diff options
| author | Ben Lindstrom <mouring@eviladmin.org> | 2002-03-26 03:17:42 +0000 |
|---|---|---|
| committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-03-26 03:17:42 +0000 |
| commit | 0936a5bb7267b0c0d688c2692224ba571caa8a0d (patch) | |
| tree | a2b6ad38138cda6295372b4b72c97fd1640e23bb | |
| parent | 5facb2bbc44db97f9a9cb8bf0643b29fede3e151 (diff) | |
- markus@cvs.openbsd.org 2002/03/25 17:34:27
[scard.c scard.h ssh-agent.c ssh-keygen.c ssh.c]
change sc_get_key to sc_get_keys and hide smartcard details in scard.c
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | scard.c | 76 | ||||
| -rw-r--r-- | scard.h | 7 | ||||
| -rw-r--r-- | ssh-agent.c | 98 | ||||
| -rw-r--r-- | ssh-keygen.c | 18 | ||||
| -rw-r--r-- | ssh.c | 54 |
6 files changed, 130 insertions, 128 deletions
| @@ -28,6 +28,9 @@ | |||
| 28 | - markus@cvs.openbsd.org 2002/03/25 09:25:06 | 28 | - markus@cvs.openbsd.org 2002/03/25 09:25:06 |
| 29 | [auth-rh-rsa.c] | 29 | [auth-rh-rsa.c] |
| 30 | rm bogus comment | 30 | rm bogus comment |
| 31 | - markus@cvs.openbsd.org 2002/03/25 17:34:27 | ||
| 32 | [scard.c scard.h ssh-agent.c ssh-keygen.c ssh.c] | ||
| 33 | change sc_get_key to sc_get_keys and hide smartcard details in scard.c | ||
| 31 | 34 | ||
| 32 | 20020324 | 35 | 20020324 |
| 33 | - (stevesk) [session.c] disable LOGIN_NEEDS_TERM until we are sure | 36 | - (stevesk) [session.c] disable LOGIN_NEEDS_TERM until we are sure |
| @@ -8042,4 +8045,4 @@ | |||
| 8042 | - Wrote replacements for strlcpy and mkdtemp | 8045 | - Wrote replacements for strlcpy and mkdtemp |
| 8043 | - Released 1.0pre1 | 8046 | - Released 1.0pre1 |
| 8044 | 8047 | ||
| 8045 | $Id: ChangeLog,v 1.1986 2002/03/26 03:08:47 mouring Exp $ | 8048 | $Id: ChangeLog,v 1.1987 2002/03/26 03:17:42 mouring Exp $ |
| @@ -24,9 +24,8 @@ | |||
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | #ifdef SMARTCARD | 26 | #ifdef SMARTCARD |
| 27 | RCSID("$OpenBSD: scard.c,v 1.23 2002/03/24 18:05:29 markus Exp $"); | 27 | RCSID("$OpenBSD: scard.c,v 1.24 2002/03/25 17:34:27 markus Exp $"); |
| 28 | 28 | ||
| 29 | #include <openssl/engine.h> | ||
| 30 | #include <openssl/evp.h> | 29 | #include <openssl/evp.h> |
| 31 | #include <sectok.h> | 30 | #include <sectok.h> |
| 32 | 31 | ||
| @@ -36,13 +35,17 @@ RCSID("$OpenBSD: scard.c,v 1.23 2002/03/24 18:05:29 markus Exp $"); | |||
| 36 | #include "readpass.h" | 35 | #include "readpass.h" |
| 37 | #include "scard.h" | 36 | #include "scard.h" |
| 38 | 37 | ||
| 39 | #ifdef OPENSSL_VERSION_NUMBER | 38 | #if OPENSSL_VERSION_NUMBER < 0x00907000L |
| 40 | #if OPENSSL_VERSION_NUMBER >= 0x00907000L | 39 | #define USE_ENGINE |
| 41 | #define RSA_get_default_openssl_method RSA_get_default_method | 40 | #define RSA_get_default_method RSA_get_default_openssl_method |
| 42 | #define DSA_get_default_openssl_method DSA_get_default_method | 41 | #else |
