- markus@cvs.openbsd.org 2001/08/01 23:38:45
[scard.c ssh.c]
support finish rsa keys.
free public keys after login -> call finish -> close smartcard.
diff --git a/ChangeLog b/ChangeLog
index e42edd1..1f018a9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -98,6 +98,10 @@
[ssh-keygen.c]
allow uploading RSA keys for non-default AUT0 (sha1 over passphrase
like sectok).
+ - markus@cvs.openbsd.org 2001/08/01 23:38:45
+ [scard.c ssh.c]
+ support finish rsa keys.
+ free public keys after login -> call finish -> close smartcard.
20010803
- (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on
@@ -6208,4 +6212,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
-$Id: ChangeLog,v 1.1451 2001/08/06 21:40:04 mouring Exp $
+$Id: ChangeLog,v 1.1452 2001/08/06 21:42:00 mouring Exp $
diff --git a/scard.c b/scard.c
index 8b3abcf..cfcd953 100644
--- a/scard.c
+++ b/scard.c
@@ -24,7 +24,7 @@
#ifdef SMARTCARD
#include "includes.h"
-RCSID("$OpenBSD: scard.c,v 1.11 2001/08/01 22:03:33 markus Exp $");
+RCSID("$OpenBSD: scard.c,v 1.12 2001/08/01 23:38:45 markus Exp $");
#include <openssl/engine.h>
#include <sectok.h>
@@ -262,6 +262,20 @@
return (len >= 0 ? len : status);
}
+/* called on free */
+
+static int (*orig_finish)(RSA *rsa) = NULL;
+
+static int
+sc_finish(RSA *rsa)
+{
+ if (orig_finish)
+ orig_finish(rsa);
+ sc_close();
+ return 1;
+}
+
+
/* engine for overloading private key operations */
static ENGINE *smart_engine = NULL;
@@ -291,13 +305,16 @@
smart_rsa.rsa_priv_enc = sc_private_encrypt;
smart_rsa.rsa_priv_dec = sc_private_decrypt;
+ /* save original */
+ orig_finish = def->finish;
+ smart_rsa.finish = sc_finish;
+
/* just use the OpenSSL version */
smart_rsa.rsa_pub_enc = def->rsa_pub_enc;
smart_rsa.rsa_pub_dec = def->rsa_pub_dec;
smart_rsa.rsa_mod_exp = def->rsa_mod_exp;
smart_rsa.bn_mod_exp = def->bn_mod_exp;
smart_rsa.init = def->init;
- smart_rsa.finish = def->finish;
smart_rsa.flags = def->flags;
smart_rsa.app_data = def->app_data;
smart_rsa.rsa_sign = def->rsa_sign;
diff --git a/ssh.c b/ssh.c
index 8f1d6ac..185d15e 100644
--- a/ssh.c
+++ b/ssh.c
@@ -39,7 +39,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.133 2001/08/01 22:03:33 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.134 2001/08/01 23:38:45 markus Exp $");
#include <openssl/evp.h>
#include <openssl/err.h>
@@ -756,6 +756,16 @@
}
xfree(sensitive_data.keys);
}
+ for (i = 0; i < options.num_identity_files; i++) {
+ if (options.identity_files[i]) {
+ xfree(options.identity_files[i]);
+ options.identity_files[i] = NULL;
+ }
+ if (options.identity_keys[i]) {
+ key_free(options.identity_keys[i]);
+ options.identity_keys[i] = NULL;
+ }
+ }
exit_status = compat20 ? ssh_session2() : ssh_session();
packet_close();