upstream: improve error messages for some common PKCS#11 C_Login

failure cases; based on patch from Jacob Hoffman-Andrews in bz3130; ok dtucker OpenBSD-Commit-ID: b8b849621b4a98e468942efd0a1c519c12ce089e
2020-03-13 04:16:27 +00:00 · 2020-03-13 04:16:27 +00:00 · 1d89232a4a
parent 5becbec023
commit 1d89232a4a
1 changed files with 19 additions and 4 deletions
--- a/ssh-pkcs11.c
+++ b/ssh-pkcs11.c
@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11.c,v 1.48 2020/03/06 18:14:13 markus Exp $ */
+/* $OpenBSD: ssh-pkcs11.c,v 1.49 2020/03/13 04:16:27 djm Exp $ */
 /*
 * Copyright (c) 2010 Markus Friedl.  All rights reserved.
 * Copyright (c) 2014 Pedro Martelletto. All rights reserved.
@ -271,9 +271,24 @@ pkcs11_login_slot(struct pkcs11_provider *provider, struct pkcs11_slotinfo *si,
 	    (pin != NULL) ? strlen(pin) : 0);
 	if (pin != NULL)
 		freezero(pin, strlen(pin));
-	if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) {
-		error("C_Login failed: %lu", rv);
-		return (-1);
+
+	switch (rv) {
+	case CKR_OK:
+	case CKR_USER_ALREADY_LOGGED_IN:
+		/* success */
+		break;
+	case CKR_PIN_LEN_RANGE:
+		error("PKCS#11 login failed: PIN length out of range");
+		return -1;
+	case CKR_PIN_INCORRECT:
+		error("PKCS#11 login failed: PIN incorrect");
+		return -1;
+	case CKR_PIN_LOCKED:
+		error("PKCS#11 login failed: PIN locked");
+		return -1;
+	default:
+		error("PKCS#11 login failed: error %lu", rv);
+		return -1;
 	}
 	si->logged_in = 1;
 	return (0);