diff options
author | djm@openbsd.org <djm@openbsd.org> | 2020-01-25 00:03:36 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2020-01-25 11:35:55 +1100 |
commit | 89a8d4525e8edd9958ed3df60cf683551142eae0 (patch) | |
tree | 5251d0355691f30dca76d17724dd0d2123285e6e /ssh-pkcs11-client.c | |
parent | a8c05c640873621681ab64d2e47a314592d5efa2 (diff) |
upstream: expose PKCS#11 key labels/X.509 subjects as comments
Extract the key label or X.509 subject string when PKCS#11 keys
are retrieved from the token and plumb this through to places where
it may be used as a comment.
based on https://github.com/openssh/openssh-portable/pull/138
by Danielle Church
feedback and ok markus@
OpenBSD-Commit-ID: cae1fda10d9e10971dea29520916e27cfec7ca35
Diffstat (limited to 'ssh-pkcs11-client.c')
-rw-r--r-- | ssh-pkcs11-client.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c index e7860de89..8a0ffef5d 100644 --- a/ssh-pkcs11-client.c +++ b/ssh-pkcs11-client.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-pkcs11-client.c,v 1.15 2019/01/21 12:53:35 djm Exp $ */ | 1 | /* $OpenBSD: ssh-pkcs11-client.c,v 1.16 2020/01/25 00:03:36 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2014 Pedro Martelletto. All rights reserved. | 4 | * Copyright (c) 2014 Pedro Martelletto. All rights reserved. |
@@ -312,11 +312,13 @@ pkcs11_start_helper(void) | |||
312 | } | 312 | } |
313 | 313 | ||
314 | int | 314 | int |
315 | pkcs11_add_provider(char *name, char *pin, struct sshkey ***keysp) | 315 | pkcs11_add_provider(char *name, char *pin, struct sshkey ***keysp, |
316 | char ***labelsp) | ||
316 | { | 317 | { |
317 | struct sshkey *k; | 318 | struct sshkey *k; |
318 | int r, type; | 319 | int r, type; |
319 | u_char *blob; | 320 | u_char *blob; |
321 | char *label; | ||
320 | size_t blen; | 322 | size_t blen; |
321 | u_int nkeys, i; | 323 | u_int nkeys, i; |
322 | struct sshbuf *msg; | 324 | struct sshbuf *msg; |
@@ -338,16 +340,22 @@ pkcs11_add_provider(char *name, char *pin, struct sshkey ***keysp) | |||
338 | if ((r = sshbuf_get_u32(msg, &nkeys)) != 0) | 340 | if ((r = sshbuf_get_u32(msg, &nkeys)) != 0) |
339 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 341 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
340 | *keysp = xcalloc(nkeys, sizeof(struct sshkey *)); | 342 | *keysp = xcalloc(nkeys, sizeof(struct sshkey *)); |
343 | if (labelsp) | ||
344 | *labelsp = xcalloc(nkeys, sizeof(char *)); | ||
341 | for (i = 0; i < nkeys; i++) { | 345 | for (i = 0; i < nkeys; i++) { |
342 | /* XXX clean up properly instead of fatal() */ | 346 | /* XXX clean up properly instead of fatal() */ |
343 | if ((r = sshbuf_get_string(msg, &blob, &blen)) != 0 || | 347 | if ((r = sshbuf_get_string(msg, &blob, &blen)) != 0 || |
344 | (r = sshbuf_skip_string(msg)) != 0) | 348 | (r = sshbuf_get_cstring(msg, &label, NULL)) != 0) |
345 | fatal("%s: buffer error: %s", | 349 | fatal("%s: buffer error: %s", |
346 | __func__, ssh_err(r)); | 350 | __func__, ssh_err(r)); |
347 | if ((r = sshkey_from_blob(blob, blen, &k)) != 0) | 351 | if ((r = sshkey_from_blob(blob, blen, &k)) != 0) |
348 | fatal("%s: bad key: %s", __func__, ssh_err(r)); | 352 | fatal("%s: bad key: %s", __func__, ssh_err(r)); |
349 | wrap_key(k); | 353 | wrap_key(k); |
350 | (*keysp)[i] = k; | 354 | (*keysp)[i] = k; |
355 | if (labelsp) | ||
356 | (*labelsp)[i] = label; | ||
357 | else | ||
358 | free(label); | ||
351 | free(blob); | 359 | free(blob); |
352 | } | 360 | } |
353 | } else if (type == SSH2_AGENT_FAILURE) { | 361 | } else if (type == SSH2_AGENT_FAILURE) { |