Skip to content

Commit 9bad954

Browse files
beldmitbeldmit
committed
openssh-10.2p1-pkcs11-uri
1 parent f878d7c commit 9bad954

File tree

16 files changed

+2038
-269
lines changed

16 files changed

+2038
-269
lines changed

Makefile.in

Lines changed: 20 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -109,7 +109,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
109109
sftp-realpath.o platform-pledge.o platform-tracing.o platform-misc.o \
110110
sshbuf-io.o misc-agent.o
111111

112-
P11OBJS= ssh-pkcs11-client.o
112+
P11OBJS= ssh-pkcs11-client.o ssh-pkcs11-uri.o
113113

114114
SKOBJS= ssh-sk-client.o
115115

@@ -158,11 +158,11 @@ SSHADD_OBJS= ssh-add.o $(P11OBJS) $(SKOBJS)
158158

159159
SSHAGENT_OBJS= ssh-agent.o $(P11OBJS) $(SKOBJS)
160160

161-
SSHKEYGEN_OBJS= ssh-keygen.o sshsig.o ssh-pkcs11.o $(SKOBJS)
161+
SSHKEYGEN_OBJS= ssh-keygen.o sshsig.o ssh-pkcs11.o ssh-pkcs11-uri.o $(SKOBJS)
162162

163163
SSHKEYSIGN_OBJS=ssh-keysign.o readconf.o uidswap.o $(P11OBJS) $(SKOBJS)
164164

165-
P11HELPER_OBJS= ssh-pkcs11-helper.o ssh-pkcs11.o $(SKOBJS)
165+
P11HELPER_OBJS= ssh-pkcs11-helper.o ssh-pkcs11.o ssh-pkcs11-uri.o $(SKOBJS)
166166

167167
SKHELPER_OBJS= ssh-sk-helper.o ssh-sk.o sk-usbhid.o
168168

@@ -325,6 +325,8 @@ clean: regressclean
325325
rm -f regress/unittests/sshsig/test_sshsig$(EXEEXT)
326326
rm -f regress/unittests/utf8/*.o
327327
rm -f regress/unittests/utf8/test_utf8$(EXEEXT)
328+
rm -f regress/unittests/pkcs11/*.o
329+
rm -f regress/unittests/pkcs11/test_pkcs11$(EXEEXT)
328330
rm -f regress/misc/sk-dummy/*.o
329331
rm -f regress/misc/sk-dummy/*.lo
330332
rm -f regress/misc/ssh-verify-attestation/ssh-verify-attestation$(EXEEXT)
@@ -364,6 +366,8 @@ distclean: regressclean
364366
rm -f regress/unittests/sshsig/test_sshsig
365367
rm -f regress/unittests/utf8/*.o
366368
rm -f regress/unittests/utf8/test_utf8
369+
rm -f regress/unittests/pkcs11/*.o
370+
rm -f regress/unittests/pkcs11/test_pkcs11
367371
rm -f regress/misc/sk-dummy/*.o
368372
rm -f regress/misc/sk-dummy/*.lo
369373
rm -f regress/misc/sk-dummy/sk-dummy.so
@@ -543,6 +547,7 @@ regress-prep:
543547
$(MKDIR_P) `pwd`/regress/unittests/sshkey
544548
$(MKDIR_P) `pwd`/regress/unittests/sshsig
545549
$(MKDIR_P) `pwd`/regress/unittests/utf8
550+
$(MKDIR_P) `pwd`/regress/unittests/pkcs11
546551
$(MKDIR_P) `pwd`/regress/misc/sk-dummy
547552
$(MKDIR_P) `pwd`/regress/misc/ssh-verify-attestation
548553
[ -f `pwd`/regress/Makefile ] || \
@@ -718,6 +723,16 @@ regress/unittests/utf8/test_utf8$(EXEEXT): \
718723
regress/unittests/test_helper/libtest_helper.a \
719724
-lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS)
720725

726+
UNITTESTS_TEST_PKCS11_OBJS=\
727+
regress/unittests/pkcs11/tests.o
728+
729+
regress/unittests/pkcs11/test_pkcs11$(EXEEXT): \
730+
${UNITTESTS_TEST_PKCS11_OBJS} ssh-pkcs11-uri.o \
731+
regress/unittests/test_helper/libtest_helper.a libssh.a
732+
$(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_PKCS11_OBJS) \
733+
regress/unittests/test_helper/libtest_helper.a \
734+
ssh-pkcs11-uri.o -lssh -lopenbsd-compat -lcrypto $(LIBS) -lm
735+
721736
# These all need to be compiled -fPIC, so they are treated differently.
722737
SK_DUMMY_OBJS=\
723738
regress/misc/sk-dummy/sk-dummy.lo \
@@ -763,7 +778,8 @@ regress-unit-binaries: regress-prep $(REGRESSLIBS) \
763778
regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \
764779
regress/unittests/sshkey/test_sshkey$(EXEEXT) \
765780
regress/unittests/sshsig/test_sshsig$(EXEEXT) \
766-
regress/unittests/utf8/test_utf8$(EXEEXT)
781+
regress/unittests/utf8/test_utf8$(EXEEXT) \
782+
regress/unittests/pkcs11/test_pkcs11$(EXEEXT) \
767783

