From 7ea845e48df6d34a333ebbe79380cba0938d02a5 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 12 Feb 2010 09:21:02 +1100 Subject: - markus@cvs.openbsd.org 2010/02/08 10:50:20 [pathnames.h readconf.c readconf.h scp.1 sftp.1 ssh-add.1 ssh-add.c] [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config.5] replace our obsolete smartcard code with PKCS#11. ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11 provider (shared library) while ssh-agent(1) delegates PKCS#11 to a forked a ssh-pkcs11-helper process. PKCS#11 is currently a compile time option. feedback and ok djm@; inspired by patches from Alon Bar-Lev ` --- ssh-pkcs11.h | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 ssh-pkcs11.h (limited to 'ssh-pkcs11.h') diff --git a/ssh-pkcs11.h b/ssh-pkcs11.h new file mode 100644 index 000000000..fae41a7b5 --- /dev/null +++ b/ssh-pkcs11.h @@ -0,0 +1,19 @@ +/* + * Copyright (c) 2010 Markus Friedl. All rights reserved. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ +int pkcs11_init(int); +void pkcs11_terminate(void); +int pkcs11_add_provider(char *, char *, Key ***); +int pkcs11_del_provider(char *); -- cgit v1.2.3 From 05abd2c96876b959f4a2f71671652064fcedda0d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 24 Feb 2010 17:16:08 +1100 Subject: - (djm) [pkcs11.h ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c] [ssh-pkcs11.h] Add $OpenBSD$ RCS idents so we can sync portable --- ChangeLog | 4 ++++ pkcs11.h | 1 + ssh-pkcs11-client.c | 1 + ssh-pkcs11-helper.c | 1 + ssh-pkcs11.c | 1 + ssh-pkcs11.h | 1 + 6 files changed, 9 insertions(+) (limited to 'ssh-pkcs11.h') diff --git a/ChangeLog b/ChangeLog index 83259b5fd..ac08efa4b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20100224 + - (djm) [pkcs11.h ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c] + [ssh-pkcs11.h] Add $OpenBSD$ RCS idents so we can sync portable + 20100212 - (djm) OpenBSD CVS Sync - djm@cvs.openbsd.org 2010/02/02 22:49:34 diff --git a/pkcs11.h b/pkcs11.h index 223f20ff3..2cde5b3f4 100644 --- a/pkcs11.h +++ b/pkcs11.h @@ -1,3 +1,4 @@ +/* $OpenBSD: pkcs11.h,v 1.2 2010/02/24 06:12:53 djm Exp $ */ /* pkcs11.h Copyright 2006, 2007 g10 Code GmbH Copyright 2006 Andreas Jellinghaus diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c index 37050e04d..650c37342 100644 --- a/ssh-pkcs11-client.c +++ b/ssh-pkcs11-client.c @@ -1,3 +1,4 @@ +/* $OpenBSD: ssh-pkcs11-client.c,v 1.2 2010/02/24 06:12:53 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c index 3b44f7c30..1684ab0c2 100644 --- a/ssh-pkcs11-helper.c +++ b/ssh-pkcs11-helper.c @@ -1,3 +1,4 @@ +/* $OpenBSD: ssh-pkcs11-helper.c,v 1.3 2010/02/24 06:12:53 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index 821e9f840..7536f92a6 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -1,3 +1,4 @@ +/* $OpenBSD: ssh-pkcs11.c,v 1.4 2010/02/24 06:12:53 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * diff --git a/ssh-pkcs11.h b/ssh-pkcs11.h index fae41a7b5..59f456adf 100644 --- a/ssh-pkcs11.h +++ b/ssh-pkcs11.h @@ -1,3 +1,4 @@ +/* $OpenBSD: ssh-pkcs11.h,v 1.2 2010/02/24 06:12:53 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * -- cgit v1.2.3