diff options
author | djm@openbsd.org <djm@openbsd.org> | 2020-01-25 00:03:36 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2020-01-25 11:35:55 +1100 |
commit | 89a8d4525e8edd9958ed3df60cf683551142eae0 (patch) | |
tree | 5251d0355691f30dca76d17724dd0d2123285e6e /ssh-pkcs11-helper.c | |
parent | a8c05c640873621681ab64d2e47a314592d5efa2 (diff) | |
download | openssh-git-89a8d4525e8edd9958ed3df60cf683551142eae0.tar.gz |
upstream: expose PKCS#11 key labels/X.509 subjects as comments
Extract the key label or X.509 subject string when PKCS#11 keys
are retrieved from the token and plumb this through to places where
it may be used as a comment.
based on https://github.com/openssh/openssh-portable/pull/138
by Danielle Church
feedback and ok markus@
OpenBSD-Commit-ID: cae1fda10d9e10971dea29520916e27cfec7ca35
Diffstat (limited to 'ssh-pkcs11-helper.c')
-rw-r--r-- | ssh-pkcs11-helper.c | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c index 219ce9b5..17220d62 100644 --- a/ssh-pkcs11-helper.c +++ b/ssh-pkcs11-helper.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11-helper.c,v 1.21 2019/09/06 05:23:55 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11-helper.c,v 1.22 2020/01/25 00:03:36 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * @@ -50,7 +50,7 @@ struct pkcs11_keyinfo { struct sshkey *key; - char *providername; + char *providername, *label; TAILQ_ENTRY(pkcs11_keyinfo) next; }; @@ -63,13 +63,14 @@ struct sshbuf *iqueue; struct sshbuf *oqueue; static void -add_key(struct sshkey *k, char *name) +add_key(struct sshkey *k, char *name, char *label) { struct pkcs11_keyinfo *ki; ki = xcalloc(1, sizeof(*ki)); ki->providername = xstrdup(name); ki->key = k; + ki->label = xstrdup(label); TAILQ_INSERT_TAIL(&pkcs11_keylist, ki, next); } @@ -83,6 +84,7 @@ del_keys_by_name(char *name) if (!strcmp(ki->providername, name)) { TAILQ_REMOVE(&pkcs11_keylist, ki, next); free(ki->providername); + free(ki->label); sshkey_free(ki->key); free(ki); } @@ -96,7 +98,7 @@ lookup_key(struct sshkey *k) struct pkcs11_keyinfo *ki; TAILQ_FOREACH(ki, &pkcs11_keylist, next) { - debug("check %p %s", ki, ki->providername); + debug("check %p %s %s", ki, ki->providername, ki->label); if (sshkey_equal(k, ki->key)) return (ki->key); } @@ -121,13 +123,14 @@ process_add(void) u_char *blob; size_t blen; struct sshbuf *msg; + char **labels = NULL; if ((msg = sshbuf_new()) == NULL) fatal("%s: sshbuf_new failed", __func__); if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 || (r = sshbuf_get_cstring(iqueue, &pin, NULL)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); - if ((nkeys = pkcs11_add_provider(name, pin, &keys)) > 0) { + if ((nkeys = pkcs11_add_provider(name, pin, &keys, &labels)) > 0) { if ((r = sshbuf_put_u8(msg, SSH2_AGENT_IDENTITIES_ANSWER)) != 0 || (r = sshbuf_put_u32(msg, nkeys)) != 0) @@ -139,11 +142,12 @@ process_add(void) continue; } if ((r = sshbuf_put_string(msg, blob, blen)) != 0 || - (r = sshbuf_put_cstring(msg, name)) != 0) + (r = sshbuf_put_cstring(msg, labels[i])) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); free(blob); - add_key(keys[i], name); + add_key(keys[i], name, labels[i]); + free(labels[i]); } } else { if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0) @@ -151,7 +155,8 @@ process_add(void) if ((r = sshbuf_put_u32(msg, -nkeys)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); } - free(keys); + free(labels); + free(keys); /* keys themselves are transferred to pkcs11_keylist */ free(pin); free(name); send_msg(msg); |