search for: ck_ulong

...Assignee: unassigned-bugs at mindrot.org Reporter: doug.springer at idahoscientific.com The PKCS11 specification is very clear on byte packing (1 byte), but openssh does not even attempt to do so for anything besides Windows. Instead, it relies on the compiler to set the size of CK_ULONG, CK_LONG to unsigned long, which may be 32 or 64 depending on system and compiler. While the PKCS11 API is painful in it's original form, it is a very simple matter to add a definition for the appropriate packed syntax, and define it for the compiler, or rely on a pragma. This should at least...

Hi list, I have no idea if Damien Miller had the time to work on that. I have an initial patch to authenticate using PKCS#11 and ECDSA keys. This requires OpenSSL 1.0.2, prior OpenSSL versions do not expose the required interfaces to override the signature function pointer for ECDSA. The only limitation is that the OpenSSL API misses some cleanup function (finish, for instance), hence I have yet

...a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -42,6 +42,8 @@ #include "ssh-pkcs11.h" #include "xmalloc.h" +#define SSH_MAX_PKCS11_PIN_BYTES 128 + struct pkcs11_slotinfo { CK_TOKEN_INFO token; CK_SESSION_HANDLE session; @@ -216,6 +218,36 @@ pkcs11_find(struct pkcs11_provider *p, CK_ULONG slotidx, CK_ATTRIBUTE *attr, return (ret); } +/* read pin from a file specified in SSH_PKCS11_PINFILE if one exists */ +char * +pkcs11_read_pinfile() +{ + FILE *f; + char *pinfilename; + char buf[SSH_MAX_PKCS11_PIN_BYTES]; + int i; + + if ((pinfilename = getenv("SSH_PKCS11_PINFILE"))...

...644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -42,6 +42,8 @@ #include "ssh-pkcs11.h" #include "xmalloc.h" +#define SSH_MAX_PKCS11_PIN_BYTES 128 + struct pkcs11_slotinfo { CK_TOKEN_INFO token; CK_SESSION_HANDLE session; @@ -216,6 +218,36 @@ pkcs11_find(struct pkcs11_provider *p, CK_ULONG slotidx, CK_ATTRIBUTE *attr, return (ret); } +/* read pin from a file specified in SSH_PKCS11_PINFILE if one exists */ +char * +pkcs11_read_pinfile() +{ + FILE *f; + char *pinfilename; + char buf[SSH_MAX_PKCS11_PIN_BYTES]; + int i; + + if ((pinfilename = getenv("SSH_PKCS11_PINFILE")) ==...

https://bugzilla.mindrot.org/show_bug.cgi?id=2652 Bug ID: 2652 Summary: PKCS11 login skipped if login required and no pin set Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: Smartcard Assignee:

https://bugzilla.mindrot.org/show_bug.cgi?id=2687 Bug ID: 2687 Summary: Coverity scan fixes Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at mindrot.org