search for: slotidx

Displaying 9 results from an estimated 9 matches for "slotidx".

2015 Mar 31
7
Wanted: smartcard with ECDSA support
Hi list, I have no idea if Damien Miller had the time to work on that. I have an initial patch to authenticate using PKCS#11 and ECDSA keys. This requires OpenSSL 1.0.2, prior OpenSSL versions do not expose the required interfaces to override the signature function pointer for ECDSA. The only limitation is that the OpenSSL API misses some cleanup function (finish, for instance), hence I have yet
2015 Mar 17
2
[patch] Updated patch for pkcs#11 smartcard readers that have a protected PIN path
...ad (CKF_PROTECTED_AUTHENTICATION_PATH) diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index c3a112f..b053332 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -255,22 +255,30 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, si = &k11->provider->slotinfo[k11->slotidx]; if ((si->token.flags & CKF_LOGIN_REQUIRED) && !si->logged_in) { if (!pkcs11_interactive) { - error("need pin"); + error("need pin%s", + (si->token.flags & CKF_PROTECTED_AUTHENTICATION_PATH) + ? " entry on reader keypad" : &q...
2016 Dec 24
30
[Bug 2652] New: PKCS11 login skipped if login required and no pin set
https://bugzilla.mindrot.org/show_bug.cgi?id=2652 Bug ID: 2652 Summary: PKCS11 login skipped if login required and no pin set Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: Smartcard Assignee:
2014 May 06
0
Supporting smartcard readers with PIN entry keypads
...uch. Thanks, Dw. diff -ur openssh-6.2p2.orig/ssh-pkcs11.c openssh-6.2p2/ssh-pkcs11.c --- openssh-6.2p2.orig/ssh-pkcs11.c 2011-09-04 11:59:26.000000000 +0200 +++ openssh-6.2p2/ssh-pkcs11.c 2014-05-06 13:03:15.000000000 +0200 @@ -256,21 +256,29 @@ si = &k11->provider->slotinfo[k11->slotidx]; if ((si->token.flags & CKF_LOGIN_REQUIRED) && !si->logged_in) { if (!pkcs11_interactive) { - error("need pin"); + error("need pin entry%s", + (si->token.flags & CKF_PROTECTED_AUTHENTICATION_PATH) ? " on reader keypad" : "&qu...
2014 May 12
0
[patch] Supporting smartcard readers with PIN entry keypads (updated against -HEAD)
...======================================== RCS file: /cvs/openssh/ssh-pkcs11.c,v retrieving revision 1.15 diff -u -w -r1.15 ssh-pkcs11.c --- ssh-pkcs11.c 20 Apr 2014 03:21:23 -0000 1.15 +++ ssh-pkcs11.c 12 May 2014 12:34:25 -0000 @@ -255,21 +255,29 @@ si = &k11->provider->slotinfo[k11->slotidx]; if ((si->token.flags & CKF_LOGIN_REQUIRED) && !si->logged_in) { if (!pkcs11_interactive) { - error("need pin"); + error("need pin entry%s", + (si->token.flags & CKF_PROTECTED_AUTHENTICATION_PATH) ? " on reader keypad" : "&...
2016 Nov 16
3
[PATCH] ssh-pkcs11: allow providing unconditional pin code for PKCS11
...s11.c +++ b/ssh-pkcs11.c @@ -42,6 +42,8 @@ #include "ssh-pkcs11.h" #include "xmalloc.h" +#define SSH_MAX_PKCS11_PIN_BYTES 128 + struct pkcs11_slotinfo { CK_TOKEN_INFO token; CK_SESSION_HANDLE session; @@ -216,6 +218,36 @@ pkcs11_find(struct pkcs11_provider *p, CK_ULONG slotidx, CK_ATTRIBUTE *attr, return (ret); } +/* read pin from a file specified in SSH_PKCS11_PINFILE if one exists */ +char * +pkcs11_read_pinfile() +{ + FILE *f; + char *pinfilename; + char buf[SSH_MAX_PKCS11_PIN_BYTES]; + int i; + + if ((pinfilename = getenv("SSH_PKCS11_PINFILE")) == NULL...
2017 Mar 02
61
[Bug 2687] New: Coverity scan fixes
https://bugzilla.mindrot.org/show_bug.cgi?id=2687 Bug ID: 2687 Summary: Coverity scan fixes Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at mindrot.org
2016 Nov 16
2
[PATCH] ssh-pkcs11: allow providing unconditional pin code for PKCS11
.../ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -42,6 +42,8 @@ #include "ssh-pkcs11.h" #include "xmalloc.h" +#define SSH_MAX_PKCS11_PIN_BYTES 128 + struct pkcs11_slotinfo { CK_TOKEN_INFO token; CK_SESSION_HANDLE session; @@ -216,6 +218,36 @@ pkcs11_find(struct pkcs11_provider *p, CK_ULONG slotidx, CK_ATTRIBUTE *attr, return (ret); } +/* read pin from a file specified in SSH_PKCS11_PINFILE if one exists */ +char * +pkcs11_read_pinfile() +{ + FILE *f; + char *pinfilename; + char buf[SSH_MAX_PKCS11_PIN_BYTES]; + int i; + + if ((pinfilename = getenv("SSH_PKCS11_PINFILE")) == NULL) +...
2014 Aug 18
15
Call for testing: OpenSSH 6.7
Hi, OpenSSH 6.7 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a big release containing a number of features, a lot of internal refactoring and some potentially-incompatible changes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: