Bugzilla – Attachment 1836 Details for
Bug 1736
OpenSSH doesn't seem to work with my MuscleCard PKCS#11 library
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
try to find private key object w/CKA_SIGN first, retry w/o
retry.dif (text/plain), 2.58 KB, created by
Markus Friedl
on 2010-04-13 07:40:49 AEST
(
hide
)
Description:
try to find private key object w/CKA_SIGN first, retry w/o
Filename:
MIME Type:
Creator:
Markus Friedl
Created:
2010-04-13 07:40:49 AEST
Size:
2.58 KB
patch
obsolete
>Index: ssh-pkcs11.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/ssh-pkcs11.c,v >retrieving revision 1.4 >diff -u -p -u -r1.4 ssh-pkcs11.c >--- ssh-pkcs11.c 24 Feb 2010 06:12:53 -0000 1.4 >+++ ssh-pkcs11.c 12 Apr 2010 21:31:45 -0000 >@@ -181,6 +181,33 @@ pkcs11_rsa_finish(RSA *rsa) > return (rv); > } > >+/* find a single 'obj' for given attributes */ >+static int >+pkcs11_find(struct pkcs11_provider *p, CK_ULONG slotidx, CK_ATTRIBUTE *attr, >+ CK_ULONG nattr, CK_OBJECT_HANDLE *obj) >+{ >+ CK_FUNCTION_LIST *f; >+ CK_SESSION_HANDLE session; >+ CK_ULONG nfound = 0; >+ CK_RV rv; >+ int ret = -1; >+ >+ f = p->function_list; >+ session = p->slotinfo[slotidx].session; >+ if ((rv = f->C_FindObjectsInit(session, attr, nattr)) != CKR_OK) { >+ error("C_FindObjectsInit failed: %lu", rv); >+ return (-1); >+ } >+ if ((rv = f->C_FindObjects(session, obj, 1, &nfound)) != CKR_OK || >+ nfound != 1) >+ debug("C_FindObjects failed (%lu nfound): %lu", nfound, rv); >+ else >+ ret = 0; >+ if ((rv = f->C_FindObjectsFinal(session)) != CKR_OK) >+ error("C_FindObjectsFinal failed: %lu", rv); >+ return (ret); >+} >+ > /* openssl callback doing the actual signing operation */ > static int > pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, >@@ -190,7 +217,7 @@ pkcs11_rsa_private_encrypt(int flen, con > struct pkcs11_slotinfo *si; > CK_FUNCTION_LIST *f; > CK_OBJECT_HANDLE obj; >- CK_ULONG tlen = 0, nfound = 0; >+ CK_ULONG tlen = 0; > CK_RV rv; > CK_OBJECT_CLASS private_key_class = CKO_PRIVATE_KEY; > CK_BBOOL true = CK_TRUE; >@@ -236,13 +263,10 @@ pkcs11_rsa_private_encrypt(int flen, con > } > key_filter[1].pValue = k11->keyid; > key_filter[1].ulValueLen = k11->keyid_len; >- if ((rv = f->C_FindObjectsInit(si->session, key_filter, 3)) != CKR_OK) { >- error("C_FindObjectsInit failed: %lu", rv); >- return (-1); >- } >- if ((rv = f->C_FindObjects(si->session, &obj, 1, &nfound)) != CKR_OK || >- nfound != 1) { >- error("C_FindObjects failed (%lu nfound): %lu", nfound, rv); >+ /* try to find object w/CKA_SIGN first, retry w/o */ >+ if (pkcs11_find(k11->provider, k11->slotidx, key_filter, 3, &obj) < 0 || >+ pkcs11_find(k11->provider, k11->slotidx, key_filter, 2, &obj) < 0) { >+ error("cannot find private key"); > } else if ((rv = f->C_SignInit(si->session, &mech, obj)) != CKR_OK) { > error("C_SignInit failed: %lu", rv); > } else { >@@ -254,8 +278,6 @@ pkcs11_rsa_private_encrypt(int flen, con > else > error("C_Sign failed: %lu", rv); > } >- if ((rv = f->C_FindObjectsFinal(si->session)) != CKR_OK) >- error("C_FindObjectsFinal failed: %lu", rv); > return (rval); > } >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1836">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1736
:
1812
|
1813
|
1814
|
1829
|
1835
|
1836
|
1837