Mailing List Archive

https://bugzilla.mindrot.org/show_bug.cgi?id=1371





--- Comment #21 from Alon Bar-Lev <alon.barlev@gmail.com> 2008-04-25 04:48:27 ---
Created an attachment (id=1485)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=1485)
2004_all_pkcs11-scp-man.patch

[PATCH] scp PKCS#11 parameter addition

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=1371





--- Comment #22 from Alon Bar-Lev <alon.barlev@gmail.com> 2008-04-25 04:49:27 ---
Created an attachment (id=1486)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=1486)
2000_all_pkcs11-docs.patch

Update ChangeLog

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=1371


Alon Bar-Lev <alon.barlev@gmail.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #1477|0 |1
is obsolete| |




--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=1371


Alon Bar-Lev <alon.barlev@gmail.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #1463|0 |1
is obsolete| |




--- Comment #23 from Alon Bar-Lev <alon.barlev@gmail.com> 2008-04-25 04:51:49 ---
Created an attachment (id=1487)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=1487)
0000_README.patch

[PATCH] OpenSSH and Portable OpenSSH Smartcard (PKCS#11) Support

Update patch list.

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=1371





--- Comment #24 from Damien Miller <djm@mindrot.org> 2008-04-26 18:46:59 ---
(From update of attachment 1467)

Is there a reason behind having to add providers before adding
identities? I think it would be less cumbersome to specify the
provider+key in one go. The common case would be adding all the keys in
a provider, right?

>diff -urNp ssh.org/pkcs11.c ssh/pkcs11.c
>--- ssh.org/pkcs11.c 1970-01-01 02:00:00.000000000 +0200
>+++ ssh/pkcs11.c 2008-01-09 13:26:02.000000000 +0200
>@@ -0,0 +1,944 @@
>+/*
>+ * Copyright(c) 2005-2006 Alon Bar-Lev. All rights reserved.
>+ *
>+ * The _ssh_from_x509 is dirived of Tatu and Markus work.
>+ * Copyright(c) 2006 Alon bar-Lev <alon.barlev@gmail.com>. All rights reserved.
>+ * Copyright(c) 2000, 2001 Markus Friedl. All rights reserved.
>+ * Copyright(c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland

I don't think Tatu Ylonen ever used the BSD license. If code is derived
from his sources, it is absolutely essential that his license is
preserved.

>+static char *
>+_ssh_from_x509(X509 *);
>+
>+static time_t
>+__mytime(void)
>+{
>+ return time(NULL);
>+}
>+
>+static void
>+__mysleep(const unsigned long usec)
>+{
>+ usleep((unsigned)usec);
>+}
>+
>+static int
>+__mygettimeofday(struct timeval *tv)
>+{
>+ return gettimeofday(tv, NULL);
>+}

Please do not prefix functions with underscores, declaring them static
is enough.

>+static void
>+_pkcs11_openssh_log(void *const global_data, unsigned flags,
>+ const char *const format, va_list args)
>+{
>+ (void) global_data;

Please do not avoid compiler warnings like this. Just add a comment "/*
ARGSUSED */" before each function that does not use all its arguments.

>+static PKCS11H_BOOL
>+_pkcs11_ssh_pin_prompt(void *const global_data,
>+ void *const user_data, const pkcs11h_token_id_t token,
>+ const unsigned retry, char *const pin, const size_t pin_max)
>+{
>+ char prompt[1024];
>+ char *passphrase = NULL;
>+ PKCS11H_BOOL ret = FALSE;
>+
>+ (void) global_data;
>+ (void) user_data;
>+ (void) retry;
>+
>+ if (snprintf(prompt, sizeof(prompt), "Please enter PIN for token '%s': ",
>+ token->display) < 0)
>+ goto cleanup;
>+
>+ passphrase = read_passphrase(prompt, RP_ALLOW_EOF);
>+
>+ if (passphrase == NULL || strlen(passphrase) == 0 ||
>+ strlen(passphrase) > pin_max-1)
>+ goto cleanup;
>+
>+ strncpy(pin, passphrase, pin_max);

Please use strlcpy here. If you need the trailing bytes of pin zeroed,
then please use an explicit bzero() call.

