summaryrefslogtreecommitdiff
path: root/ssh-pkcs11.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssh-pkcs11.c')
-rw-r--r--ssh-pkcs11.c34
1 files changed, 18 insertions, 16 deletions
diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
index c96be3bd2..c3a112fa1 100644
--- a/ssh-pkcs11.c
+++ b/ssh-pkcs11.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-pkcs11.c,v 1.14 2014/06/24 01:13:21 djm Exp $ */ 1/* $OpenBSD: ssh-pkcs11.c,v 1.17 2015/02/03 08:07:20 deraadt Exp $ */
2/* 2/*
3 * Copyright (c) 2010 Markus Friedl. All rights reserved. 3 * Copyright (c) 2010 Markus Friedl. All rights reserved.
4 * 4 *
@@ -38,7 +38,7 @@
38 38
39#include "log.h" 39#include "log.h"
40#include "misc.h" 40#include "misc.h"
41#include "key.h" 41#include "sshkey.h"
42#include "ssh-pkcs11.h" 42#include "ssh-pkcs11.h"
43#include "xmalloc.h" 43#include "xmalloc.h"
44 44
@@ -263,8 +263,9 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa,
263 pin = read_passphrase(prompt, RP_ALLOW_EOF); 263 pin = read_passphrase(prompt, RP_ALLOW_EOF);
264 if (pin == NULL) 264 if (pin == NULL)
265 return (-1); /* bail out */ 265 return (-1); /* bail out */
266 if ((rv = f->C_Login(si->session, CKU_USER, 266 rv = f->C_Login(si->session, CKU_USER,
267 (u_char *)pin, strlen(pin))) != CKR_OK) { 267 (u_char *)pin, strlen(pin));
268 if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) {
268 free(pin); 269 free(pin);
269 error("C_Login failed: %lu", rv); 270 error("C_Login failed: %lu", rv);
270 return (-1); 271 return (-1);
@@ -366,8 +367,9 @@ pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin)
366 return (-1); 367 return (-1);
367 } 368 }
368 if (login_required && pin) { 369 if (login_required && pin) {
369 if ((rv = f->C_Login(session, CKU_USER, 370 rv = f->C_Login(session, CKU_USER,
370 (u_char *)pin, strlen(pin))) != CKR_OK) { 371 (u_char *)pin, strlen(pin));
372 if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) {
371 error("C_Login failed: %lu", rv); 373 error("C_Login failed: %lu", rv);
372 if ((rv = f->C_CloseSession(session)) != CKR_OK) 374 if ((rv = f->C_CloseSession(session)) != CKR_OK)
373 error("C_CloseSession failed: %lu", rv); 375 error("C_CloseSession failed: %lu", rv);
@@ -385,12 +387,12 @@ pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin)
385 * keysp points to an (possibly empty) array with *nkeys keys. 387 * keysp points to an (possibly empty) array with *nkeys keys.
386 */ 388 */
387static int pkcs11_fetch_keys_filter(struct pkcs11_provider *, CK_ULONG, 389static int pkcs11_fetch_keys_filter(struct pkcs11_provider *, CK_ULONG,
388 CK_ATTRIBUTE [], CK_ATTRIBUTE [3], Key ***, int *) 390 CK_ATTRIBUTE [], CK_ATTRIBUTE [3], struct sshkey ***, int *)
389 __attribute__((__bounded__(__minbytes__,4, 3 * sizeof(CK_ATTRIBUTE)))); 391 __attribute__((__bounded__(__minbytes__,4, 3 * sizeof(CK_ATTRIBUTE))));
390 392
391static int 393static int
392pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx, 394pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx,
393 Key ***keysp, int *nkeys) 395 struct sshkey ***keysp, int *nkeys)
394{ 396{
395 CK_OBJECT_CLASS pubkey_class = CKO_PUBLIC_KEY; 397 CK_OBJECT_CLASS pubkey_class = CKO_PUBLIC_KEY;
396 CK_OBJECT_CLASS cert_class = CKO_CERTIFICATE; 398 CK_OBJECT_CLASS cert_class = CKO_CERTIFICATE;
@@ -422,12 +424,12 @@ pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx,
422} 424}
423 425
424static int 426static int
425pkcs11_key_included(Key ***keysp, int *nkeys, Key *key) 427pkcs11_key_included(struct sshkey ***keysp, int *nkeys, struct sshkey *key)
426{ 428{
427 int i; 429 int i;
428 430
429 for (i = 0; i < *nkeys; i++) 431 for (i = 0; i < *nkeys; i++)
430 if (key_equal(key, (*keysp)[i])) 432 if (sshkey_equal(key, (*keysp)[i]))
431 return (1); 433 return (1);
432 return (0); 434 return (0);
433} 435}
@@ -435,9 +437,9 @@ pkcs11_key_included(Key ***keysp, int *nkeys, Key *key)
435static int 437static int
436pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx, 438pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx,
437 CK_ATTRIBUTE filter[], CK_ATTRIBUTE attribs[3], 439 CK_ATTRIBUTE filter[], CK_ATTRIBUTE attribs[3],
438 Key ***keysp, int *nkeys) 440 struct sshkey ***keysp, int *nkeys)
439{ 441{
440 Key *key; 442 struct sshkey *key;
441 RSA *rsa; 443 RSA *rsa;
442 X509 *x509; 444 X509 *x509;
443 EVP_PKEY *evp; 445 EVP_PKEY *evp;
@@ -517,16 +519,16 @@ pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx,
517 } 519 }
518 if (rsa && rsa->n && rsa->e && 520 if (rsa && rsa->n && rsa->e &&
519 pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) { 521 pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) {
520 key = key_new(KEY_UNSPEC); 522 key = sshkey_new(KEY_UNSPEC);
521 key->rsa = rsa; 523 key->rsa = rsa;
522 key->type = KEY_RSA; 524 key->type = KEY_RSA;
523 key->flags |= SSHKEY_FLAG_EXT; 525 key->flags |= SSHKEY_FLAG_EXT;
524 if (pkcs11_key_included(keysp, nkeys, key)) { 526 if (pkcs11_key_included(keysp, nkeys, key)) {
525 key_free(key); 527 sshkey_free(key);
526 } else { 528 } else {
527 /* expand key array and add key */ 529 /* expand key array and add key */
528 *keysp = xrealloc(*keysp, *nkeys + 1, 530 *keysp = xrealloc(*keysp, *nkeys + 1,
529 sizeof(Key *)); 531 sizeof(struct sshkey *));
530 (*keysp)[*nkeys] = key; 532 (*keysp)[*nkeys] = key;
531 *nkeys = *nkeys + 1; 533 *nkeys = *nkeys + 1;
532 debug("have %d keys", *nkeys); 534 debug("have %d keys", *nkeys);
@@ -544,7 +546,7 @@ pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx,
544 546
545/* register a new provider, fails if provider already exists */ 547/* register a new provider, fails if provider already exists */
546int 548int
547pkcs11_add_provider(char *provider_id, char *pin, Key ***keyp) 549pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp)
548{ 550{
549 int nkeys, need_finalize = 0; 551 int nkeys, need_finalize = 0;
550 struct pkcs11_provider *p = NULL; 552 struct pkcs11_provider *p = NULL;
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-14 08:49:35 +0000