768784
tests: file-tests t-exec interop-tests extra-tests unit
769785
echo all tests passed

configure.ac

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2222,12 +2222,14 @@ AC_LINK_IFELSE(
22222222
[AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
22232223
])
22242224

2225+
SCARD_MSG="yes"
22252226
disable_pkcs11=
22262227
AC_ARG_ENABLE([pkcs11],
22272228
[ --disable-pkcs11 disable PKCS#11 support code [no]],
22282229
[
22292230
if test "x$enableval" = "xno" ; then
22302231
disable_pkcs11=1
2232+
SCARD_MSG="no"
22312233
fi
22322234
]
22332235
)
@@ -2257,6 +2259,40 @@ AC_SEARCH_LIBS([dlopen], [dl])
22572259
AC_CHECK_FUNCS([dlopen])
22582260
AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>])
22592261

2262+
# Check whether we have a p11-kit, we got default provider on command line
2263+
DEFAULT_PKCS11_PROVIDER_MSG="no"
2264+
AC_ARG_WITH([default-pkcs11-provider],
2265+
[ --with-default-pkcs11-provider[[=PATH]] Use default pkcs11 provider (p11-kit detected by default)],
2266+
[ if test "x$withval" != "xno" && test "x$disable_pkcs11" = "x"; then
2267+
if test "x$withval" = "xyes" ; then
2268+
AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
2269+
if test "x$PKGCONFIG" != "xno"; then
2270+
AC_MSG_CHECKING([if $PKGCONFIG knows about p11-kit])
2271+
if "$PKGCONFIG" "p11-kit-1"; then
2272+
AC_MSG_RESULT([yes])
2273+
use_pkgconfig_for_p11kit=yes
2274+
else
2275+
AC_MSG_RESULT([no])
2276+
fi
2277+
fi
2278+
else
2279+
PKCS11_PATH="${withval}"
2280+
fi
2281+
if test "x$use_pkgconfig_for_p11kit" = "xyes"; then
2282+
PKCS11_PATH=`$PKGCONFIG --variable=proxy_module p11-kit-1`
2283+
fi
2284+
AC_CHECK_FILE("$PKCS11_PATH",
2285+
[ AC_DEFINE_UNQUOTED([PKCS11_DEFAULT_PROVIDER], ["$PKCS11_PATH"], [Path to default PKCS#11 provider (p11-kit proxy)])
2286+
DEFAULT_PKCS11_PROVIDER_MSG="$PKCS11_PATH"
2287+
],
2288+
[ AC_MSG_ERROR([Requested PKCS11 provided not found]) ]
2289+
)
2290+
else
2291+
AC_MSG_WARN([Needs PKCS11 support to enable default pkcs11 provider])
2292+
fi ]
2293+
)
2294+
2295+
22602296
# IRIX has a const char return value for gai_strerror()
22612297
AC_CHECK_FUNCS([gai_strerror], [
22622298
AC_DEFINE([HAVE_GAI_STRERROR])
@@ -5889,6 +5925,7 @@ echo " BSD Auth support: $BSD_AUTH_MSG"
58895925
echo " Random number source: $RAND_MSG"
58905926
echo " Privsep sandbox style: $SANDBOX_STYLE"
58915927
echo " PKCS#11 support: $enable_pkcs11"
5928+
echo " Default PKCS#11 provider: $DEFAULT_PKCS11_PROVIDER_MSG"
58925929
echo " U2F/FIDO support: $enable_sk"
58935930

58945931
echo ""

regress/Makefile

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -142,7 +142,8 @@ CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \
142142
known_hosts known_hosts-cert known_hosts.* krl-* ls.copy \
143143
modpipe netcat no_identity_config \
144144
pidfile putty.rsa2 ready regress.log remote_pid \
145-
revoked-* rsa rsa-agent rsa-agent.pub rsa.pub rsa_ssh2_cr.prv \
145+
revoked-* rsa rsa-agent rsa-agent.pub rsa-agent-cert.pub \
146+
rsa.pub rsa_ssh2_cr.prv pkcs11*.crt pkcs11*.key pkcs11.info \
146147
rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \
147148
scp-ssh-wrapper.scp setuid-allowed sftp-server.log \
148149
sftp-server.sh sftp.log ssh-log-wrapper.sh ssh.log \
@@ -292,6 +293,7 @@ unit unit-bench:
292293
test "x${UNITTEST_VERBOSE}" = "x" || ARGS="$$ARGS -v"; \
293294
test "x${UNITTEST_BENCH_DETAIL}" = "x" || ARGS="$$ARGS -B"; \
294295
test "x${UNITTEST_BENCH_ONLY}" = "x" || ARGS="$$ARGS -O ${UNITTEST_BENCH_ONLY}"; \
296+
$$V ${.OBJDIR}/unittests/pkcs11/test_pkcs11 ; \
295297
$$V ${.OBJDIR}/unittests/sshbuf/test_sshbuf $${ARGS}; \
296298
$$V ${.OBJDIR}/unittests/sshkey/test_sshkey \
297299
-d ${.CURDIR}/unittests/sshkey/testdata $${ARGS}; \

0 commit comments

Comments
 (0)