search for: ckr_ok

...ogs from pkcs11-spy. one is for "ssh -I" the second is for "pkcs11-tool -O" In the second log there is private_key visible or offered in the first one is not. I use openssh 6.4 version on Linux or Mac. Log from ssh -I 0: C_GetFunctionList 2014-01-28 03:26:42.350 Returned: 0 CKR_OK 1: C_Initialize 2014-01-28 03:26:42.351 [in] pInitArgs = (nil) Returned: 0 CKR_OK 2: C_GetInfo 2014-01-28 03:26:42.352 [out] pInfo: cryptokiVersion: 2.20 manufacturerID: 'SafeNet, Inc. ' flags: 0 libraryDescript...

Hi list, I have no idea if Damien Miller had the time to work on that. I have an initial patch to authenticate using PKCS#11 and ECDSA keys. This requires OpenSSL 1.0.2, prior OpenSSL versions do not expose the required interfaces to override the signature function pointer for ECDSA. The only limitation is that the OpenSSL API misses some cleanup function (finish, for instance), hence I have yet

...{ snprintf(prompt, sizeof(prompt), "Enter PIN for '%s': ", si->token.label); pin = read_passphrase(prompt, RP_ALLOW_EOF); if (pin == NULL) return (-1); /* bail out */ - if ((rv = f->C_Login(si->session, CKU_USER, - (u_char *)pin, strlen(pin))) != CKR_OK) { - free(pin); + }; + if ((rv = f->C_Login(si->session, CKU_USER, pin, pin ? strlen(pin): 0)) + != CKR_OK) { + if (pin) + xfree(pin); error("C_Login failed: %lu", rv); return (-1); } - free(pin); + if (pin) + xfree(pin); si->logged_in = 1...

...uot;Enter PIN for '%s': ", + si->token.label); + pin = read_passphrase(prompt, RP_ALLOW_EOF); + if (pin == NULL) + return (-1); /* bail out */ + }; + rv = f->C_Login(si->session, CKU_USER, (u_char *)pin, pin ? strlen(pin) : 0); if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) { - free(pin); + if (pin) free(pin); error("C_Login failed: %lu", rv); return (-1); } - free(pin); + if (pin) free(pin); si->logged_in = 1; } key_filter[1].pValue = k11->keyid;

...intf(prompt, sizeof(prompt), "Enter PIN for '%s': ", + si->token.label); + pin = read_passphrase(prompt, RP_ALLOW_EOF); + if (pin == NULL) + return (-1); /* bail out */ + }; + if ((rv = f->C_Login(si->session, CKU_USER, pin, pin ? strlen(pin): 0)) != CKR_OK) { - xfree(pin); + if (pin) + xfree(pin); error("C_Login failed: %lu", rv); return (-1); - } - xfree(pin); + } + if (pin) + xfree(pin); si->logged_in = 1; } key_filter[1].pValue = k11->keyid; Only in openssh-6.2p2: ssh-pkcs11.o

http://bugzilla.mindrot.org/show_bug.cgi?id=1371 Summary: Add PKCS#11 (Smartcards) support into OpenSSH Product: Portable OpenSSH Version: 4.7p1 Platform: All URL: http://alon.barlev.googlepages.com/openssh-pkcs11 OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component:

Hi, OpenSSH 6.7 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a big release containing a number of features, a lot of internal refactoring and some potentially-incompatible changes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: