diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2020-01-25 00:03:36 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2020-01-25 11:35:55 +1100 |
| commit | 89a8d4525e8edd9958ed3df60cf683551142eae0 (patch) | |
| tree | 5251d0355691f30dca76d17724dd0d2123285e6e /ssh-keygen.c | |
| parent | a8c05c640873621681ab64d2e47a314592d5efa2 (diff) | |
upstream: expose PKCS#11 key labels/X.509 subjects as comments
Extract the key label or X.509 subject string when PKCS#11 keys
are retrieved from the token and plumb this through to places where
it may be used as a comment.
based on https://github.com/openssh/openssh-portable/pull/138
by Danielle Church
feedback and ok markus@
OpenBSD-Commit-ID: cae1fda10d9e10971dea29520916e27cfec7ca35
Diffstat (limited to 'ssh-keygen.c')
| -rw-r--r-- | ssh-keygen.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index 2c9f67862..14d2357a7 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-keygen.c,v 1.391 2020/01/24 05:33:01 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.392 2020/01/25 00:03:36 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -829,13 +829,13 @@ do_download(struct passwd *pw) | |||
| 829 | int i, nkeys; | 829 | int i, nkeys; |
| 830 | enum sshkey_fp_rep rep; | 830 | enum sshkey_fp_rep rep; |
| 831 | int fptype; | 831 | int fptype; |
| 832 | char *fp, *ra; | 832 | char *fp, *ra, **comments = NULL; |
| 833 | 833 | ||
| 834 | fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash; | 834 | fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash; |
| 835 | rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT; | 835 | rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT; |
| 836 | 836 | ||
| 837 | pkcs11_init(1); | 837 | pkcs11_init(1); |
| 838 | nkeys = pkcs11_add_provider(pkcs11provider, NULL, &keys); | 838 | nkeys = pkcs11_add_provider(pkcs11provider, NULL, &keys, &comments); |
| 839 | if (nkeys <= 0) | 839 | if (nkeys <= 0) |
| 840 | fatal("cannot read public key from pkcs11"); | 840 | fatal("cannot read public key from pkcs11"); |
| 841 | for (i = 0; i < nkeys; i++) { | 841 | for (i = 0; i < nkeys; i++) { |
| @@ -853,10 +853,13 @@ do_download(struct passwd *pw) | |||
| 853 | free(fp); | 853 | free(fp); |
| 854 | } else { | 854 | } else { |
| 855 | (void) sshkey_write(keys[i], stdout); /* XXX check */ | 855 | (void) sshkey_write(keys[i], stdout); /* XXX check */ |
| 856 | fprintf(stdout, "\n"); | 856 | fprintf(stdout, "%s%s\n", |
| 857 | *(comments[i]) == '\0' ? "" : " ", comments[i]); | ||
| 857 | } | 858 | } |
| 859 | free(comments[i]); | ||
| 858 | sshkey_free(keys[i]); | 860 | sshkey_free(keys[i]); |
| 859 | } | 861 | } |
| 862 | free(comments); | ||
| 860 | free(keys); | 863 | free(keys); |
| 861 | pkcs11_terminate(); | 864 | pkcs11_terminate(); |
| 862 | exit(0); | 865 | exit(0); |
| @@ -1703,7 +1706,8 @@ load_pkcs11_key(char *path) | |||
| 1703 | fatal("Couldn't load CA public key \"%s\": %s", | 1706 | fatal("Couldn't load CA public key \"%s\": %s", |
| 1704 | path, ssh_err(r)); | 1707 | path, ssh_err(r)); |
| 1705 | 1708 | ||
| 1706 | nkeys = pkcs11_add_provider(pkcs11provider, identity_passphrase, &keys); | 1709 | nkeys = pkcs11_add_provider(pkcs11provider, identity_passphrase, |
| 1710 | &keys, NULL); | ||
| 1707 | debug3("%s: %d keys", __func__, nkeys); | 1711 | debug3("%s: %d keys", __func__, nkeys); |
| 1708 | if (nkeys <= 0) | 1712 | if (nkeys <= 0) |
| 1709 | fatal("cannot read public key from pkcs11"); | 1713 | fatal("cannot read public key from pkcs11"); |