History log of /openssh-portable/ssh-pkcs11.c (Results 1 – 25 of 64)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
Revision tags: V_8_6_P1, V_8_5_P1
# 19af04e2 22-Nov-2020 djm@openbsd.org

upstream: when loading PKCS#11 keys, include the key fingerprints

and provider/slot information in debug output.

OpenBSD-Commit-ID: 969a089575d0166a9a364a9901bb6a8d9b8a1431


# 816036f1 18-Oct-2020 djm@openbsd.org

upstream: use the new variant log macros instead of prepending

__func__ and appending ssh_err(r) manually; ok markus@

OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8


Revision tags: V_8_4_P1
# 4c607244 28-May-2020 djm@openbsd.org

upstream: fix compilation on !HAVE_DLOPEN platforms; stub function

was not updated to match API change. From Dale Rahn via beck@ ok markus@

OpenBSD-Commit-ID: 2b8d054afe34c9ac85e417dae702ef981917b8

upstream: fix compilation on !HAVE_DLOPEN platforms; stub function

was not updated to match API change. From Dale Rahn via beck@ ok markus@

OpenBSD-Commit-ID: 2b8d054afe34c9ac85e417dae702ef981917b836

show more ...


Revision tags: V_8_3_P1
# 1d89232a 13-Mar-2020 djm@openbsd.org

upstream: improve error messages for some common PKCS#11 C_Login

failure cases; based on patch from Jacob Hoffman-Andrews in bz3130; ok
dtucker

OpenBSD-Commit-ID: b8b849621b4a98e468942efd0a1c519c12

upstream: improve error messages for some common PKCS#11 C_Login

failure cases; based on patch from Jacob Hoffman-Andrews in bz3130; ok
dtucker

OpenBSD-Commit-ID: b8b849621b4a98e468942efd0a1c519c12ce089e

show more ...


# 31c860a0 06-Mar-2020 markus@openbsd.org

upstream: pkcs11_register_provider: return < 0 on error; ok djm

OpenBSD-Commit-ID: cfc8321315b787e4d40da4bdb2cbabd4154b0d97


Revision tags: V_8_2_P1
# 89a8d452 24-Jan-2020 djm@openbsd.org

upstream: expose PKCS#11 key labels/X.509 subjects as comments

Extract the key label or X.509 subject string when PKCS#11 keys
are retrieved from the token and plumb this through to places where
it

upstream: expose PKCS#11 key labels/X.509 subjects as comments

Extract the key label or X.509 subject string when PKCS#11 keys
are retrieved from the token and plumb this through to places where
it may be used as a comment.

based on https://github.com/openssh/openssh-portable/pull/138
by Danielle Church

feedback and ok markus@

OpenBSD-Commit-ID: cae1fda10d9e10971dea29520916e27cfec7ca35

show more ...


Revision tags: V_8_1_P1
# 08468278 01-Oct-2019 djm@openbsd.org

upstream: revert unconditional forced login implemented in r1.41 of

ssh-pkcs11.c; r1.45 added a forced login as a fallback for cases where the
token returns no objects and this is less disruptive fo

upstream: revert unconditional forced login implemented in r1.41 of

ssh-pkcs11.c; r1.45 added a forced login as a fallback for cases where the
token returns no objects and this is less disruptive for users of tokens
directly in ssh (rather than via ssh-agent) and in ssh-keygen

bz3006, patch from Jakub Jelen; ok markus

OpenBSD-Commit-ID: 33d6df589b072094384631ff93b1030103b3d02e

show more ...


# 7d6034bd 05-Sep-2019 djm@openbsd.org

upstream: if a PKCS#11 token returns no keys then try to login and

refetch them. Based on patch from Jakub Jelen; bz#2430 ok markus@

OpenBSD-Commit-ID: ab53bd6ddd54dd09e54a8bfbed1a984496f08b43


# b52c0c2e 01-Sep-2019 djm@openbsd.org

upstream: downgrade PKCS#11 "provider returned no slots" warning

from log level error to debug. This is common when attempting to enumerate
keys on smartcard readers with no cards plugged in. bz#305

upstream: downgrade PKCS#11 "provider returned no slots" warning

from log level error to debug. This is common when attempting to enumerate
keys on smartcard readers with no cards plugged in. bz#3058 ok dtucker@

OpenBSD-Commit-ID: bb8839ddeb77c271390488af1b771041d43e49c6

show more ...


# 9634ffbf 23-Jul-2019 Darren Tucker

Add headers to prevent warnings w/out OpenSSL.


# 97370f6c 16-May-2019 Darren Tucker

Fix building w/out ECC.

Ifdef out ECC specific code so that that it'll build against an OpenSSL
configured w/out ECC. With & ok djm@


# 5590f53f 26-Apr-2019 Darren Tucker

Whitespace resync w/OpenBSD.

Patch from markus at blueflash.cc via openssh-unix-dev.


Revision tags: V_8_0_P1
# 2aee9a49 08-Mar-2019 markus@openbsd.org

upstream: fix use-after-free in ssh-pkcs11; found by hshoexer w/AFL

OpenBSD-Commit-ID: febce81cca72b71f70513fbee4ff52ca050f675c


# 7a7fdca7 04-Feb-2019 djm@openbsd.org

upstream: fix NULL-deref crash in PKCS#11 code when attempting

login to a token requiring a PIN; reported by benno@ fix mostly by markus@

OpenBSD-Commit-ID: 438d0b114b1b4ba25a9869733db1921209aa9a31


# 41923ce0 22-Jan-2019 djm@openbsd.org

upstream: Correct some bugs in PKCS#11 token PIN handling at

initial login, the attempt at reading the PIN could be skipped in some cases
especially on devices with integrated PIN readers.

based on

upstream: Correct some bugs in PKCS#11 token PIN handling at

initial login, the attempt at reading the PIN could be skipped in some cases
especially on devices with integrated PIN readers.

based on patch from Daniel Kucera in bz#2652; ok markus@

OpenBSD-Commit-ID: fad70a61c60610afe8bb0db538c90e343e75e58e

show more ...


# 2162171a 22-Jan-2019 djm@openbsd.org

upstream: Support keys that set the CKA_ALWAYS_AUTHENTICATE by

requring a fresh login after the C_SignInit operation.

based on patch from Jakub Jelen in bz#2638; ok markus

OpenBSD-Commit-ID: a76e6

upstream: Support keys that set the CKA_ALWAYS_AUTHENTICATE by

requring a fresh login after the C_SignInit operation.

based on patch from Jakub Jelen in bz#2638; ok markus

OpenBSD-Commit-ID: a76e66996ba7c0923b46b74d46d499b811786661

show more ...


# 23490a6c 20-Jan-2019 Damien Miller

fix previous test


# b6dd3277 20-Jan-2019 Darren Tucker

Wrap ECC static globals in EC_KEY_METHOD_NEW too.


# 662be40c 20-Jan-2019 djm@openbsd.org

upstream: always print the caller's error message in ossl_error(),

even when there are no libcrypto errors to report.

OpenBSD-Commit-ID: 09ebaa8f706e0eccedd209775baa1eee2ada806a


# ce46c3a0 20-Jan-2019 djm@openbsd.org

upstream: get the ex_data (pkcs11_key object) back from the keys at

the index at which it was inserted, rather than assuming index 0

OpenBSD-Commit-ID: 1f3a6ce0346c8014e895e50423bef16401510aa8


# 2efcf812 20-Jan-2019 Damien Miller

Fix -Wunused when compiling PKCS#11 without ECDSA


# 63297641 20-Jan-2019 djm@openbsd.org

upstream: use ECDSA_SIG_set0() instead of poking signature values into

structure directly; the latter works on LibreSSL but not on OpenSSL. From
portable.

OpenBSD-Commit-ID: 5b22a1919d9cee907d3f8a0

upstream: use ECDSA_SIG_set0() instead of poking signature values into

structure directly; the latter works on LibreSSL but not on OpenSSL. From
portable.

OpenBSD-Commit-ID: 5b22a1919d9cee907d3f8a029167f70a481891c6

show more ...


# 5de6ac2b 20-Jan-2019 Damien Miller

remove HAVE_DLOPEN that snuck in

portable doesn't use this


# e2cb445d 20-Jan-2019 Damien Miller

conditionalise ECDSA PKCS#11 support

Require EC_KEY_METHOD support in libcrypto, evidenced by presence
of EC_KEY_METHOD_new() function.


# fcb1b093 20-Jan-2019 djm@openbsd.org

upstream: we use singleton pkcs#11 RSA_METHOD and EC_KEY_METHOD

now, so there is no need to keep a copy of each in the pkcs11_key object.

work by markus@, ok djm@

OpenBSD-Commit-ID: 43b4856516e45c

upstream: we use singleton pkcs#11 RSA_METHOD and EC_KEY_METHOD

now, so there is no need to keep a copy of each in the pkcs11_key object.

work by markus@, ok djm@

OpenBSD-Commit-ID: 43b4856516e45c0595f17a8e95b2daee05f12faa

show more ...


123