>+static int
>+_pkcs11_convert_to_ssh_key(const pkcs11h_certificate_id_t certificate_id, Key **const key,
>+ char **const comment, const int pin_cache_period)
...
>+ if ((rv = pkcs11h_certificate_getCertificateBlob(certificate,
>+ NULL, &temp)) != CKR_OK) {

What is the purpose of this function call? You don't every receive a
certificate blob and you don't use the blob length. Is it just to
ensure that the provider is able to return a certificate?

>+ if ((rv = pkcs11h_certificate_getCertificateId(certificate,
>+ &certificate_id_new)) != CKR_OK) {

Why duplicate the certificate ID?

(Sorry if these are obvious questions, but I can't find any
documentation on pkcs11-helper other than some doxygen stuff that
doesn't tell much much more than the headers themselves)

>+PKCS11Provider *
>+pkcs11_parse_provider(const char *const info)
...
>+ /*
>+ * provider[:protected_authentication[:private_mode[:cert_is_private]]]
>+ * string:1|0:hex:1|0
>+ */

Is this complexity needed? Under what circumstances will users need to
specify more than just "provider"?

>+int
>+pkcs11_get_key(const PKCS11Id *const id, Key **const key,
>+ char **const comment)
...
>+ if (id->cert_file != NULL && id->cert_file[0] != '\x0') {

Where does the cert_file come from? Is it created implicitly by the
library? Does it need to be cleaned up?

>+int
>+pkcs11_get_keys(Key ***const keys, char ***const comments)
...
>+ if((internal_keys = xmalloc((PKCS11_MAX_KEYS+1)*sizeof(*internal_keys))) == NULL) {

Please use xcalloc() instead of xmalloc(x * y).

>+void
>+pkcs11_show_ids(void)

Can some of this (perhaps just provider & DN) go into the comment, so
"ssh-keygen -l" does the right thing automatically?

>+static char *
>+_ssh_from_x509(X509 * x509)
>+{
>+#define PUT_32BIT(cp, value) ( \
>+ (cp)[0] = (unsigned char)((value) >> 24), \
>+ (cp)[1] = (unsigned char)((value) >> 16), \
>+ (cp)[2] = (unsigned char)((value) >> 8), \
>+ (cp)[3] = (unsigned char)((value) >> 0) )

Please use put_u32() in misc.[ch] if you need it at all (see below).

>+ bytes_name = strlen(keyname);
>+ bytes_exponent = (size_t)BN_num_bytes(pubkey->pkey.rsa->e);
>+ bytes_modulus = (size_t)BN_num_bytes(pubkey->pkey.rsa->n);
>+
>+ blobsize = (4 + bytes_name + 4 + ((unsigned)bytes_exponent + 1) + 4 +
>+ ((unsigned)bytes_modulus + 1) + 1);
>+
>+ if ((blob = (unsigned char *) xmalloc(blobsize)) == NULL)
>+ goto cleanup;
>+
>+ if ((buffer = (unsigned char *) xmalloc(blobsize)) == NULL)
>+ goto cleanup;
>+
>+ bp = blob;
>+
>+ PUT_32BIT(bp, bytes_name), bp += 4;
>+ memcpy(bp, keyname, bytes_name), bp += (ssize_t)bytes_name;
>+
>+ BN_bn2bin(pubkey->pkey.rsa->e, buffer);
>+ if (buffer[0] & 0x80) {
>+ // highest bit set would indicate a negative number.
>+ // to avoid this, we have to spend an extra byte:
>+ PUT_32BIT(bp, bytes_exponent + 1), bp += 4;
>+ *(bp++) = 0;
>+ } else
>+ PUT_32BIT(bp, bytes_exponent), bp += 4;
>+
>+ memcpy(bp, buffer, bytes_exponent), bp += (ssize_t)bytes_exponent;
>+
>+ BN_bn2bin(pubkey->pkey.rsa->n, buffer);
>+ if (buffer[0] & 0x80) {
>+ PUT_32BIT(bp, bytes_modulus + 1), bp += 4;
>+ *(bp++) = 0;
>+ } else
>+ PUT_32BIT(bp, bytes_modulus), bp += 4;
>+
>+ memcpy(bp, buffer, bytes_modulus), bp += (ssize_t)bytes_modulus;