| 43 | #define DH_get_default_openssl_method DH_get_default_method | ||
| 44 | #define ENGINE_set_BN_mod_exp(x,y) | ||
| 45 | #endif | 42 | #endif |
| 43 | |||
| 44 | #ifdef USE_ENGINE | ||
| 45 | #include <openssl/engine.h> | ||
| 46 | #define sc_get_rsa sc_get_engine | ||
| 47 | #else | ||
| 48 | #define sc_get_rsa sc_get_rsa_method | ||
| 46 | #endif | 49 | #endif |
| 47 | 50 | ||
| 48 | #define CLA_SSH 0x05 | 51 | #define CLA_SSH 0x05 |
| @@ -143,8 +146,7 @@ sc_read_pubkey(Key * k) | |||
| 143 | n = NULL; | 146 | n = NULL; |
| 144 | 147 | ||
| 145 | if (sc_fd < 0) { | 148 | if (sc_fd < 0) { |
| 146 | status = sc_init(); | 149 | if (sc_init() < 0) |
| 147 | if (status < 0 ) | ||
| 148 | goto err; | 150 | goto err; |
| 149 | } | 151 | } |
| 150 | 152 | ||
| @@ -317,18 +319,13 @@ sc_finish(RSA *rsa) | |||
| 317 | return 1; | 319 | return 1; |
| 318 | } | 320 | } |
| 319 | 321 | ||
| 320 | |||
| 321 | /* engine for overloading private key operations */ | 322 | /* engine for overloading private key operations */ |
| 322 | 323 | ||
| 323 | static ENGINE *smart_engine = NULL; | 324 | static RSA_METHOD * |
| 324 | static RSA_METHOD smart_rsa; | 325 | sc_get_rsa_method(void) |
| 325 | |||
| 326 | ENGINE * | ||
| 327 | sc_get_engine(void) | ||
| 328 | { | 326 | { |
| 329 | const RSA_METHOD *def; | 327 | static RSA_METHOD smart_rsa; |
| 330 | 328 | const RSA_METHOD *def = RSA_get_default_method(); | |
| 331 | def = RSA_get_default_openssl_method(); | ||
| 332 | 329 | ||
| 333 | /* use the OpenSSL version */ | 330 | /* use the OpenSSL version */ |
| 334 | memcpy(&smart_rsa, def, sizeof(smart_rsa)); | 331 | memcpy(&smart_rsa, def, sizeof(smart_rsa)); |
| @@ -343,13 +340,22 @@ sc_get_engine(void) | |||
| 343 | orig_finish = def->finish; | 340 | orig_finish = def->finish; |
| 344 | smart_rsa.finish = sc_finish; | 341 | smart_rsa.finish = sc_finish; |
| 345 | 342 | ||
| 343 | return &smart_rsa; | ||
| 344 | } | ||
| 345 | |||
| 346 | #ifdef USE_ENGINE | ||
| 347 | static ENGINE * | ||
| 348 | sc_get_engine(void) | ||
| 349 | { | ||
| 350 | static ENGINE *smart_engine = NULL; | ||
| 351 | |||
| 346 | if ((smart_engine = ENGINE_new()) == NULL) | 352 | if ((smart_engine = ENGINE_new()) == NULL) |
| 347 | fatal("ENGINE_new failed"); | 353 | fatal("ENGINE_new failed"); |
| 348 | 354 | ||
| 349 | ENGINE_set_id(smart_engine, "sectok"); | 355 | ENGINE_set_id(smart_engine, "sectok"); |
| 350 | ENGINE_set_name(smart_engine, "libsectok"); | 356 | ENGINE_set_name(smart_engine, "libsectok"); |
| 351 | 357 | ||
| 352 | ENGINE_set_RSA(smart_engine, &smart_rsa); | 358 | ENGINE_set_RSA(smart_engine, sc_get_rsa_method()); |
| 353 | ENGINE_set_DSA(smart_engine, DSA_get_default_openssl_method()); | 359 | ENGINE_set_DSA(smart_engine, DSA_get_default_openssl_method()); |
| 354 | ENGINE_set_DH(smart_engine, DH_get_default_openssl_method()); | 360 | ENGINE_set_DH(smart_engine, DH_get_default_openssl_method()); |
