Displaying 14 results from an estimated 14 matches for "pkcs11_provider".
2015 Mar 31
7
Wanted: smartcard with ECDSA support
Hi list,
I have no idea if Damien Miller had the time to work on that.
I have an initial patch to authenticate using PKCS#11 and ECDSA keys.
This requires OpenSSL 1.0.2, prior OpenSSL versions do not expose the
required interfaces to override the signature function pointer for ECDSA.
The only limitation is that the OpenSSL API misses some cleanup function
(finish, for instance), hence I have yet
2012 Feb 12
0
PATCH: multiple BindAddress
...BindAddress:
- charptr = &options->bind_address;
- goto parse_string;
+ cpptr = (char**)&options->bind_addresses;
+ uintptr = &options->num_bind_address;
+ max_entries =SSH_MAX_BIND_ADDRESSES;
+ goto parse_char_array;
case oPKCS11Provider:
charptr = &options->pkcs11_provider;
@@ -1176,7 +1178,7 @@ initialize_options(Options * options)
options->clear_forwardings = -1;
options->log_level = SYSLOG_LEVEL_NOT_SET;
options->preferred_authentications = NULL;
- options->bind_address = NULL;
+ options->num_bind_address = 0;
options->pkcs11_provider = N...
2011 Jul 17
2
openSSH 5.8p2 BindPort patch
...ovider },
{ "pkcs11provider", oPKCS11Provider },
@@ -634,6 +635,10 @@ parse_string:
charptr = &options->bind_address;
goto parse_string;
+ case oBindPort:
+ charptr = &options->bind_port;
+ goto parse_string;
+
case oPKCS11Provider:
charptr = &options->pkcs11_provider;
goto parse_string;
@@ -1133,6 +1138,7 @@ initialize_options(Options * options)
options->log_level = SYSLOG_LEVEL_NOT_SET;
options->preferred_authentications = NULL;
options->bind_address = NULL;
+ options->bind_port = NULL;
options->pkcs11_provider = NULL;
options->e...
2016 Dec 24
30
[Bug 2652] New: PKCS11 login skipped if login required and no pin set
https://bugzilla.mindrot.org/show_bug.cgi?id=2652
Bug ID: 2652
Summary: PKCS11 login skipped if login required and no pin set
Product: Portable OpenSSH
Version: 7.4p1
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Smartcard
Assignee:
2013 Mar 22
4
Announce: OpenSSH 6.2 released
...y an AuthorizedKeysCommandUser sshd_config(5) option.
* sftp-server(8): Now supports a -d option to allow the starting
directory to be something other than the user's home directory.
* ssh-keygen(1): Now allows fingerprinting of keys hosted in PKCS#11
tokens using "ssh-keygen -lD pkcs11_provider".
* ssh(1): When SSH protocol 2 only is selected (the default), ssh(1)
now immediately sends its SSH protocol banner to the server without
waiting to receive the server's banner, saving time when connecting.
* ssh(1): Added ~v and ~V escape sequences to raise and lower the
log...
2016 Nov 16
3
[PATCH] ssh-pkcs11: allow providing unconditional pin code for PKCS11
....f75b201 100644
--- a/ssh-pkcs11.c
+++ b/ssh-pkcs11.c
@@ -42,6 +42,8 @@
#include "ssh-pkcs11.h"
#include "xmalloc.h"
+#define SSH_MAX_PKCS11_PIN_BYTES 128
+
struct pkcs11_slotinfo {
CK_TOKEN_INFO token;
CK_SESSION_HANDLE session;
@@ -216,6 +218,36 @@ pkcs11_find(struct pkcs11_provider *p, CK_ULONG slotidx, CK_ATTRIBUTE *attr,
return (ret);
}
+/* read pin from a file specified in SSH_PKCS11_PINFILE if one exists */
+char *
+pkcs11_read_pinfile()
+{
+ FILE *f;
+ char *pinfilename;
+ char buf[SSH_MAX_PKCS11_PIN_BYTES];
+ int i;
+
+ if ((pinfilename = getenv("SSH_PKCS11_PI...
2013 Mar 22
0
Announce: OpenSSH 6.2 released
...y an AuthorizedKeysCommandUser sshd_config(5) option.
* sftp-server(8): Now supports a -d option to allow the starting
directory to be something other than the user's home directory.
* ssh-keygen(1): Now allows fingerprinting of keys hosted in PKCS#11
tokens using "ssh-keygen -lD pkcs11_provider".
* ssh(1): When SSH protocol 2 only is selected (the default), ssh(1)
now immediately sends its SSH protocol banner to the server without
waiting to receive the server's banner, saving time when connecting.