Please use the OpenSSH buffer.h functions here, they do all the math
for you:

Buffer b;

buffer_init(&b);
buffer_put_cstring(&b, keyname);
buffer_put_bignum2(&b, pubkey->pkey.rsa->e);
buffer_put_bignum2(&b, pubkey->pkey.rsa->n);
if (BIO_write(bio2, buffer_ptr(&b), buffer_len(&b)) == -1)
goto cleanup;


>+ if ((n = BIO_read(bio, ret + (ssize_t)strlen(ret),
>+ (int)(retsize - strlen(ret) - 1))) == -1)
>+ goto cleanup;

What are you reading back here?

>diff -urNp ssh.org/pkcs11.h ssh/pkcs11.h
>--- ssh.org/pkcs11.h 1970-01-01 02:00:00.000000000 +0200
>+++ ssh/pkcs11.h 2008-01-09 12:59:05.000000000 +0200
...
>+typedef struct {
>+ char *provider;
>+ int protected_authentication;
>+ unsigned private_mode;
>+ int cert_is_private;
>+} PKCS11Provider;
>+
>+typedef struct {
>+ char *id;
>+ int pin_cache_period;
>+ char *cert_file;
>+} PKCS11Id;

Unless you need to follow some external naming convention, please use
all lowercase names, e.g. "struct pkcs11_provider".

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=1371


Alon Bar-Lev <alon.barlev@gmail.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #1467|0 |1
is obsolete| |




--- Comment #25 from Alon Bar-Lev <alon.barlev@gmail.com> 2008-04-26 21:14:42 ---
Created an attachment (id=1488)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=1488)
2001_all_pkcs11.patch

Updated per comments.

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=1371





--- Comment #26 from Alon Bar-Lev <alon.barlev@gmail.com> 2008-04-26 21:29:11 ---

Thank you for reviewing this!

(In reply to comment #24)
> (From update of attachment 1467 [details])
>
> Is there a reason behind having to add providers before adding
> identities?

The public key is read from the token, so it would be easier for people
to use the data stored on the token. I have alternative of specifying a
file containting the public key, so token is not required.

> I think it would be less cumbersome to specify the
> provider+key in one go. The common case would be adding all the keys in
> a provider, right?

I believe users would like to add only authentication keys into the
agent.
Adding signature keys that have some law consequences automatically
would make some users fear the interface.

>
> >diff -urNp ssh.org/pkcs11.c ssh/pkcs11.c
> >--- ssh.org/pkcs11.c 1970-01-01 02:00:00.000000000 +0200
> >+++ ssh/pkcs11.c 2008-01-09 13:26:02.000000000 +0200
> >@@ -0,0 +1,944 @@
> >+/*
> >+ * Copyright(c) 2005-2006 Alon Bar-Lev. All rights reserved.
> >+ *
> >+ * The _ssh_from_x509 is dirived of Tatu and Markus work.
> >+ * Copyright(c) 2006 Alon bar-Lev <alon.barlev@gmail.com>. All rights reserved.
> >+ * Copyright(c) 2000, 2001 Markus Friedl. All rights reserved.
> >+ * Copyright(c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
>
> I don't think Tatu Ylonen ever used the BSD license. If code is derived
> from his sources, it is absolutely essential that his license is
> preserved.

He did.
But as per your later comments, nothing is left from his source, so I
removed his copyright.

> >+static char *
> >+_ssh_from_x509(X509 *);
> >+
> >+static time_t
> >+__mytime(void)
> >+{
> >+ return time(NULL);
> >+}
> >+
> >+static void
> >+__mysleep(const unsigned long usec)
> >+{
> >+ usleep((unsigned)usec);
> >+}
> >+
> >+static int
> >+__mygettimeofday(struct timeval *tv)
> >+{
> >+ return gettimeofday(tv, NULL);
> >+}
>
> Please do not prefix functions with underscores, declaring them static
> is enough.

Done.

> >+static void
> >+_pkcs11_openssh_log(void *const global_data, unsigned flags,
> >+ const char *const format, va_list args)
> >+{
> >+ (void) global_data;
>
> Please do not avoid compiler warnings like this. Just add a comment "/*
> ARGSUSED */" before each function that does not use all its arguments.