| 355 | ENGINE_set_RAND(smart_engine, RAND_SSLeay()); | 361 | ENGINE_set_RAND(smart_engine, RAND_SSLeay()); |
| @@ -357,6 +363,7 @@ sc_get_engine(void) | |||
| 357 | 363 | ||
| 358 | return smart_engine; | 364 | return smart_engine; |
| 359 | } | 365 | } |
| 366 | #endif | ||
| 360 | 367 | ||
| 361 | void | 368 | void |
| 362 | sc_close(void) | 369 | sc_close(void) |
| @@ -367,11 +374,11 @@ sc_close(void) | |||
| 367 | } | 374 | } |
| 368 | } | 375 | } |
| 369 | 376 | ||
| 370 | Key * | 377 | Key ** |
| 371 | sc_get_key(const char *id, const char *pin) | 378 | sc_get_keys(const char *id, const char *pin) |
| 372 | { | 379 | { |
| 373 | Key *k; | 380 | Key *k, *n, **keys; |
| 374 | int status; | 381 | int status, nkeys = 2; |
| 375 | 382 | ||
| 376 | if (sc_reader_id != NULL) | 383 | if (sc_reader_id != NULL) |
| 377 | xfree(sc_reader_id); | 384 | xfree(sc_reader_id); |
| @@ -395,7 +402,26 @@ sc_get_key(const char *id, const char *pin) | |||
| 395 | key_free(k); | 402 | key_free(k); |
| 396 | return NULL; | 403 | return NULL; |
| 397 | } | 404 | } |
| 398 | return k; | 405 | keys = xmalloc((nkeys+1) * sizeof(Key *)); |
| 406 | |||
| 407 | n = key_new(KEY_RSA1); | ||
| 408 | BN_copy(n->rsa->n, k->rsa->n); | ||
| 409 | BN_copy(n->rsa->e, k->rsa->e); | ||
| 410 | RSA_set_method(n->rsa, sc_get_rsa()); | ||
| 411 | n->flags |= KEY_FLAG_EXT; | ||
| 412 | keys[0] = n; | ||
| 413 | |||
| 414 | n = key_new(KEY_RSA); | ||
| 415 | BN_copy(n->rsa->n, k->rsa->n); | ||
| 416 | BN_copy(n->rsa->e, k->rsa->e); | ||
| 417 | RSA_set_method(n->rsa, sc_get_rsa()); | ||
| 418 | n->flags |= KEY_FLAG_EXT; | ||
| 419 | keys[1] = n; | ||
| 420 | |||
| 421 | keys[2] = NULL; | ||
| 422 | |||
| 423 | key_free(k); | ||
| 424 | return keys; | ||
| 399 | } | 425 | } |
| 400 | 426 | ||
| 401 | #define NUM_RSA_KEY_ELEMENTS 5+1 | 427 | #define NUM_RSA_KEY_ELEMENTS 5+1 |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: scard.h,v 1.9 2002/03/21 21:54:34 rees Exp $ */ | 1 | /* $OpenBSD: scard.h,v 1.10 2002/03/25 17:34:27 markus Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
| @@ -24,8 +24,6 @@ | |||
| 24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 25 | */ | 25 | */ |
| 26 | 26 | ||
| 27 | #include <openssl/engine.h> | ||
| 28 | |||
| 29 | #ifndef SCARD_H | 27 | #ifndef SCARD_H |
| 30 | #define SCARD_H | 28 | #define SCARD_H |
| 31 | 29 | ||
| @@ -35,8 +33,7 @@ | |||
| 35 | #define SCARD_ERROR_NOCARD -2 | 33 | #define SCARD_ERROR_NOCARD -2 |
| 36 | #define SCARD_ERROR_APPLET -3 | 34 | #define SCARD_ERROR_APPLET -3 |
| 37 | 35 | ||
| 38 | Key *sc_get_key(const char*, const char*); | 36 | Key **sc_get_keys(const char*, const char*); |
| 39 | ENGINE *sc_get_engine(void); | ||
| 40 | void sc_close(void); | 37 | void sc_close(void); |
| 41 | int sc_put_key(Key *, const char*); | 38 | int sc_put_key(Key *, const char*); |
| 42 | 39 | ||
diff --git a/ssh-agent.c b/ssh-agent.c index 1874eb152..f8183b400 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
| @@ -34,7 +34,7 @@ | |||
| 34 | */ | 34 | */ |
| 35 | 35 | ||
| 36 | #include "includes.h" | 36 | #include "includes.h" |
| 37 | RCSID("$OpenBSD: ssh-agent.c,v 1.83 2002/03/21 22:44:05 rees Exp $"); | 37 | RCSID("$OpenBSD: ssh-agent.c,v 1.84 2002/03/25 17:34:27 markus Exp $"); |
| 38 | 38 | ||
| 39 | #if defined(HAVE_SYS_QUEUE_H) && !defined(HAVE_BOGUS_SYS_QUEUE_H) | 39 | #if defined(HAVE_SYS_QUEUE_H) && !defined(HAVE_BOGUS_SYS_QUEUE_H) |
| 40 | #include <sys/queue.h> | 40 | #include <sys/queue.h> |
| @@ -57,7 +57,6 @@ RCSID("$OpenBSD: ssh-agent.c,v 1.83 2002/03/21 22:44:05 rees Exp $"); | |||
| 57 | #include "log.h" | 57 | #include "log.h" |
| 58 | 58 | ||
| 59 | #ifdef SMARTCARD | 59 | #ifdef SMARTCARD |
| 60 | #include <openssl/engine.h> | ||
| 61 | #include "scard.h" | 60 | #include "scard.h" |
| 62 | #endif | 61 | #endif |
| 63 | 62 | ||
| @@ -452,50 +451,39 @@ send: | |||
| 452 | static void | 451 | static void |
| 453 | process_add_smartcard_key (SocketEntry *e) | 452 | process_add_smartcard_key (SocketEntry *e) |
| 454 | { | 453 | { |
| 454 | Identity *id; | ||
| 455 | Idtab *tab; | 455 | Idtab *tab; |
| 456 | Key *n = NULL, *k = NULL; | 456 | Key **keys, *k; |
| 457 | char *sc_reader_id = NULL, *pin; | 457 | char *sc_reader_id = NULL, *pin; |
| 458 | int success = 0; | 458 | int i, version, success = 0; |
| 459 | 459 | ||
| 460 | sc_reader_id = buffer_get_string(&e->input, NULL); | 460 | sc_reader_id = buffer_get_string(&e->input, NULL); |
| 461 | pin = buffer_get_string(&e->input, NULL); | 461 | pin = buffer_get_string(&e->input, NULL); |
| 462 | k = sc_get_key(sc_reader_id, pin); | 462 | keys = sc_get_keys(sc_reader_id, pin); |
| 463 | xfree(sc_reader_id); | 463 | xfree(sc_reader_id); |
| 464 | xfree(pin); | 464 | xfree(pin); |
| 465 | 465 | ||
| 466 | if (k == NULL) { | 466 | if (keys == NULL || keys[0] == NULL) { |
| 467 | error("sc_get_pubkey failed"); | 467 | error("sc_get_keys failed"); |
| 468 | goto send; | 468 | goto send; |
| 469 | } | 469 | } |
| 470 | success = 1; | 470 | for (i = 0; keys[i] != NULL; i++) { |
| 471 | 471 | k = keys[i]; | |
| 472 | tab = idtab_lookup(1); | 472 | version = k->type == KEY_RSA1 ? 1 : 2; |
| 473 | k->type = KEY_RSA1; | 473 | tab = idtab_lookup(version); |
| 474 | if (lookup_identity(k, 1) == NULL) { | 474 | if (lookup_identity(k, version) == NULL) { |
| 475 | Identity *id = xmalloc(sizeof(Identity)); | 475 | id = xmalloc(sizeof(Identity)); |
| 476 | n = key_new(KEY_RSA1); | 476 | id->key = k; |
| 477 | BN_copy(n->rsa->n, k->rsa->n); | 477 | id->comment = xstrdup("smartcard key"); |
| 478 | BN_copy(n->rsa->e, k->rsa->e); | 478 | TAILQ_INSERT_TAIL(&tab->idlist, id, next); |
| 479 | RSA_set_method(n->rsa, sc_get_engine()); | 479 | tab->nentries++; |
| 480 | id->key = n; | 480 | success = 1; |
| 481 | id->comment = xstrdup("rsa1 smartcard"); | 481 | } else { |
| 482 | TAILQ_INSERT_TAIL(&tab->idlist, id, next); | 482 | key_free(k); |
| 483 | tab->nentries++; | 483 | } |
| 484 | } | 484 | keys[i] = NULL; |
| 485 | k->type = KEY_RSA; | ||
| 486 | tab = idtab_lookup(2); | ||
| 487 | if (lookup_identity(k, 2) == NULL) { | ||
| 488 | Identity *id = xmalloc(sizeof(Identity)); | ||
| 489 | n = key_new(KEY_RSA); | ||
| 490 | BN_copy(n->rsa->n, k->rsa->n); | ||
| 491 | BN_copy(n->rsa->e, k->rsa->e); | ||
| 492 | RSA_set_method(n->rsa, sc_get_engine()); | ||
| 493 | id->key = n; | ||
| 494 | id->comment = xstrdup("rsa smartcard"); | ||
| 495 | TAILQ_INSERT_TAIL(&tab->idlist, id, next); | ||
| 496 | tab->nentries++; | ||
| 497 | } | 485 | } |
| 498 | key_free(k); | 486 | xfree(keys); |
| 499 | send: | 487 | send: |
| 500 | buffer_put_int(&e->output, 1); | 488 | buffer_put_int(&e->output, 1); |
| 501 | buffer_put_char(&e->output, | 489 | buffer_put_char(&e->output, |
| @@ -505,41 +493,37 @@ send: | |||
| 505 | static void | 493 | static void |
| 506 | process_remove_smartcard_key(SocketEntry *e) | 494 | process_remove_smartcard_key(SocketEntry *e) |
| 507 | { | 495 | { |
| 508 | Key *k = NULL; | 496 | Identity *id; |
| 509 | int success = 0; | 497 | Idtab *tab; |
| 498 | Key **keys, *k = NULL; | ||
| 510 | char *sc_reader_id = NULL, *pin; | 499 | char *sc_reader_id = NULL, *pin; |
| 500 | int i, version, success = 0; | ||
| 511 | 501 | ||
| 512 | sc_reader_id = buffer_get_string(&e->input, NULL); | 502 | sc_reader_id = buffer_get_string(&e->input, NULL); |
| 513 | pin = buffer_get_string(&e->input, NULL); | 503 | pin = buffer_get_string(&e->input, NULL); |
| 514 | k = sc_get_key(sc_reader_id, pin); | 504 | keys = sc_get_keys(sc_reader_id, pin); |
| 515 | xfree(sc_reader_id); | 505 | xfree(sc_reader_id); |
| 516 | xfree(pin); | 506 | xfree(pin); |
| 517 | 507 | ||
| 518 | if (k == NULL) { | 508 | if (keys == NULL || keys[0] == NULL) { |
| 519 | error("sc_get_pubkey failed"); | 509 | error("sc_get_keys failed"); |
| 520 | } else { | 510 | goto send; |
| 521 | Identity *id; | 511 | } |
| 522 | k->type = KEY_RSA1; | 512 | for (i = 0; keys[i] != NULL; i++) { |
| 523 | id = lookup_identity(k, 1); | 513 | k = keys[i]; |
| 524 | if (id != NULL) { | 514 | version = k->type == KEY_RSA1 ? 1 : 2; |
| 525 | Idtab *tab = idtab_lookup(1); | 515 | if ((id = lookup_identity(k, version)) != NULL) { |
| 526 | TAILQ_REMOVE(&tab->idlist, id, next); | 516 | tab = idtab_lookup(version); |
| 527 | free_identity(id); | 517 | TAILQ_REMOVE(&tab->idlist, id, next); |
| 528 | tab->nentries--; | 518 | tab->nentries--; |
| 529 | success = 1; | ||
| 530 | } | ||
| 531 | k->type = KEY_RSA; | ||
| 532 | id = lookup_identity(k, 2); | ||
| 533 | if (id != NULL) { | ||
| 534 | Idtab *tab = idtab_lookup(2); | ||
| 535 | TAILQ_REMOVE(&tab->idlist, id, next); | ||
