summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2001-08-06 21:42:00 +0000
committerBen Lindstrom <mouring@eviladmin.org>2001-08-06 21:42:00 +0000
commita6c8a8d4d5c482163fc7c6784017cd8a802174f4 (patch)
tree8686262cb08ae2136a446380ba1445add3977694
parent6818bfbf3084af380eea97ac91237a9a201d9504 (diff)
- markus@cvs.openbsd.org 2001/08/01 23:38:45
[scard.c ssh.c] support finish rsa keys. free public keys after login -> call finish -> close smartcard.
-rw-r--r--ChangeLog6
-rw-r--r--scard.c21
-rw-r--r--ssh.c12
3 files changed, 35 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index e42edd183..1f018a92c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -98,6 +98,10 @@
98 [ssh-keygen.c] 98 [ssh-keygen.c]
99 allow uploading RSA keys for non-default AUT0 (sha1 over passphrase 99 allow uploading RSA keys for non-default AUT0 (sha1 over passphrase
100 like sectok). 100 like sectok).
101 - markus@cvs.openbsd.org 2001/08/01 23:38:45
102 [scard.c ssh.c]
103 support finish rsa keys.
104 free public keys after login -> call finish -> close smartcard.
101 105
10220010803 10620010803
103 - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on 107 - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on
@@ -6208,4 +6212,4 @@
6208 - Wrote replacements for strlcpy and mkdtemp 6212 - Wrote replacements for strlcpy and mkdtemp
6209 - Released 1.0pre1 6213 - Released 1.0pre1
6210 6214
6211$Id: ChangeLog,v 1.1451 2001/08/06 21:40:04 mouring Exp $ 6215$Id: ChangeLog,v 1.1452 2001/08/06 21:42:00 mouring Exp $
diff --git a/scard.c b/scard.c
index 8b3abcfa0..cfcd953bd 100644
--- a/scard.c
+++ b/scard.c
@@ -24,7 +24,7 @@
24 24
25#ifdef SMARTCARD 25#ifdef SMARTCARD
26#include "includes.h" 26#include "includes.h"
27RCSID("$OpenBSD: scard.c,v 1.11 2001/08/01 22:03:33 markus Exp $"); 27RCSID("$OpenBSD: scard.c,v 1.12 2001/08/01 23:38:45 markus Exp $");
28 28
29#include <openssl/engine.h> 29#include <openssl/engine.h>
30#include <sectok.h> 30#include <sectok.h>
@@ -262,6 +262,20 @@ err:
262 return (len >= 0 ? len : status); 262 return (len >= 0 ? len : status);
263} 263}
264 264
265/* called on free */
266
267static int (*orig_finish)(RSA *rsa) = NULL;
268
269static int
270sc_finish(RSA *rsa)
271{
272 if (orig_finish)
273 orig_finish(rsa);
274 sc_close();
275 return 1;
276}
277
278
265/* engine for overloading private key operations */ 279/* engine for overloading private key operations */
266 280
267static ENGINE *smart_engine = NULL; 281static ENGINE *smart_engine = NULL;
@@ -291,13 +305,16 @@ sc_get_engine(void)
291 smart_rsa.rsa_priv_enc = sc_private_encrypt; 305 smart_rsa.rsa_priv_enc = sc_private_encrypt;
292 smart_rsa.rsa_priv_dec = sc_private_decrypt; 306 smart_rsa.rsa_priv_dec = sc_private_decrypt;
293 307
308 /* save original */
309 orig_finish = def->finish;
310 smart_rsa.finish = sc_finish;
311
294 /* just use the OpenSSL version */ 312 /* just use the OpenSSL version */
295 smart_rsa.rsa_pub_enc = def->rsa_pub_enc; 313 smart_rsa.rsa_pub_enc = def->rsa_pub_enc;
296 smart_rsa.rsa_pub_dec = def->rsa_pub_dec; 314 smart_rsa.rsa_pub_dec = def->rsa_pub_dec;
297 smart_rsa.rsa_mod_exp = def->rsa_mod_exp; 315 smart_rsa.rsa_mod_exp = def->rsa_mod_exp;
298 smart_rsa.bn_mod_exp = def->bn_mod_exp; 316 smart_rsa.bn_mod_exp = def->bn_mod_exp;
299 smart_rsa.init = def->init; 317 smart_rsa.init = def->init;
300 smart_rsa.finish = def->finish;
301 smart_rsa.flags = def->flags; 318 smart_rsa.flags = def->flags;
302 smart_rsa.app_data = def->app_data; 319 smart_rsa.app_data = def->app_data;
303 smart_rsa.rsa_sign = def->rsa_sign; 320 smart_rsa.rsa_sign = def->rsa_sign;
diff --git a/ssh.c b/ssh.c
index 8f1d6ac73..185d15e1a 100644
--- a/ssh.c
+++ b/ssh.c
@@ -39,7 +39,7 @@
39 */ 39 */
40 40
41#include "includes.h" 41#include "includes.h"
42RCSID("$OpenBSD: ssh.c,v 1.133 2001/08/01 22:03:33 markus Exp $"); 42RCSID("$OpenBSD: ssh.c,v 1.134 2001/08/01 23:38:45 markus Exp $");
43 43
44#include <openssl/evp.h> 44#include <openssl/evp.h>
45#include <openssl/err.h> 45#include <openssl/err.h>
@@ -756,6 +756,16 @@ again:
756 } 756 }
757 xfree(sensitive_data.keys); 757 xfree(sensitive_data.keys);
758 } 758 }
759 for (i = 0; i < options.num_identity_files; i++) {
760 if (options.identity_files[i]) {
761 xfree(options.identity_files[i]);
762 options.identity_files[i] = NULL;
763 }
764 if (options.identity_keys[i]) {
765 key_free(options.identity_keys[i]);
766 options.identity_keys[i] = NULL;
767 }
768 }
759 769
760 exit_status = compat20 ? ssh_session2() : ssh_session(); 770 exit_status = compat20 ? ssh_session2() : ssh_session();
761 packet_close(); 771 packet_close();