Done.

> >+static PKCS11H_BOOL
> >+_pkcs11_ssh_pin_prompt(void *const global_data,
> >+ void *const user_data, const pkcs11h_token_id_t token,
> >+ const unsigned retry, char *const pin, const size_t pin_max)
> >+{
> >+ char prompt[1024];
> >+ char *passphrase = NULL;
> >+ PKCS11H_BOOL ret = FALSE;
> >+
> >+ (void) global_data;
> >+ (void) user_data;
> >+ (void) retry;
> >+
> >+ if (snprintf(prompt, sizeof(prompt), "Please enter PIN for token '%s': ",
> >+ token->display) < 0)
> >+ goto cleanup;
> >+
> >+ passphrase = read_passphrase(prompt, RP_ALLOW_EOF);
> >+
> >+ if (passphrase == NULL || strlen(passphrase) == 0 ||
> >+ strlen(passphrase) > pin_max-1)
> >+ goto cleanup;
> >+
> >+ strncpy(pin, passphrase, pin_max);
>
> Please use strlcpy here. If you need the trailing bytes of pin zeroed,
> then please use an explicit bzero() call.

Done.

> >+static int
> >+_pkcs11_convert_to_ssh_key(const pkcs11h_certificate_id_t certificate_id, Key **const key,
> >+ char **const comment, const int pin_cache_period)
> ...
> >+ if ((rv = pkcs11h_certificate_getCertificateBlob(certificate,
> >+ NULL, &temp)) != CKR_OK) {
>
> What is the purpose of this function call? You don't every receive a
> certificate blob and you don't use the blob length. Is it just to
> ensure that the provider is able to return a certificate?

No, the DN is fetched at this point. So you get nice descriptive text
in ssh-add -l.

> >+ if ((rv = pkcs11h_certificate_getCertificateId(certificate,
> >+ &certificate_id_new)) != CKR_OK) {
>
> Why duplicate the certificate ID?

This gets the new id with descriptive name.

> (Sorry if these are obvious questions, but I can't find any
> documentation on pkcs11-helper other than some doxygen stuff that
> doesn't tell much much more than the headers themselves)

That's OK, I will be happy to improve this.
BTW: There is a comment:

+ /*
+ * New certificate_id is constructed from certificate
+ * blob so that it will contian the proper description.
+ */

> >+PKCS11Provider *
> >+pkcs11_parse_provider(const char *const info)
> ...
> >+ /*
> >+ * provider[:protected_authentication[:private_mode[:cert_is_private]]]
> >+ * string:1|0:hex:1|0
> >+ */
>
> Is this complexity needed? Under what circumstances will users need to
> specify more than just "provider"?

As PKCS#11 spec may be interprated differently by different developers,
there are many providers that have issues. The default values are good
for 95% of best practice, the remaining 5% needs some tweeks.

> >+int
> >+pkcs11_get_key(const PKCS11Id *const id, Key **const key,
> >+ char **const comment)
> ...
> >+ if (id->cert_file != NULL && id->cert_file[0] != '\x0') {
>
> Where does the cert_file come from? Is it created implicitly by the
> library? Does it need to be cleaned up?

The user can place the certificate in a file and use ssh-add -K ... -I
@ID@ -1 cert_file
This allows user to add key into the agent even if the token is not
available at that time.
It is usable during login script, adding all your identities.

> >+int
> >+pkcs11_get_keys(Key ***const keys, char ***const comments)
> ...
> >+ if((internal_keys = xmalloc((PKCS11_MAX_KEYS+1)*sizeof(*internal_keys))) == NULL) {
>
> Please use xcalloc() instead of xmalloc(x * y).

Done.

> >+void
> >+pkcs11_show_ids(void)
>
> Can some of this (perhaps just provider & DN) go into the comment, so
> "ssh-keygen -l" does the right thing automatically?

