diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2020-01-25 01:03:36 +0100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2020-01-25 01:35:55 +0100 |
| commit | 89a8d4525e8edd9958ed3df60cf683551142eae0 (patch) | |
| tree | 5251d0355691f30dca76d17724dd0d2123285e6e /ssh-pkcs11-client.c | |
| parent | upstream: tweak proctitle to include sshd arguments, as these are (diff) | |
| download | openssh-89a8d4525e8edd9958ed3df60cf683551142eae0.tar.xz openssh-89a8d4525e8edd9958ed3df60cf683551142eae0.zip | |
upstream: expose PKCS#11 key labels/X.509 subjects as comments
Extract the key label or X.509 subject string when PKCS#11 keys
are retrieved from the token and plumb this through to places where
it may be used as a comment.
based on https://github.com/openssh/openssh-portable/pull/138
by Danielle Church
feedback and ok markus@
OpenBSD-Commit-ID: cae1fda10d9e10971dea29520916e27cfec7ca35
Diffstat (limited to 'ssh-pkcs11-client.c')
| -rw-r--r-- | ssh-pkcs11-client.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c index e7860de89..8a0ffef5d 100644 --- a/ssh-pkcs11-client.c +++ b/ssh-pkcs11-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11-client.c,v 1.15 2019/01/21 12:53:35 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11-client.c,v 1.16 2020/01/25 00:03:36 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * Copyright (c) 2014 Pedro Martelletto. All rights reserved. @@ -312,11 +312,13 @@ pkcs11_start_helper(void) } int -pkcs11_add_provider(char *name, char *pin, struct sshkey ***keysp) +pkcs11_add_provider(char *name, char *pin, struct sshkey ***keysp, + char ***labelsp) { struct sshkey *k; int r, type; u_char *blob; + char *label; size_t blen; u_int nkeys, i; struct sshbuf *msg; @@ -338,16 +340,22 @@ pkcs11_add_provider(char *name, char *pin, struct sshkey ***keysp) if ((r = sshbuf_get_u32(msg, &nkeys)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); *keysp = xcalloc(nkeys, sizeof(struct sshkey *)); + if (labelsp) + *labelsp = xcalloc(nkeys, sizeof(char *)); for (i = 0; i < nkeys; i++) { /* XXX clean up properly instead of fatal() */ if ((r = sshbuf_get_string(msg, &blob, &blen)) != 0 || - (r = sshbuf_skip_string(msg)) != 0) + (r = sshbuf_get_cstring(msg, &label, NULL)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); if ((r = sshkey_from_blob(blob, blen, &k)) != 0) fatal("%s: bad key: %s", __func__, ssh_err(r)); wrap_key(k); (*keysp)[i] = k; + if (labelsp) + (*labelsp)[i] = label; + else + free(label); free(blob); } } else if (type == SSH2_AGENT_FAILURE) { |