for some common PKCS#11 C_Login

failure cases; based on patch from Jacob Hoffman-Andrews in bz3130; ok
dtucker

OpenBSD-Commit-ID: b8b849621b4a98e468942efd0a1c519c12ce089e

diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
index cae24525b89d9e074d690f758586512985fd20e4..ec0e91865ffe4aa7212f2899b4434599f4db6f9f 100644 (file)
--- a/ssh-pkcs11.c
+++ b/ssh-pkcs11.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11.c,v 1.48 2020/03/06 18:14:13 markus Exp $ */
+/* $OpenBSD: ssh-pkcs11.c,v 1.49 2020/03/13 04:16:27 djm Exp $ */
 /*
  * Copyright (c) 2010 Markus Friedl.  All rights reserved.
  * Copyright (c) 2014 Pedro Martelletto. All rights reserved.
@@ -271,9 +271,24 @@ pkcs11_login_slot(struct pkcs11_provider *provider, struct pkcs11_slotinfo *si,
            (pin != NULL) ? strlen(pin) : 0);
        if (pin != NULL)
                freezero(pin, strlen(pin));
-       if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) {
-               error("C_Login failed: %lu", rv);
-               return (-1);
+
+       switch (rv) {
+       case CKR_OK:
+       case CKR_USER_ALREADY_LOGGED_IN:
+               /* success */
+               break;
+       case CKR_PIN_LEN_RANGE:
+               error("PKCS#11 login failed: PIN length out of range");
+               return -1;
+       case CKR_PIN_INCORRECT:
+               error("PKCS#11 login failed: PIN incorrect");
+               return -1;
+       case CKR_PIN_LOCKED:
+               error("PKCS#11 login failed: PIN locked");
+               return -1;
+       default:
+               error("PKCS#11 login failed: error %lu", rv);
+               return -1;
        }
        si->logged_in = 1;
        return (0);