Already:
$ ssh-add -l
2048 86:28:63:f7:db:1b:17:7b:2c:ea:55:9b:c9:2b:02:ba /CN=Alon Bar-Lev
on Alon Bar-Lev (Default) (RSA+cert)

> Please use the OpenSSH buffer.h functions here, they do all the math
> for you:
>
> Buffer b;
>
> buffer_init(&b);
> buffer_put_cstring(&b, keyname);
> buffer_put_bignum2(&b, pubkey->pkey.rsa->e);
> buffer_put_bignum2(&b, pubkey->pkey.rsa->n);

Took a lot of effort to clean up this function.
Did not know this buffer magic.
I hope now it is OK, I agree, it is much simpler!


> >diff -urNp ssh.org/pkcs11.h ssh/pkcs11.h
> >--- ssh.org/pkcs11.h 1970-01-01 02:00:00.000000000 +0200
> >+++ ssh/pkcs11.h 2008-01-09 12:59:05.000000000 +0200
> ...
> >+typedef struct {
> >+ char *provider;
> >+ int protected_authentication;
> >+ unsigned private_mode;
> >+ int cert_is_private;
> >+} PKCS11Provider;
> >+
> >+typedef struct {
> >+ char *id;
> >+ int pin_cache_period;
> >+ char *cert_file;
> >+} PKCS11Id;
>
> Unless you need to follow some external naming convention, please use
> all lowercase names, e.g. "struct pkcs11_provider".

Done.

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=1371





--- Comment #27 from Alon Bar-Lev <alon.barlev@gmail.com> 2008-04-26 22:32:18 ---
I splitted the patch to more parts to ease reviewing in this approach.

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=1371


Alon Bar-Lev <alon.barlev@gmail.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #1487|0 |1
is obsolete| |




--- Comment #28 from Alon Bar-Lev <alon.barlev@gmail.com> 2008-04-26 22:33:29 ---
Created an attachment (id=1489)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=1489)
0000_README.patch

[PATCH] OpenSSH and Portable OpenSSH Smartcard (PKCS#11) Support

CONTENTS

Patch: 1000_all_log.patch
Descr: [PATCH] Add get_log_level()
Status: Unrelated to PKCS#11, common with X.509 patch.

Patch: 1001_all_ssh-agent-log-level.patch
Descr: [PATCH] Allow ssh-agent to have more than one debug level
Status: Unrelated to PKCS#11.

Patch: 2000_all_pkcs11-docs.patch
Descr: [PATCH] Add PKCS#11 support into OpenSSH
Status: Not to be merged.

Patch: 2001_all_pkcs11-core.patch
Descr: [PATCH] PKCS#11 core module
Status: Pending to be merged into OpenSSH and Portable OpenSSH.

Patch: 2003_all_pkcs11-scp.patch
Descr: [PATCH] scp PKCS#11 parameter addition
Status: Pending to be merged into OpenSSH and Portable OpenSSH.

Patch: 2004_all_pkcs11-scp-man.patch
Descr: [PATCH] PKCS#11 support in scp (man)
Status: Pending to be merged into OpenSSH and Portable OpenSSH.

Patch: 2005_all_pkcs11-ssh.patch
Descr: [PATCH] PKCS#11 support in ssh
Status: Pending to be merged into OpenSSH and Portable OpenSSH.

Patch: 2006_all_pkcs11-ssh-man.patch
Descr: [PATCH] PKCS#11 support in ssh (man)
Status: Pending to be merged into OpenSSH and Portable OpenSSH.

Patch: 2007_all_pkcs11-ssh-keygen.patch
Descr: [PATCH] PKCS#11 support in ssh-keygen
Status: Pending to be merged into OpenSSH and Portable OpenSSH.

Patch: 2008_all_pkcs11-ssh-keygen-man.patch
Descr: [PATCH] PKCS#11 support in ssh-keygen (man)
Status: Pending to be merged into OpenSSH and Portable OpenSSH.

Patch: 2009_all_pkcs11-agent.patch
Descr: [PATCH] PKCS#11 support in agent
Status: Pending to be merged into OpenSSH and Portable OpenSSH.

Patch: 2010_all_pkcs11-agent-man.patch
Descr: [PATCH] PKCS#11 support in agent (man)
Status: Pending to be merged into OpenSSH and Portable OpenSSH.

Patch: 3000_ossh_pkcs11.patch
Descr: [PATCH] OpenSSH PKCS#11 Additions
Status: Pending to be merged into OpenSSH.