* ssh(1): Added ~v and ~V escape sequences to raise and lower the
log...
2024 Apr 25
1
[PATCH] Enable ssh_config to set LogPath option (-E)
ssh client has the ability to set the destination of debug logs via the `-E` flag. ssh_config lacks an equivalent keyword to set the same option via configs.
This patch follows the same semantics of other `*Path` type keywords and creates a new ssh_config keyword `LogPath`.
[0] Bugzilla: https://bugzilla.mindrot.org/show_bug.cgi?id=3683
[1] GitHub PR:
2016 Nov 16
2
[PATCH] ssh-pkcs11: allow providing unconditional pin code for PKCS11
...aaf712d..f75b201 100644
--- a/ssh-pkcs11.c
+++ b/ssh-pkcs11.c
@@ -42,6 +42,8 @@
#include "ssh-pkcs11.h"
#include "xmalloc.h"
+#define SSH_MAX_PKCS11_PIN_BYTES 128
+
struct pkcs11_slotinfo {
CK_TOKEN_INFO token;
CK_SESSION_HANDLE session;
@@ -216,6 +218,36 @@ pkcs11_find(struct pkcs11_provider *p, CK_ULONG slotidx, CK_ATTRIBUTE *attr,
return (ret);
}
+/* read pin from a file specified in SSH_PKCS11_PINFILE if one exists */
+char *
+pkcs11_read_pinfile()
+{
+ FILE *f;
+ char *pinfilename;
+ char buf[SSH_MAX_PKCS11_PIN_BYTES];
+ int i;
+
+ if ((pinfilename = getenv("SSH_PKCS11_PINFIL...
2012 Dec 21
0
File Attachments for previous bug report
...,8 +1509,8 @@
#endif /* PKCS11 */
n_ids = 0;
- bzero(identity_files, sizeof(identity_files));
- bzero(identity_keys, sizeof(identity_keys));
+ memset(identity_files, 0, sizeof(identity_files));
+ memset(identity_keys, 0, sizeof(identity_keys));
#ifdef ENABLE_PKCS11
if (options.pkcs11_provider != NULL &&
@@ -1584,9 +1584,9 @@
memcpy(options.identity_files, identity_files, sizeof(identity_files));
memcpy(options.identity_keys, identity_keys, sizeof(identity_keys));
- bzero(pwname, strlen(pwname));
+ memset(pwname, 0, strlen(pwname));
xfree(pwname);
- bzero(pwdir, str...
2012 Dec 20
4
Deprecated calls to bzero() and index() found in OpenSSH 6.1p1
...PKCS11 */
n_ids = 0;
- bzero(identity_files, sizeof(identity_files));
- bzero(identity_keys, sizeof(identity_keys));
+ memset(identity_files, 0, sizeof(identity_files));
+ memset(identity_keys, 0, sizeof(identity_keys));
#ifdef ENABLE_PKCS11
if (options.pkcs11_provider != NULL &&
@@ -1584,9 +1584,9 @@
memcpy(options.identity_files, identity_files,
sizeof(identity_files));
memcpy(options.identity_keys, identity_keys, sizeof(identity_keys));
- bzero(pwname, strlen(pwname));
+ memset(pwname, 0, strlen(pwname));
xfree(pwn...
2013 Feb 26
16
Call for testing: OpenSSH-6.2
...y an AuthorizedKeysCommandUser sshd_config(5) option.
* sftp-server(8): Now supports a -d option to allow the starting
directory to be something other than the user's home directory.
* ssh-keygen(1): Now allows fingerprinting of keys hosted in PKCS#11
tokens using "ssh-keygen -lD pkcs11_provider".
* ssh(1): When SSH protocol 2 only is selected (the default), ssh(1)
now immediately sends its SSH protocol banner to the server without
waiting to receive the server's banner, saving time when connecting.
* ssh(1): Added ~v and ~V escape sequences to raise and lower the
log...
2017 Mar 02
64
[Bug 2687] New: Coverity scan fixes
https://bugzilla.mindrot.org/show_bug.cgi?id=2687
Bug ID: 2687
Summary: Coverity scan fixes
Product: Portable OpenSSH
Version: 7.4p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: Miscellaneous
Assignee: unassigned-bugs at mindrot.org
2007 Sep 29
64
[Bug 1371] New: Add PKCS#11 (Smartcards) support into OpenSSH
http://bugzilla.mindrot.org/show_bug.cgi?id=1371
Summary: Add PKCS#11 (Smartcards) support into OpenSSH
Product: Portable OpenSSH
Version: 4.7p1
Platform: All
URL: http://alon.barlev.googlepages.com/openssh-pkcs11
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: