Bugzilla – Attachment 1471 Details for
Bug 1371
Add PKCS#11 (Smartcards) support into OpenSSH
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
4001_possh_pkcs11-x509.patch
4001_possh_pkcs11-x509.patch (text/plain), 2.04 KB, created by
Alon Bar-Lev
on 2008-03-07 19:44:53 AEDT
(
hide
)
Description:
4001_possh_pkcs11-x509.patch
Filename:
MIME Type:
Creator:
Alon Bar-Lev
Created:
2008-03-07 19:44:53 AEDT
Size:
2.04 KB
patch
obsolete
>[PATCH] Portable OpenSSH PKCS#11 X.509 Additions > >Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> > >--- > >--- openssh-4.7p1/pkcs11.c 2008-01-08 12:53:17.000000000 +0200 >+++ openssh-4.7p1+pkcs11-0.21/pkcs11.c 2008-01-08 12:50:46.000000000 +0200 >@@ -186,6 +186,9 @@ _pkcs11_convert_to_ssh_key(const pkcs11h > pkcs11h_openssl_session_t openssl_session = NULL; > Key *internal_key = NULL; > char *internal_comment = NULL; >+#if defined(ENABLE_PKCS11_X509) >+ X509 *x509 = NULL; >+#endif > RSA *rsa = NULL; > size_t temp; > CK_RV rv = CKR_OK; >@@ -245,11 +248,24 @@ _pkcs11_convert_to_ssh_key(const pkcs11h > goto cleanup; > } > >+#if defined(ENABLE_PKCS11_X509) >+ if ((x509 = pkcs11h_openssl_session_getX509(openssl_session)) == NULL) { >+ error("PKCS#11: Unable get certificate object"); >+ goto cleanup; >+ } >+#endif >+ > internal_key = key_new_private(KEY_UNSPEC); > internal_key->flags |= KEY_FLAG_EXT; > internal_key->rsa = rsa; > rsa = NULL; >+#if defined(ENABLE_PKCS11_X509) >+ internal_key->type = KEY_X509_RSA; >+ internal_key->x509 = x509; >+ x509 = NULL; >+#else > internal_key->type = KEY_RSA; >+#endif > > *key = internal_key; > internal_key = NULL; >@@ -257,6 +273,13 @@ _pkcs11_convert_to_ssh_key(const pkcs11h > internal_comment = NULL; > > cleanup: >+#if defined(ENABLE_PKCS11_X509) >+ if (x509 != NULL) { >+ X509_free(x509); >+ x509 = NULL; >+ } >+#endif >+ > if (internal_key != NULL) { > key_free(internal_key); > internal_key = NULL; >diff -urNp openssh-4.7p1/configure.ac openssh-4.7p1+pkcs11-0.21/configure.ac >--- openssh-4.7p1/configure.ac 2007-08-10 07:36:12.000000000 +0300 >+++ openssh-4.7p1+pkcs11-0.21/configure.ac 2007-12-29 23:59:41.000000000 +0200 >@@ -3978,6 +3992,11 @@ if test ! -z "$blibpath" ; then > AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) > fi > >+if test -n "$ssh_x509" -a "x$ssh_pkcs11" = "xyes"; then >+ PKCS11_MSG="${PKCS11_MSG} + x509" >+ AC_DEFINE(ENABLE_PKCS11_X509, 1, [Define if you want to use X509 with PKCS11]) >+fi >+ > dnl Adding -Werror to CFLAGS early prevents configure tests from running. > dnl Add now. > CFLAGS="$CFLAGS $werror_flags"
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1471">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1371
:
1444
|
1463
|
1464
|
1465
|
1466
|
1467
|
1468
|
1469
|
1470
| 1471 |
1477
|
1478
|
1484
|
1485
|
1486
|
1487
|
1488
|
1489
|
1490
|
1491
|
1492
|
1493
|
1494
|
1495
|
1496
|
1497
|
1547
|
1557
|
1558