| 536 | free_identity(id); | 519 | free_identity(id); |
| 537 | tab->nentries--; | ||
| 538 | success = 1; | 520 | success = 1; |
| 539 | } | 521 | } |
| 540 | key_free(k); | 522 | key_free(k); |
| 523 | keys[i] = NULL; | ||
| 541 | } | 524 | } |
| 542 | 525 | xfree(keys); | |
| 526 | send: | ||
| 543 | buffer_put_int(&e->output, 1); | 527 | buffer_put_int(&e->output, 1); |
| 544 | buffer_put_char(&e->output, | 528 | buffer_put_char(&e->output, |
| 545 | success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); | 529 | success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); |
diff --git a/ssh-keygen.c b/ssh-keygen.c index 7d3629365..1a8a73129 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
| @@ -12,7 +12,7 @@ | |||
| 12 | */ | 12 | */ |
| 13 | 13 | ||
| 14 | #include "includes.h" | 14 | #include "includes.h" |
| 15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.96 2002/03/21 21:54:34 rees Exp $"); | 15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.97 2002/03/25 17:34:27 markus Exp $"); |
| 16 | 16 | ||
| 17 | #include <openssl/evp.h> | 17 | #include <openssl/evp.h> |
| 18 | #include <openssl/pem.h> | 18 | #include <openssl/pem.h> |
| @@ -416,14 +416,18 @@ do_upload(struct passwd *pw, const char *sc_reader_id) | |||
| 416 | static void | 416 | static void |
| 417 | do_download(struct passwd *pw, const char *sc_reader_id) | 417 | do_download(struct passwd *pw, const char *sc_reader_id) |
| 418 | { | 418 | { |
| 419 | Key *pub = NULL; | 419 | Key **keys = NULL; |
| 420 | int i; | ||
| 420 | 421 | ||
| 421 | pub = sc_get_key(sc_reader_id, NULL); | 422 | keys = sc_get_keys(sc_reader_id, NULL); |
| 422 | if (pub == NULL) | 423 | if (keys == NULL) |
| 423 | fatal("cannot read public key from smartcard"); | 424 | fatal("cannot read public key from smartcard"); |
| 424 | key_write(pub, stdout); | 425 | for (i = 0; keys[i]; i++) { |
| 425 | key_free(pub); | 426 | key_write(keys[i], stdout); |
| 426 | fprintf(stdout, "\n"); | 427 | key_free(keys[i]); |
| 428 | fprintf(stdout, "\n"); | ||
| 429 | } | ||
| 430 | xfree(keys); | ||
| 427 | exit(0); | 431 | exit(0); |
| 428 | } | 432 | } |
| 429 | #endif /* SMARTCARD */ | 433 | #endif /* SMARTCARD */ |
| @@ -39,7 +39,7 @@ | |||
| 39 | */ | 39 | */ |
| 40 | 40 | ||
| 41 | #include "includes.h" | 41 | #include "includes.h" |
| 42 | RCSID("$OpenBSD: ssh.c,v 1.166 2002/03/21 22:44:05 rees Exp $"); | 42 | RCSID("$OpenBSD: ssh.c,v 1.167 2002/03/25 17:34:27 markus Exp $"); |
| 43 | 43 | ||
| 44 | #include <openssl/evp.h> | 44 | #include <openssl/evp.h> |
| 45 | #include <openssl/err.h> | 45 | #include <openssl/err.h> |
| @@ -70,7 +70,6 @@ RCSID("$OpenBSD: ssh.c,v 1.166 2002/03/21 22:44:05 rees Exp $"); | |||
| 70 | #include "sshtty.h" | 70 | #include "sshtty.h" |
| 71 | 71 | ||
| 72 | #ifdef SMARTCARD | 72 | #ifdef SMARTCARD |
| 73 | #include <openssl/engine.h> | ||
| 74 | #include "scard.h" | 73 | #include "scard.h" |
