6 files changed, 130 insertions, 128 deletions
diff --git a/ChangeLog b/ChangeLog
index 6e63b16d7..079c7bf99 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,9 @@
   - markus@cvs.openbsd.org 2002/03/25 09:25:06
     [auth-rh-rsa.c]
     rm bogus comment
+   - markus@cvs.openbsd.org 2002/03/25 17:34:27
+     [scard.c scard.h ssh-agent.c ssh-keygen.c ssh.c]
+     change sc_get_key to sc_get_keys and hide smartcard details in scard.c
 20020324
 - (stevesk) [session.c] disable LOGIN_NEEDS_TERM until we are sure
@@ -8042,4 +8045,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1
-$Id: ChangeLog,v 1.1986 2002/03/26 03:08:47 mouring Exp $
+$Id: ChangeLog,v 1.1987 2002/03/26 03:17:42 mouring Exp $
diff --git a/scard.c b/scard.c
index 9b2d77602..779106f85 100644
--- a/scard.c
+++ b/scard.c
@@ -24,9 +24,8 @@
 #include "includes.h"
 #ifdef SMARTCARD
-RCSID("$OpenBSD: scard.c,v 1.23 2002/03/24 18:05:29 markus Exp $");
+RCSID("$OpenBSD: scard.c,v 1.24 2002/03/25 17:34:27 markus Exp $");
-#include <openssl/engine.h>
 #include <openssl/evp.h>
 #include <sectok.h>
@@ -36,13 +35,17 @@ RCSID("$OpenBSD: scard.c,v 1.23 2002/03/24 18:05:29 markus Exp $");
 #include "readpass.h"
 #include "scard.h"
-#ifdef OPENSSL_VERSION_NUMBER
+#if OPENSSL_VERSION_NUMBER < 0x00907000L
-#if OPENSSL_VERSION_NUMBER >= 0x00907000L
+#define USE_ENGINE
-#define RSA_get_default_openssl_method RSA_get_default_method
+#define RSA_get_default_method RSA_get_default_openssl_method
-#define DSA_get_default_openssl_method DSA_get_default_method
+#else
-#define DH_get_default_openssl_method DH_get_default_method
-#define ENGINE_set_BN_mod_exp(x,y)
 #endif
+#ifdef USE_ENGINE
+#include <openssl/engine.h>
+#define sc_get_rsa sc_get_engine
+#else
+#define sc_get_rsa sc_get_rsa_method
 #endif
 #define CLA_SSH 0x05
@@ -143,8 +146,7 @@ sc_read_pubkey(Key * k)
        n = NULL;
        if (sc_fd < 0) {
-                status = sc_init();
+                if (sc_init() < 0)
-                if (status < 0 )
                        goto err;
        }
@@ -317,18 +319,13 @@ sc_finish(RSA *rsa)
        return 1;
 }
 /* engine for overloading private key operations */
-static ENGINE *smart_engine = NULL;
+static RSA_METHOD *
-static RSA_METHOD smart_rsa;
+sc_get_rsa_method(void)
-ENGINE *
-sc_get_engine(void)
 {
-        const RSA_METHOD *def;
+        static RSA_METHOD smart_rsa;
+        const RSA_METHOD *def = RSA_get_default_method();
-        def = RSA_get_default_openssl_method();
        /* use the OpenSSL version */
        memcpy(&smart_rsa, def, sizeof(smart_rsa));
@@ -343,13 +340,22 @@ sc_get_engine(void)
        orig_finish             = def->finish;
        smart_rsa.finish        = sc_finish;
+        return &smart_rsa;
+}
+#ifdef USE_ENGINE
+static ENGINE *
+sc_get_engine(void)
+{
+        static ENGINE *smart_engine = NULL;
        if ((smart_engine = ENGINE_new()) == NULL)
                fatal("ENGINE_new failed");
        ENGINE_set_id(smart_engine, "sectok");
        ENGINE_set_name(smart_engine, "libsectok");
-        ENGINE_set_RSA(smart_engine, &smart_rsa);
+        ENGINE_set_RSA(smart_engine, sc_get_rsa_method());
        ENGINE_set_DSA(smart_engine, DSA_get_default_openssl_method());
        ENGINE_set_DH(smart_engine, DH_get_default_openssl_method());
        ENGINE_set_RAND(smart_engine, RAND_SSLeay());
@@ -357,6 +363,7 @@ sc_get_engine(void)
        return smart_engine;
 }
+#endif
 void
 sc_close(void)
@@ -367,11 +374,11 @@ sc_close(void)
        }
 }
-Key *
+Key **
-sc_get_key(const char *id, const char *pin)
+sc_get_keys(const char *id, const char *pin)
 {
-        Key *k;
+        Key *k, *n, **keys;
-        int status;
+        int status, nkeys = 2;
        if (sc_reader_id != NULL)
                xfree(sc_reader_id);
@@ -395,7 +402,26 @@ sc_get_key(const char *id, const char *pin)
                key_free(k);
                return NULL;
        }
-        return k;
