From: djm@openbsd.org <djm@openbsd.org>
Date: Fri, 13 Mar 2020 04:16:27 +0000 (+0000)
Subject: upstream: improve error messages for some common PKCS#11 C_Login
X-Git-Tag: V_8_3_P1~101
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1d89232a4aa97fe935cd60b8d24d75c2f70d56c5;p=thirdparty%2Fopenssh-portable.git

upstream: improve error messages for some common PKCS#11 C_Login

failure cases; based on patch from Jacob Hoffman-Andrews in bz3130; ok
dtucker

OpenBSD-Commit-ID: b8b849621b4a98e468942efd0a1c519c12ce089e
---

diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
index cae24525b..ec0e91865 100644
--- a/ssh-pkcs11.c
+++ b/ssh-pkcs11.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11.c,v 1.48 2020/03/06 18:14:13 markus Exp $ */
+/* $OpenBSD: ssh-pkcs11.c,v 1.49 2020/03/13 04:16:27 djm Exp $ */
 /*
  * Copyright (c) 2010 Markus Friedl.  All rights reserved.
  * Copyright (c) 2014 Pedro Martelletto. All rights reserved.
@@ -271,9 +271,24 @@ pkcs11_login_slot(struct pkcs11_provider *provider, struct pkcs11_slotinfo *si,
 	    (pin != NULL) ? strlen(pin) : 0);
 	if (pin != NULL)
 		freezero(pin, strlen(pin));
-	if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) {
-		error("C_Login failed: %lu", rv);
-		return (-1);
+
+	switch (rv) {
+	case CKR_OK:
+	case CKR_USER_ALREADY_LOGGED_IN:
+		/* success */
+		break;
+	case CKR_PIN_LEN_RANGE:
+		error("PKCS#11 login failed: PIN length out of range");
+		return -1;
+	case CKR_PIN_INCORRECT:
+		error("PKCS#11 login failed: PIN incorrect");
+		return -1;
+	case CKR_PIN_LOCKED:
+		error("PKCS#11 login failed: PIN locked");
+		return -1;
+	default:
+		error("PKCS#11 login failed: error %lu", rv);
+		return -1;
 	}
 	si->logged_in = 1;
 	return (0);