| 75 | #endif | 74 | #endif |
| 76 | 75 | ||
| @@ -1187,40 +1186,29 @@ static void | |||
| 1187 | load_public_identity_files(void) | 1186 | load_public_identity_files(void) |
| 1188 | { | 1187 | { |
| 1189 | char *filename; | 1188 | char *filename; |
| 1190 | Key *public; | ||
| 1191 | int i = 0; | 1189 | int i = 0; |
| 1192 | 1190 | Key *public; | |
| 1193 | #ifdef SMARTCARD | 1191 | #ifdef SMARTCARD |
| 1192 | Key **keys; | ||
| 1193 | |||
| 1194 | if (options.smartcard_device != NULL && | 1194 | if (options.smartcard_device != NULL && |
| 1195 | options.num_identity_files + 1 < SSH_MAX_IDENTITY_FILES && | 1195 | options.num_identity_files < SSH_MAX_IDENTITY_FILES && |
| 1196 | (public = sc_get_key(options.smartcard_device, NULL)) != NULL ) { | 1196 | (keys = sc_get_keys(options.smartcard_device, NULL)) != NULL ) { |
| 1197 | Key *new; | 1197 | int count = 0; |
| 1198 | 1198 | for (i = 0; keys[i] != NULL; i++) { | |
| 1199 | if (options.num_identity_files + 2 > SSH_MAX_IDENTITY_FILES) | 1199 | count++; |
| 1200 | options.num_identity_files = SSH_MAX_IDENTITY_FILES - 2; | 1200 | if (options.num_identity_files + 1 > SSH_MAX_IDENTITY_FILES) |
| 1201 | memmove(&options.identity_files[2], &options.identity_files[0], | 1201 | options.num_identity_files = SSH_MAX_IDENTITY_FILES - 1; |
| 1202 | sizeof(char *) * options.num_identity_files); | 1202 | memmove(&options.identity_files[1], &options.identity_files[0], |
| 1203 | options.num_identity_files += 2; | 1203 | sizeof(char *) * (SSH_MAX_IDENTITY_FILES - 1)); |
| 1204 | i = 2; | 1204 | memmove(&options.identity_keys[1], &options.identity_keys[0], |
| 1205 | 1205 | sizeof(Key *) * (SSH_MAX_IDENTITY_FILES - 1)); | |
| 1206 | /* XXX ssh1 vs ssh2 */ | 1206 | options.num_identity_files++; |
| 1207 | new = key_new(KEY_RSA); | 1207 | options.identity_keys[0] = keys[i]; |
| 1208 | new->flags = KEY_FLAG_EXT; | 1208 | options.identity_files[0] = xstrdup("smartcard key");; |
| 1209 | BN_copy(new->rsa->n, public->rsa->n); | 1209 | } |
| 1210 | BN_copy(new->rsa->e, public->rsa->e); | 1210 | i = count; |
| 1211 | RSA_set_method(new->rsa, sc_get_engine()); | 1211 | xfree(keys); |
| 1212 | options.identity_keys[0] = new; | ||
| 1213 | options.identity_files[0] = xstrdup("smartcard rsa key");; | ||
| 1214 | |||
| 1215 | new = key_new(KEY_RSA1); | ||
| 1216 | new->flags = KEY_FLAG_EXT; | ||
| 1217 | BN_copy(new->rsa->n, public->rsa->n); | ||
| 1218 | BN_copy(new->rsa->e, public->rsa->e); | ||
| 1219 | RSA_set_method(new->rsa, sc_get_engine()); | ||
| 1220 | options.identity_keys[1] = new; | ||
| 1221 | options.identity_files[1] = xstrdup("smartcard rsa1 key"); | ||
| 1222 | |||
| 1223 | key_free(public); | ||
| 1224 | } | 1212 | } |
| 1225 | #endif /* SMARTCARD */ | 1213 | #endif /* SMARTCARD */ |
| 1226 | for (; i < options.num_identity_files; i++) { | 1214 | for (; i < options.num_identity_files; i++) { |