mirror of git://anongit.mindrot.org/openssh.git
- (djm) Bug #621: Select OpenSC keys by usage attributes. Patch from
larsch@trustcenter.de
This commit is contained in:
Damien Miller
parent
49d32566c2
commit
331b6af8fa
|
|
@ -1,3 +1,7 @@
|
|||
20030825
|
||||
- (djm) Bug #621: Select OpenSC keys by usage attributes. Patch from
|
||||
larsch@trustcenter.de
|
||||
|
||||
20030822
|
||||
- (djm) s/get_progname/ssh_get_progname/g to avoid conflict with Heimdal
|
||||
-lbroken; ok dtucker
|
||||
|
|
@ -851,4 +855,4 @@
|
|||
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
|
||||
Report from murple@murple.net, diagnosis from dtucker@zip.com.au
|
||||
|
||||
$Id: ChangeLog,v 1.2898 2003/08/22 08:43:48 dtucker Exp $
|
||||
$Id: ChangeLog,v 1.2899 2003/08/25 00:58:26 djm Exp $
|
||||
|
|
|
|||
|
|
@ -110,7 +110,8 @@ err:
|
|||
/* private key operations */
|
||||
|
||||
static int
|
||||
sc_prkey_op_init(RSA *rsa, struct sc_pkcs15_object **key_obj_out)
|
||||
sc_prkey_op_init(RSA *rsa, struct sc_pkcs15_object **key_obj_out,
|
||||
unsigned int usage)
|
||||
{
|
||||
int r;
|
||||
struct sc_priv_data *priv;
|
||||
|
|
@ -130,7 +131,8 @@ sc_prkey_op_init(RSA *rsa, struct sc_pkcs15_object **key_obj_out)
|
|||
goto err;
|
||||
}
|
||||
}
|
||||
r = sc_pkcs15_find_prkey_by_id(p15card, &priv->cert_id, &key_obj);
|
||||
r = sc_pkcs15_find_prkey_by_id_usage(p15card, &priv->cert_id,
|
||||
usage, &key_obj);
|
||||
if (r) {
|
||||
error("Unable to find private key from SmartCard: %s",
|
||||
sc_strerror(r));
|
||||
|
|
@ -176,6 +178,9 @@ err:
|
|||
return -1;
|
||||
}
|
||||
|
||||
#define SC_USAGE_DECRYPT SC_PKCS15_PRKEY_USAGE_DECRYPT | \
|
||||
SC_PKCS15_PRKEY_USAGE_UNWRAP
|
||||
|
||||
static int
|
||||
sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa,
|
||||
int padding)
|
||||
|
|
@ -185,7 +190,7 @@ sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa,
|
|||
|
||||
if (padding != RSA_PKCS1_PADDING)
|
||||
return -1;
|
||||
r = sc_prkey_op_init(rsa, &key_obj);
|
||||
r = sc_prkey_op_init(rsa, &key_obj, SC_USAGE_DECRYPT);
|
||||
if (r)
|
||||
return -1;
|
||||
r = sc_pkcs15_decipher(p15card, key_obj, SC_ALGORITHM_RSA_PAD_PKCS1,
|
||||
|
|
@ -201,6 +206,9 @@ err:
|
|||
return -1;
|
||||
}
|
||||
|
||||
#define SC_USAGE_SIGN SC_PKCS15_PRKEY_USAGE_SIGN | \
|
||||
SC_PKCS15_PRKEY_USAGE_SIGNRECOVER
|
||||
|
||||
static int
|
||||
sc_sign(int type, u_char *m, unsigned int m_len,
|
||||
unsigned char *sigret, unsigned int *siglen, RSA *rsa)
|
||||
|
|
@ -209,7 +217,15 @@ sc_sign(int type, u_char *m, unsigned int m_len,
|
|||
int r;
|
||||
unsigned long flags = 0;
|
||||
|
||||
r = sc_prkey_op_init(rsa, &key_obj);
|
||||
/* XXX: sc_prkey_op_init will search for a pkcs15 private
|
||||
* key object with the sign or signrecover usage flag set.
|
||||
* If the signing key has only the non-repudiation flag set
|
||||
* the key will be rejected as using a non-repudiation key
|
||||
* for authentication is not recommended. Note: This does not
|
||||
* prevent the use of a non-repudiation key for authentication
|
||||
* if the sign or signrecover flag is set as well.
|
||||
*/
|
||||
r = sc_prkey_op_init(rsa, &key_obj, SC_USAGE_SIGN);
|
||||
if (r)
|
||||
return -1;
|
||||
/* FIXME: length of sigret correct? */
|
||||
|
|
|
|||
Loading…
Reference in New Issue