Patch: 4000_possh_pkcs11.patch
Descr: [PATCH] Portable OpenSSH PKCS#11 Additions
Status: Pending to be merged into Portable OpenSSH.

Patch: 4001_possh_pkcs11-x509.patch
Descr: [PATCH] Portable OpenSSH X.509 Additions
Status: Pending to be merged into Roumen Patrov's X.509 patch (after
merge).

Patch: 4100_possh_pkcs11-autoconf.patch
Descr: [PATCH] Portable OpenSSH PKCS#11 autoconf generated files
Status: Not to be merged.

Patch: 4101_possh_pkcs11-x509-autoconf.patch
Descr: [PATCH] Portable OpenSSH PKCS#11 X.509 autoconf generated files
Status: Not to be merged.

APPLY

Apply to OpenSSH:

for f in @@HOME@@/{1,2,3}*; do patch -p1 < $f; done

Apply to Portable OpenSSH:

for f in @@HOME@@/{1,2,4}*; do patch -p1 < $f; done

Apply with X.509 patch:
for f in @@HOME@@/{1,2,4}*; do patch -p1 < $f; done
patch -R < @@HOME@@/1000_all_log.patch
<apply x.509 patch>

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=1371


Alon Bar-Lev <alon.barlev@gmail.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #1488|0 |1
is obsolete| |
Attachment #1468|0 |1
is obsolete| |




--- Comment #29 from Alon Bar-Lev <alon.barlev@gmail.com> 2008-04-26 22:34:39 ---
Created an attachment (id=1490)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=1490)
2001_all_pkcs11-core.patch

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=1371





--- Comment #30 from Alon Bar-Lev <alon.barlev@gmail.com> 2008-04-26 22:35:49 ---
(From update of attachment 1490)
[PATCH] PKCS#11 core module

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=1371





--- Comment #31 from Alon Bar-Lev <alon.barlev@gmail.com> 2008-04-26 22:37:22 ---
Created an attachment (id=1491)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=1491)
2005_all_pkcs11-ssh.patch

[PATCH] PKCS#11 support in ssh

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=1371





--- Comment #32 from Alon Bar-Lev <alon.barlev@gmail.com> 2008-04-26 22:38:06 ---
Created an attachment (id=1492)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=1492)
2006_all_pkcs11-ssh-man.patch

[PATCH] PKCS#11 support in ssh (man)

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=1371





--- Comment #33 from Alon Bar-Lev <alon.barlev@gmail.com> 2008-04-26 22:39:00 ---
Created an attachment (id=1493)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=1493)
2007_all_pkcs11-ssh-keygen.patch

[PATCH] PKCS#11 support in ssh-keygen

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=1371





--- Comment #34 from Alon Bar-Lev <alon.barlev@gmail.com> 2008-04-26 22:39:43 ---
Created an attachment (id=1494)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=1494)
2008_all_pkcs11-ssh-keygen-man.patch

[PATCH] PKCS#11 support in ssh-keygen (man)

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=1371





--- Comment #35 from Alon Bar-Lev <alon.barlev@gmail.com> 2008-04-26 22:40:34 ---
Created an attachment (id=1495)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=1495)
2009_all_pkcs11-agent.patch

[PATCH] PKCS#11 support in agent

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=1371





--- Comment #36 from Alon Bar-Lev <alon.barlev@gmail.com> 2008-04-26 22:41:24 ---
Created an attachment (id=1496)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=1496)
2010_all_pkcs11-agent-man.patch

[PATCH] PKCS#11 support in agent (man)

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=1371


Alon Bar-Lev <alon.barlev@gmail.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #1490|0 |1
is obsolete| |




--- Comment #37 from Alon Bar-Lev <alon.barlev@gmail.com> 2008-04-27 07:02:42 ---
Created an attachment (id=1497)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=1497)
2001_all_pkcs11-core.patch

[PATCH] PKCS#11 core module

Just had an idea... If you have this buffer interface, maybe you also
have base64 interface, and you do!

So now the ssh_from_x509() is actually readable.

The pkcs11_show_ids() is opened for suggestion regarding the format of
the output. Maybe you have some magic for i2a_ASN1_INTEGER()
replacement.

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs