diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2001-08-06 21:42:00 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-08-06 21:42:00 +0000 |
commit | a6c8a8d4d5c482163fc7c6784017cd8a802174f4 (patch) | |
tree | 8686262cb08ae2136a446380ba1445add3977694 | |
parent | 6818bfbf3084af380eea97ac91237a9a201d9504 (diff) |
- markus@cvs.openbsd.org 2001/08/01 23:38:45
[scard.c ssh.c]
support finish rsa keys.
free public keys after login -> call finish -> close smartcard.
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | scard.c | 21 | ||||
-rw-r--r-- | ssh.c | 12 |
3 files changed, 35 insertions, 4 deletions
@@ -98,6 +98,10 @@ | |||
98 | [ssh-keygen.c] | 98 | [ssh-keygen.c] |
99 | allow uploading RSA keys for non-default AUT0 (sha1 over passphrase | 99 | allow uploading RSA keys for non-default AUT0 (sha1 over passphrase |
100 | like sectok). | 100 | like sectok). |
101 | - markus@cvs.openbsd.org 2001/08/01 23:38:45 | ||
102 | [scard.c ssh.c] | ||
103 | support finish rsa keys. | ||
104 | free public keys after login -> call finish -> close smartcard. | ||
101 | 105 | ||
102 | 20010803 | 106 | 20010803 |
103 | - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on | 107 | - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on |
@@ -6208,4 +6212,4 @@ | |||
6208 | - Wrote replacements for strlcpy and mkdtemp | 6212 | - Wrote replacements for strlcpy and mkdtemp |
6209 | - Released 1.0pre1 | 6213 | - Released 1.0pre1 |
6210 | 6214 | ||
6211 | $Id: ChangeLog,v 1.1451 2001/08/06 21:40:04 mouring Exp $ | 6215 | $Id: ChangeLog,v 1.1452 2001/08/06 21:42:00 mouring Exp $ |
@@ -24,7 +24,7 @@ | |||
24 | 24 | ||
25 | #ifdef SMARTCARD | 25 | #ifdef SMARTCARD |
26 | #include "includes.h" | 26 | #include "includes.h" |
27 | RCSID("$OpenBSD: scard.c,v 1.11 2001/08/01 22:03:33 markus Exp $"); | 27 | RCSID("$OpenBSD: scard.c,v 1.12 2001/08/01 23:38:45 markus Exp $"); |
28 | 28 | ||
29 | #include <openssl/engine.h> | 29 | #include <openssl/engine.h> |
30 | #include <sectok.h> | 30 | #include <sectok.h> |
@@ -262,6 +262,20 @@ err: | |||
262 | return (len >= 0 ? len : status); | 262 | return (len >= 0 ? len : status); |
263 | } | 263 | } |
264 | 264 | ||
265 | /* called on free */ | ||
266 | |||
267 | static int (*orig_finish)(RSA *rsa) = NULL; | ||
268 | |||
269 | static int | ||
270 | sc_finish(RSA *rsa) | ||
271 | { | ||
272 | if (orig_finish) | ||
273 | orig_finish(rsa); | ||
274 | sc_close(); | ||
275 | return 1; | ||
276 | } | ||
277 | |||
278 | |||
265 | /* engine for overloading private key operations */ | 279 | /* engine for overloading private key operations */ |
266 | 280 | ||
267 | static ENGINE *smart_engine = NULL; | 281 | static ENGINE *smart_engine = NULL; |
@@ -291,13 +305,16 @@ sc_get_engine(void) | |||
291 | smart_rsa.rsa_priv_enc = sc_private_encrypt; | 305 | smart_rsa.rsa_priv_enc = sc_private_encrypt; |
292 | smart_rsa.rsa_priv_dec = sc_private_decrypt; | 306 | smart_rsa.rsa_priv_dec = sc_private_decrypt; |
293 | 307 | ||
308 | /* save original */ | ||
309 | orig_finish = def->finish; | ||
310 | smart_rsa.finish = sc_finish; | ||
311 | |||
294 | /* just use the OpenSSL version */ | 312 | /* just use the OpenSSL version */ |
295 | smart_rsa.rsa_pub_enc = def->rsa_pub_enc; | 313 | smart_rsa.rsa_pub_enc = def->rsa_pub_enc; |
296 | smart_rsa.rsa_pub_dec = def->rsa_pub_dec; | 314 | smart_rsa.rsa_pub_dec = def->rsa_pub_dec; |
297 | smart_rsa.rsa_mod_exp = def->rsa_mod_exp; | 315 | smart_rsa.rsa_mod_exp = def->rsa_mod_exp; |
298 | smart_rsa.bn_mod_exp = def->bn_mod_exp; | 316 | smart_rsa.bn_mod_exp = def->bn_mod_exp; |
299 | smart_rsa.init = def->init; | 317 | smart_rsa.init = def->init; |
300 | smart_rsa.finish = def->finish; | ||
301 | smart_rsa.flags = def->flags; | 318 | smart_rsa.flags = def->flags; |
302 | smart_rsa.app_data = def->app_data; | 319 | smart_rsa.app_data = def->app_data; |
303 | smart_rsa.rsa_sign = def->rsa_sign; | 320 | smart_rsa.rsa_sign = def->rsa_sign; |
@@ -39,7 +39,7 @@ | |||
39 | */ | 39 | */ |
40 | 40 | ||
41 | #include "includes.h" | 41 | #include "includes.h" |
42 | RCSID("$OpenBSD: ssh.c,v 1.133 2001/08/01 22:03:33 markus Exp $"); | 42 | RCSID("$OpenBSD: ssh.c,v 1.134 2001/08/01 23:38:45 markus Exp $"); |
43 | 43 | ||
44 | #include <openssl/evp.h> | 44 | #include <openssl/evp.h> |
45 | #include <openssl/err.h> | 45 | #include <openssl/err.h> |
@@ -756,6 +756,16 @@ again: | |||
756 | } | 756 | } |
757 | xfree(sensitive_data.keys); | 757 | xfree(sensitive_data.keys); |
758 | } | 758 | } |
759 | for (i = 0; i < options.num_identity_files; i++) { | ||
760 | if (options.identity_files[i]) { | ||
761 | xfree(options.identity_files[i]); | ||
762 | options.identity_files[i] = NULL; | ||
763 | } | ||
764 | if (options.identity_keys[i]) { | ||
765 | key_free(options.identity_keys[i]); | ||
766 | options.identity_keys[i] = NULL; | ||
767 | } | ||
768 | } | ||
759 | 769 | ||
760 | exit_status = compat20 ? ssh_session2() : ssh_session(); | 770 | exit_status = compat20 ? ssh_session2() : ssh_session(); |
761 | packet_close(); | 771 | packet_close(); |