+        keys = xmalloc((nkeys+1) * sizeof(Key *));
+        n = key_new(KEY_RSA1);
+        BN_copy(n->rsa->n, k->rsa->n);
+        BN_copy(n->rsa->e, k->rsa->e);
+        RSA_set_method(n->rsa, sc_get_rsa());
+        n->flags |= KEY_FLAG_EXT;
+        keys[0] = n;
+        n = key_new(KEY_RSA);
+        BN_copy(n->rsa->n, k->rsa->n);
+        BN_copy(n->rsa->e, k->rsa->e);
+        RSA_set_method(n->rsa, sc_get_rsa());
+        n->flags |= KEY_FLAG_EXT;
+        keys[1] = n;
+        keys[2] = NULL;
+        key_free(k);
+        return keys;
 }
 #define NUM_RSA_KEY_ELEMENTS 5+1
diff --git a/scard.h b/scard.h
index 465fe274b..c0aa9ed30 100644
--- a/scard.h
+++ b/scard.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: scard.h,v 1.9 2002/03/21 21:54:34 rees Exp $  */
+/*      $OpenBSD: scard.h,v 1.10 2002/03/25 17:34:27 markus Exp $       */
 /*
 * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -24,8 +24,6 @@
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
-#include <openssl/engine.h>
 #ifndef SCARD_H
 #define SCARD_H
@@ -35,8 +33,7 @@
 #define SCARD_ERROR_NOCARD      -2
 #define SCARD_ERROR_APPLET      -3
-Key     *sc_get_key(const char*, const char*);
+Key     **sc_get_keys(const char*, const char*);
-ENGINE  *sc_get_engine(void);
 void     sc_close(void);
 int      sc_put_key(Key *, const char*);
diff --git a/ssh-agent.c b/ssh-agent.c
index 1874eb152..f8183b400 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -34,7 +34,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.83 2002/03/21 22:44:05 rees Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.84 2002/03/25 17:34:27 markus Exp $");
 #if defined(HAVE_SYS_QUEUE_H) && !defined(HAVE_BOGUS_SYS_QUEUE_H)
 #include <sys/queue.h>
@@ -57,7 +57,6 @@ RCSID("$OpenBSD: ssh-agent.c,v 1.83 2002/03/21 22:44:05 rees Exp $");
 #include "log.h"
 #ifdef SMARTCARD
-#include <openssl/engine.h>
 #include "scard.h"
 #endif
@@ -452,50 +451,39 @@ send:
 static void
 process_add_smartcard_key (SocketEntry *e)
 {
+        Identity *id;
        Idtab *tab;
-        Key *n = NULL, *k = NULL;
+        Key **keys, *k;
        char *sc_reader_id = NULL, *pin;
-        int success = 0;
+        int i, version, success = 0;
        sc_reader_id = buffer_get_string(&e->input, NULL);
        pin = buffer_get_string(&e->input, NULL);
-        k = sc_get_key(sc_reader_id, pin);
+        keys = sc_get_keys(sc_reader_id, pin);
        xfree(sc_reader_id);
        xfree(pin);
-        if (k == NULL) {
+        if (keys == NULL || keys[0] == NULL) {
-                error("sc_get_pubkey failed");
+                error("sc_get_keys failed");
                goto send;
        }
-        success = 1;
+        for (i = 0; keys[i] != NULL; i++) {
+                k = keys[i];
-        tab = idtab_lookup(1);
+                version = k->type == KEY_RSA1 ? 1 : 2;
-        k->type = KEY_RSA1;
+                tab = idtab_lookup(version);
-        if (lookup_identity(k, 1) == NULL) {
+                if (lookup_identity(k, version) == NULL) {
-                Identity *id = xmalloc(sizeof(Identity));
+                        id = xmalloc(sizeof(Identity));
-                n = key_new(KEY_RSA1);
+                        id->key = k;
-                BN_copy(n->rsa->n, k->rsa->n);
+                        id->comment = xstrdup("smartcard key");
-                BN_copy(n->rsa->e, k->rsa->e);
+                        TAILQ_INSERT_TAIL(&tab->idlist, id, next);
-                RSA_set_method(n->rsa, sc_get_engine());
+                        tab->nentries++;
-                id->key = n;
+                        success = 1;
-                id->comment = xstrdup("rsa1 smartcard");
+                } else {
-                TAILQ_INSERT_TAIL(&tab->idlist, id, next);
+                        key_free(k);
-                tab->nentries++;
+                }
-        }
+                keys[i] = NULL;
-        k->type = KEY_RSA;
-        tab = idtab_lookup(2);
-        if (lookup_identity(k, 2) == NULL) {
-                Identity *id = xmalloc(sizeof(Identity));
-                n = key_new(KEY_RSA);
-                BN_copy(n->rsa->n, k->rsa->n);
-                BN_copy(n->rsa->e, k->rsa->e);
-                RSA_set_method(n->rsa, sc_get_engine());
-                id->key = n;
-                id->comment = xstrdup("rsa smartcard");
-                TAILQ_INSERT_TAIL(&tab->idlist, id, next);
-                tab->nentries++;
        }
-        key_free(k);
+        xfree(keys);
 send:
        buffer_put_int(&e->output, 1);
        buffer_put_char(&e->output,
@@ -505,41 +493,37 @@ send:
 static void
 process_remove_smartcard_key(SocketEntry *e)
 {
-        Key *k = NULL;
+        Identity *id;
-        int success = 0;
+        Idtab *tab;
+        Key **keys, *k = NULL;
        char *sc_reader_id = NULL, *pin;
+        int i, version, success = 0;
        sc_reader_id = buffer_get_string(&e->input, NULL);
        pin = buffer_get_string(&e->input, NULL);
-        k = sc_get_key(sc_reader_id, pin);
+        keys = sc_get_keys(sc_reader_id, pin);
        xfree(sc_reader_id);
        xfree(pin);
-        if (k == NULL) {
+        if (keys == NULL || keys[0] == NULL) {
-                error("sc_get_pubkey failed");
+                error("sc_get_keys failed");
-        } else {
+                goto send;
-                Identity *id;
+        }
-                k->type = KEY_RSA1;
+        for (i = 0; keys[i] != NULL; i++) {
-                id = lookup_identity(k, 1);
+                k = keys[i];
-                if (id != NULL) {
+                version = k->type == KEY_RSA1 ? 1 : 2;
-                        Idtab *tab = idtab_lookup(1);
+                if ((id = lookup_identity(k, version)) != NULL) {
-                        TAILQ_REMOVE(&tab->idlist, id, next);
+                        tab = idtab_lookup(version);
-                        free_identity(id);
+                        TAILQ_REMOVE(&tab->idlist, id, next);
                        tab->nentries--;
-                        success = 1;
-                }
-                k->type = KEY_RSA;
-                id = lookup_identity(k, 2);
-                if (id != NULL) {
-                        Idtab *tab = idtab_lookup(2);
-                        TAILQ_REMOVE(&tab->idlist, id, next);
                        free_identity(id);
-                        tab->nentries--;
                        success = 1;
                }
                key_free(k);
+                keys[i] = NULL;
        }
+        xfree(keys);
+send:
        buffer_put_int(&e->output, 1);
        buffer_put_char(&e->output,
            success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 7d3629365..1a8a73129 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.96 2002/03/21 21:54:34 rees Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.97 2002/03/25 17:34:27 markus Exp $");
 #include <openssl/evp.h>
 #include <openssl/pem.h>
@@ -416,14 +416,18 @@ do_upload(struct passwd *pw, const char *sc_reader_id)
 static void
 do_download(struct passwd *pw, const char *sc_reader_id)
 {
-        Key *pub = NULL;
+        Key **keys = NULL;
+        int i;
-        pub = sc_get_key(sc_reader_id, NULL);
+        keys = sc_get_keys(sc_reader_id, NULL);
-        if (pub == NULL)
+        if (keys == NULL)
                fatal("cannot read public key from smartcard");
-        key_write(pub, stdout);
+        for (i = 0; keys[i]; i++) {
-        key_free(pub);
+                key_write(keys[i], stdout);
-        fprintf(stdout, "\n");
+                key_free(keys[i]);
+                fprintf(stdout, "\n");
+        }
+        xfree(keys);
        exit(0);
 }
 #endif /* SMARTCARD */
diff --git a/ssh.c b/ssh.c
index ae2e85480..dd926b7e7 100644
--- a/ssh.c
+++ b/ssh.c
@@ -39,7 +39,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.166 2002/03/21 22:44:05 rees Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.167 2002/03/25 17:34:27 markus Exp $");
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -70,7 +70,6 @@ RCSID("$OpenBSD: ssh.c,v 1.166 2002/03/21 22:44:05 rees Exp $");
 #include "sshtty.h"
 #ifdef SMARTCARD
-#include <openssl/engine.h>
 #include "scard.h"
 #endif
@@ -1187,40 +1186,29 @@ static void
 load_public_identity_files(void)
 {
        char *filename;
-        Key *public;
        int i = 0;
+        Key *public;
 #ifdef SMARTCARD
+        Key **keys;
        if (options.smartcard_device != NULL &&
-            options.num_identity_files + 1 < SSH_MAX_IDENTITY_FILES &&
+            options.num_identity_files < SSH_MAX_IDENTITY_FILES &&
-            (public = sc_get_key(options.smartcard_device, NULL)) != NULL ) {
+            (keys = sc_get_keys(options.smartcard_device, NULL)) != NULL ) {
-                Key *new;
+                int count = 0;
+                for (i = 0; keys[i] != NULL; i++) {
-                if (options.num_identity_files + 2 > SSH_MAX_IDENTITY_FILES)
+                        count++;
-                        options.num_identity_files = SSH_MAX_IDENTITY_FILES - 2;
+                        if (options.num_identity_files + 1 > SSH_MAX_IDENTITY_FILES)
-                memmove(&options.identity_files[2], &options.identity_files[0],
+                                options.num_identity_files = SSH_MAX_IDENTITY_FILES - 1;
-                    sizeof(char *) * options.num_identity_files);
+                        memmove(&options.identity_files[1], &options.identity_files[0],
-                options.num_identity_files += 2;
+                            sizeof(char *) * (SSH_MAX_IDENTITY_FILES - 1));
-                i = 2;
+                        memmove(&options.identity_keys[1], &options.identity_keys[0],
+                            sizeof(Key *) * (SSH_MAX_IDENTITY_FILES - 1));
-                /* XXX ssh1 vs ssh2 */
+                        options.num_identity_files++;
-                new = key_new(KEY_RSA);
+                        options.identity_keys[0] = keys[i];
-                new->flags = KEY_FLAG_EXT;
+                        options.identity_files[0] = xstrdup("smartcard key");;
-                BN_copy(new->rsa->n, public->rsa->n);
+                }
-                BN_copy(new->rsa->e, public->rsa->e);
+                i = count;
-                RSA_set_method(new->rsa, sc_get_engine());
+                xfree(keys);
-                options.identity_keys[0] = new;
-                options.identity_files[0] = xstrdup("smartcard rsa key");;
-                new = key_new(KEY_RSA1);
-                new->flags = KEY_FLAG_EXT;
-                BN_copy(new->rsa->n, public->rsa->n);
-                BN_copy(new->rsa->e, public->rsa->e);
-                RSA_set_method(new->rsa, sc_get_engine());
-                options.identity_keys[1] = new;
-                options.identity_files[1] = xstrdup("smartcard rsa1 key");
-                key_free(public);
        }
 #endif /* SMARTCARD */
        for (; i < options.num_identity_files; i++) {

diff --git a/ChangeLog b/ChangeLog index 6e63b16d7..079c7bf99 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -28,6 +28,9 @@
28	- markus@cvs.openbsd.org 2002/03/25 09:25:06	28	- markus@cvs.openbsd.org 2002/03/25 09:25:06
29	[auth-rh-rsa.c]	29	[auth-rh-rsa.c]
30	rm bogus comment	30	rm bogus comment
		31	- markus@cvs.openbsd.org 2002/03/25 17:34:27
		32	[scard.c scard.h ssh-agent.c ssh-keygen.c ssh.c]
		33	change sc_get_key to sc_get_keys and hide smartcard details in scard.c
31		34
32	20020324	35	20020324
33	- (stevesk) [session.c] disable LOGIN_NEEDS_TERM until we are sure	36	- (stevesk) [session.c] disable LOGIN_NEEDS_TERM until we are sure
@@ -8042,4 +8045,4 @@
8042	- Wrote replacements for strlcpy and mkdtemp	8045	- Wrote replacements for strlcpy and mkdtemp
8043	- Released 1.0pre1	8046	- Released 1.0pre1
8044		8047
8045	$Id: ChangeLog,v 1.1986 2002/03/26 03:08:47 mouring Exp $	8048	$Id: ChangeLog,v 1.1987 2002/03/26 03:17:42 mouring Exp $


diff --git a/scard.c b/scard.c index 9b2d77602..779106f85 100644 --- a/scard.c +++ b/scard.c
@@ -24,9 +24,8 @@
24		24
25	#include "includes.h"	25	#include "includes.h"
26	#ifdef SMARTCARD	26	#ifdef SMARTCARD
27	RCSID("$OpenBSD: scard.c,v 1.23 2002/03/24 18:05:29 markus Exp $");	27	RCSID("$OpenBSD: scard.c,v 1.24 2002/03/25 17:34:27 markus Exp $");
28		28
29	#include <openssl/engine.h>
30	#include <openssl/evp.h>	29	#include <openssl/evp.h>
31	#include <sectok.h>	30	#include <sectok.h>
32		31
@@ -36,13 +35,17 @@ RCSID("$OpenBSD: scard.c,v 1.23 2002/03/24 18:05:29 markus Exp $");
36	#include "readpass.h"	35	#include "readpass.h"
37	#include "scard.h"	36	#include "scard.h"
38		37
39	#ifdef OPENSSL_VERSION_NUMBER	38	#if OPENSSL_VERSION_NUMBER < 0x00907000L
40	#if OPENSSL_VERSION_NUMBER >= 0x00907000L	39	#define USE_ENGINE
41	#define RSA_get_default_openssl_method RSA_get_default_method	40	#define RSA_get_default_method RSA_get_default_openssl_method
42	#define DSA_get_default_openssl_method DSA_get_default_method	41	#else
43	#define DH_get_default_openssl_method DH_get_default_method
44	#define ENGINE_set_BN_mod_exp(x,y)
45	#endif	42	#endif
		43
		44	#ifdef USE_ENGINE
		45	#include <openssl/engine.h>
		46	#define sc_get_rsa sc_get_engine
		47	#else
		48	#define sc_get_rsa sc_get_rsa_method
46	#endif	49	#endif
47		50
48	#define CLA_SSH 0x05	51	#define CLA_SSH 0x05
@@ -143,8 +146,7 @@ sc_read_pubkey(Key * k)
143	n = NULL;	146	n = NULL;
144		147
145	if (sc_fd < 0) {	148	if (sc_fd < 0) {
146	status = sc_init();	149	if (sc_init() < 0)
147	if (status < 0 )
148	goto err;	150	goto err;
149	}	151	}
150		152
@@ -317,18 +319,13 @@ sc_finish(RSA *rsa)
317	return 1;	319	return 1;
318	}	320	}
319		321
320
321	/* engine for overloading private key operations */	322	/* engine for overloading private key operations */
322		323
323	static ENGINE *smart_engine = NULL;	324	static RSA_METHOD *
324	static RSA_METHOD smart_rsa;	325	sc_get_rsa_method(void)
325
326	ENGINE *
327	sc_get_engine(void)
328	{	326	{
329	const RSA_METHOD *def;	327	static RSA_METHOD smart_rsa;
330		328	const RSA_METHOD *def = RSA_get_default_method();
331	def = RSA_get_default_openssl_method();
332		329
333	/* use the OpenSSL version */	330	/* use the OpenSSL version */
334	memcpy(&smart_rsa, def, sizeof(smart_rsa));	331	memcpy(&smart_rsa, def, sizeof(smart_rsa));
@@ -343,13 +340,22 @@ sc_get_engine(void)
343	orig_finish = def->finish;	340	orig_finish = def->finish;
344	smart_rsa.finish = sc_finish;	341	smart_rsa.finish = sc_finish;
345		342
		343	return &smart_rsa;
		344	}
		345
		346	#ifdef USE_ENGINE
		347	static ENGINE *
		348	sc_get_engine(void)
		349	{
		350	static ENGINE *smart_engine = NULL;
		351
346	if ((smart_engine = ENGINE_new()) == NULL)	352	if ((smart_engine = ENGINE_new()) == NULL)
347	fatal("ENGINE_new failed");	353	fatal("ENGINE_new failed");
348		354
349	ENGINE_set_id(smart_engine, "sectok");	355	ENGINE_set_id(smart_engine, "sectok");
350	ENGINE_set_name(smart_engine, "libsectok");	356	ENGINE_set_name(smart_engine, "libsectok");
351		357
352	ENGINE_set_RSA(smart_engine, &smart_rsa);	358	ENGINE_set_RSA(smart_engine, sc_get_rsa_method());
353	ENGINE_set_DSA(smart_engine, DSA_get_default_openssl_method());	359	ENGINE_set_DSA(smart_engine, DSA_get_default_openssl_method());
354	ENGINE_set_DH(smart_engine, DH_get_default_openssl_method());	360	ENGINE_set_DH(smart_engine, DH_get_default_openssl_method());
355	ENGINE_set_RAND(smart_engine, RAND_SSLeay());	361	ENGINE_set_RAND(smart_engine, RAND_SSLeay());
@@ -357,6 +363,7 @@ sc_get_engine(void)
357		363
358	return smart_engine;	364	return smart_engine;
359	}	365	}
		366	#endif
360		367
361	void	368	void
362	sc_close(void)	369	sc_close(void)
@@ -367,11 +374,11 @@ sc_close(void)
367	}	374	}
368	}	375	}
369		376
370	Key *	377	Key **
371	sc_get_key(const char id, const char pin)	378	sc_get_keys(const char id, const char pin)
372	{	379	{
373	Key *k;	380	Key k, n, **keys;
374	int status;	381	int status, nkeys = 2;
375		382
376	if (sc_reader_id != NULL)	383	if (sc_reader_id != NULL)
377	xfree(sc_reader_id);	384	xfree(sc_reader_id);
@@ -395,7 +402,26 @@ sc_get_key(const char id, const char pin)
395	key_free(k);	402	key_free(k);
396	return NULL;	403	return NULL;
397	}	404	}
398	return k;	405	keys = xmalloc((nkeys+1) * sizeof(Key *));
		406
		407	n = key_new(KEY_RSA1);
		408	BN_copy(n->rsa->n, k->rsa->n);
		409	BN_copy(n->rsa->e, k->rsa->e);
		410	RSA_set_method(n->rsa, sc_get_rsa());
		411	n->flags \|= KEY_FLAG_EXT;
		412	keys[0] = n;
		413
		414	n = key_new(KEY_RSA);
		415	BN_copy(n->rsa->n, k->rsa->n);
		416	BN_copy(n->rsa->e, k->rsa->e);
		417	RSA_set_method(n->rsa, sc_get_rsa());
		418	n->flags \|= KEY_FLAG_EXT;
		419	keys[1] = n;
		420
		421	keys[2] = NULL;
		422
		423	key_free(k);
		424	return keys;
399	}	425	}
400		426
401	#define NUM_RSA_KEY_ELEMENTS 5+1	427	#define NUM_RSA_KEY_ELEMENTS 5+1


diff --git a/scard.h b/scard.h index 465fe274b..c0aa9ed30 100644 --- a/scard.h +++ b/scard.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: scard.h,v 1.9 2002/03/21 21:54:34 rees Exp $ */	1	/* $OpenBSD: scard.h,v 1.10 2002/03/25 17:34:27 markus Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2001 Markus Friedl. All rights reserved.	4	* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -24,8 +24,6 @@
24	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	24	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25	*/	25	*/
26		26
27	#include <openssl/engine.h>
28
29	#ifndef SCARD_H	27	#ifndef SCARD_H
30	#define SCARD_H	28	#define SCARD_H
31		29
@@ -35,8 +33,7 @@
35	#define SCARD_ERROR_NOCARD -2	33	#define SCARD_ERROR_NOCARD -2
36	#define SCARD_ERROR_APPLET -3	34	#define SCARD_ERROR_APPLET -3
37		35
38	Key sc_get_key(const char, const char*);	36	Key *sc_get_keys(const char, const char*);
39	ENGINE *sc_get_engine(void);
40	void sc_close(void);	37	void sc_close(void);
41	int sc_put_key(Key , const char);	38	int sc_put_key(Key , const char);
42		39


diff --git a/ssh-agent.c b/ssh-agent.c index 1874eb152..f8183b400 100644 --- a/ssh-agent.c +++ b/ssh-agent.c
@@ -34,7 +34,7 @@
34	*/	34	*/
35		35
36	#include "includes.h"	36	#include "includes.h"
37	RCSID("$OpenBSD: ssh-agent.c,v 1.83 2002/03/21 22:44:05 rees Exp $");	37	RCSID("$OpenBSD: ssh-agent.c,v 1.84 2002/03/25 17:34:27 markus Exp $");
38		38
39	#if defined(HAVE_SYS_QUEUE_H) && !defined(HAVE_BOGUS_SYS_QUEUE_H)	39	#if defined(HAVE_SYS_QUEUE_H) && !defined(HAVE_BOGUS_SYS_QUEUE_H)
40	#include <sys/queue.h>	40	#include <sys/queue.h>
@@ -57,7 +57,6 @@ RCSID("$OpenBSD: ssh-agent.c,v 1.83 2002/03/21 22:44:05 rees Exp $");
57	#include "log.h"	57	#include "log.h"
58		58
59	#ifdef SMARTCARD	59	#ifdef SMARTCARD
60	#include <openssl/engine.h>
61	#include "scard.h"	60	#include "scard.h"
62	#endif	61	#endif
63		62
@@ -452,50 +451,39 @@ send:
452	static void	451	static void
453	process_add_smartcard_key (SocketEntry *e)	452	process_add_smartcard_key (SocketEntry *e)
454	{	453	{
		454	Identity *id;
455	Idtab *tab;	455	Idtab *tab;
456	Key n = NULL, k = NULL;	456	Key *keys, k;
457	char sc_reader_id = NULL, pin;	457	char sc_reader_id = NULL, pin;
458	int success = 0;	458	int i, version, success = 0;
459		459
460	sc_reader_id = buffer_get_string(&e->input, NULL);	460	sc_reader_id = buffer_get_string(&e->input, NULL);
461	pin = buffer_get_string(&e->input, NULL);	461	pin = buffer_get_string(&e->input, NULL);
462	k = sc_get_key(sc_reader_id, pin);	462	keys = sc_get_keys(sc_reader_id, pin);
463	xfree(sc_reader_id);	463	xfree(sc_reader_id);
464	xfree(pin);	464	xfree(pin);
465		465
466	if (k == NULL) {	466	if (keys == NULL \|\| keys[0] == NULL) {
467	error("sc_get_pubkey failed");	467	error("sc_get_keys failed");
468	goto send;	468	goto send;
469	}	469	}
470	success = 1;	470	for (i = 0; keys[i] != NULL; i++) {
471		471	k = keys[i];
472	tab = idtab_lookup(1);	472	version = k->type == KEY_RSA1 ? 1 : 2;
473	k->type = KEY_RSA1;	473	tab = idtab_lookup(version);
474	if (lookup_identity(k, 1) == NULL) {	474	if (lookup_identity(k, version) == NULL) {
475	Identity *id = xmalloc(sizeof(Identity));	475	id = xmalloc(sizeof(Identity));
476	n = key_new(KEY_RSA1);	476	id->key = k;
477	BN_copy(n->rsa->n, k->rsa->n);	477	id->comment = xstrdup("smartcard key");
478	BN_copy(n->rsa->e, k->rsa->e);	478	TAILQ_INSERT_TAIL(&tab->idlist, id, next);
479	RSA_set_method(n->rsa, sc_get_engine());	479	tab->nentries++;
480	id->key = n;	480	success = 1;
481	id->comment = xstrdup("rsa1 smartcard");	481	} else {
482	TAILQ_INSERT_TAIL(&tab->idlist, id, next);	482	key_free(k);
483	tab->nentries++;	483	}
484	}	484	keys[i] = NULL;
485	k->type = KEY_RSA;
486	tab = idtab_lookup(2);
487	if (lookup_identity(k, 2) == NULL) {
488	Identity *id = xmalloc(sizeof(Identity));
489	n = key_new(KEY_RSA);
490	BN_copy(n->rsa->n, k->rsa->n);
491	BN_copy(n->rsa->e, k->rsa->e);
492	RSA_set_method(n->rsa, sc_get_engine());
493	id->key = n;
494	id->comment = xstrdup("rsa smartcard");
495	TAILQ_INSERT_TAIL(&tab->idlist, id, next);
496	tab->nentries++;
497	}	485	}
498	key_free(k);	486	xfree(keys);
499	send:	487	send:
500	buffer_put_int(&e->output, 1);	488	buffer_put_int(&e->output, 1);
501	buffer_put_char(&e->output,	489	buffer_put_char(&e->output,
@@ -505,41 +493,37 @@ send:
505	static void	493	static void
506	process_remove_smartcard_key(SocketEntry *e)	494	process_remove_smartcard_key(SocketEntry *e)
507	{	495	{
508	Key *k = NULL;	496	Identity *id;
509	int success = 0;	497	Idtab *tab;
		498	Key *keys, k = NULL;
510	char sc_reader_id = NULL, pin;	499	char sc_reader_id = NULL, pin;
		500	int i, version, success = 0;
511		501
512	sc_reader_id = buffer_get_string(&e->input, NULL);	502	sc_reader_id = buffer_get_string(&e->input, NULL);
513	pin = buffer_get_string(&e->input, NULL);	503	pin = buffer_get_string(&e->input, NULL);
514	k = sc_get_key(sc_reader_id, pin);	504	keys = sc_get_keys(sc_reader_id, pin);
515	xfree(sc_reader_id);	505	xfree(sc_reader_id);
516	xfree(pin);	506	xfree(pin);
517		507
518	if (k == NULL) {	508	if (keys == NULL \|\| keys[0] == NULL) {
519	error("sc_get_pubkey failed");	509	error("sc_get_keys failed");
520	} else {	510	goto send;
521	Identity *id;	511	}
522	k->type = KEY_RSA1;	512	for (i = 0; keys[i] != NULL; i++) {
523	id = lookup_identity(k, 1);	513	k = keys[i];
524	if (id != NULL) {	514	version = k->type == KEY_RSA1 ? 1 : 2;
525	Idtab *tab = idtab_lookup(1);	515	if ((id = lookup_identity(k, version)) != NULL) {
526	TAILQ_REMOVE(&tab->idlist, id, next);	516	tab = idtab_lookup(version);
527	free_identity(id);	517	TAILQ_REMOVE(&tab->idlist, id, next);
528	tab->nentries--;	518	tab->nentries--;
529	success = 1;
530	}
531	k->type = KEY_RSA;
532	id = lookup_identity(k, 2);
533	if (id != NULL) {
534	Idtab *tab = idtab_lookup(2);
535	TAILQ_REMOVE(&tab->idlist, id, next);
536	free_identity(id);	519	free_identity(id);
537	tab->nentries--;
538	success = 1;	520	success = 1;
539	}	521	}
540	key_free(k);	522	key_free(k);
		523	keys[i] = NULL;
541	}	524	}
542		525	xfree(keys);
		526	send:
543	buffer_put_int(&e->output, 1);	527	buffer_put_int(&e->output, 1);
544	buffer_put_char(&e->output,	528	buffer_put_char(&e->output,
545	success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);	529	success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);


diff --git a/ssh-keygen.c b/ssh-keygen.c index 7d3629365..1a8a73129 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
12	*/	12	*/
13		13
14	#include "includes.h"	14	#include "includes.h"
15	RCSID("$OpenBSD: ssh-keygen.c,v 1.96 2002/03/21 21:54:34 rees Exp $");	15	RCSID("$OpenBSD: ssh-keygen.c,v 1.97 2002/03/25 17:34:27 markus Exp $");
16		16
17	#include <openssl/evp.h>	17	#include <openssl/evp.h>
18	#include <openssl/pem.h>	18	#include <openssl/pem.h>
@@ -416,14 +416,18 @@ do_upload(struct passwd pw, const char sc_reader_id)
416	static void	416	static void
417	do_download(struct passwd pw, const char sc_reader_id)	417	do_download(struct passwd pw, const char sc_reader_id)
418	{	418	{
419	Key *pub = NULL;	419	Key **keys = NULL;
		420	int i;
420		421
421	pub = sc_get_key(sc_reader_id, NULL);	422	keys = sc_get_keys(sc_reader_id, NULL);
422	if (pub == NULL)	423	if (keys == NULL)
423	fatal("cannot read public key from smartcard");	424	fatal("cannot read public key from smartcard");
424	key_write(pub, stdout);	425	for (i = 0; keys[i]; i++) {
425	key_free(pub);	426	key_write(keys[i], stdout);
426	fprintf(stdout, "\n");	427	key_free(keys[i]);
		428	fprintf(stdout, "\n");
		429	}
		430	xfree(keys);
427	exit(0);	431	exit(0);
428	}	432	}
429	#endif /* SMARTCARD */	433	#endif /* SMARTCARD */


diff --git a/ssh.c b/ssh.c index ae2e85480..dd926b7e7 100644 --- a/ssh.c +++ b/ssh.c
@@ -39,7 +39,7 @@
39	*/	39	*/
40		40
41	#include "includes.h"	41	#include "includes.h"
42	RCSID("$OpenBSD: ssh.c,v 1.166 2002/03/21 22:44:05 rees Exp $");	42	RCSID("$OpenBSD: ssh.c,v 1.167 2002/03/25 17:34:27 markus Exp $");
43		43
44	#include <openssl/evp.h>	44	#include <openssl/evp.h>
45	#include <openssl/err.h>	45	#include <openssl/err.h>
@@ -70,7 +70,6 @@ RCSID("$OpenBSD: ssh.c,v 1.166 2002/03/21 22:44:05 rees Exp $");
70	#include "sshtty.h"	70	#include "sshtty.h"
71		71
72	#ifdef SMARTCARD	72	#ifdef SMARTCARD
73	#include <openssl/engine.h>
74	#include "scard.h"	73	#include "scard.h"
75	#endif	74	#endif
76		75
@@ -1187,40 +1186,29 @@ static void
1187	load_public_identity_files(void)	1186	load_public_identity_files(void)
1188	{	1187	{
1189	char *filename;	1188	char *filename;
1190	Key *public;
1191	int i = 0;	1189	int i = 0;
1192		1190	Key *public;
1193	#ifdef SMARTCARD	1191	#ifdef SMARTCARD
		1192	Key **keys;
		1193
1194	if (options.smartcard_device != NULL &&	1194	if (options.smartcard_device != NULL &&
1195	options.num_identity_files + 1 < SSH_MAX_IDENTITY_FILES &&	1195	options.num_identity_files < SSH_MAX_IDENTITY_FILES &&
1196	(public = sc_get_key(options.smartcard_device, NULL)) != NULL ) {	1196	(keys = sc_get_keys(options.smartcard_device, NULL)) != NULL ) {
1197	Key *new;	1197	int count = 0;
1198		1198	for (i = 0; keys[i] != NULL; i++) {
1199	if (options.num_identity_files + 2 > SSH_MAX_IDENTITY_FILES)	1199	count++;
1200	options.num_identity_files = SSH_MAX_IDENTITY_FILES - 2;	1200	if (options.num_identity_files + 1 > SSH_MAX_IDENTITY_FILES)
1201	memmove(&options.identity_files[2], &options.identity_files[0],	1201	options.num_identity_files = SSH_MAX_IDENTITY_FILES - 1;
1202	sizeof(char ) options.num_identity_files);	1202	memmove(&options.identity_files[1], &options.identity_files[0],
1203	options.num_identity_files += 2;	1203	sizeof(char ) (SSH_MAX_IDENTITY_FILES - 1));
1204	i = 2;	1204	memmove(&options.identity_keys[1], &options.identity_keys[0],
1205		1205	sizeof(Key ) (SSH_MAX_IDENTITY_FILES - 1));
1206	/* XXX ssh1 vs ssh2 */	1206	options.num_identity_files++;
1207	new = key_new(KEY_RSA);	1207	options.identity_keys[0] = keys[i];
1208	new->flags = KEY_FLAG_EXT;	1208	options.identity_files[0] = xstrdup("smartcard key");;
1209	BN_copy(new->rsa->n, public->rsa->n);	1209	}
1210	BN_copy(new->rsa->e, public->rsa->e);	1210	i = count;
1211	RSA_set_method(new->rsa, sc_get_engine());	1211	xfree(keys);
1212	options.identity_keys[0] = new;
1213	options.identity_files[0] = xstrdup("smartcard rsa key");;
1214
1215	new = key_new(KEY_RSA1);
1216	new->flags = KEY_FLAG_EXT;
1217	BN_copy(new->rsa->n, public->rsa->n);
1218	BN_copy(new->rsa->e, public->rsa->e);
1219	RSA_set_method(new->rsa, sc_get_engine());
1220	options.identity_keys[1] = new;
1221	options.identity_files[1] = xstrdup("smartcard rsa1 key");
1222
1223	key_free(public);
1224	}	1212	}
1225	#endif /* SMARTCARD */	1213	#endif /* SMARTCARD */
1226	for (; i < options.num_identity_files; i++) {	1214	for (; i < options.num_identity_files; i++) {