diff options
author | djm@openbsd.org <djm@openbsd.org> | 2020-01-25 01:03:36 +0100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2020-01-25 01:35:55 +0100 |
commit | 89a8d4525e8edd9958ed3df60cf683551142eae0 (patch) | |
tree | 5251d0355691f30dca76d17724dd0d2123285e6e /ssh-keygen.c | |
parent | upstream: tweak proctitle to include sshd arguments, as these are (diff) | |
download | openssh-89a8d4525e8edd9958ed3df60cf683551142eae0.tar.xz openssh-89a8d4525e8edd9958ed3df60cf683551142eae0.zip |
upstream: expose PKCS#11 key labels/X.509 subjects as comments
Extract the key label or X.509 subject string when PKCS#11 keys
are retrieved from the token and plumb this through to places where
it may be used as a comment.
based on https://github.com/openssh/openssh-portable/pull/138
by Danielle Church
feedback and ok markus@
OpenBSD-Commit-ID: cae1fda10d9e10971dea29520916e27cfec7ca35
Diffstat (limited to 'ssh-keygen.c')
-rw-r--r-- | ssh-keygen.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index 2c9f67862..14d2357a7 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.391 2020/01/24 05:33:01 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.392 2020/01/25 00:03:36 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -829,13 +829,13 @@ do_download(struct passwd *pw) int i, nkeys; enum sshkey_fp_rep rep; int fptype; - char *fp, *ra; + char *fp, *ra, **comments = NULL; fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash; rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT; pkcs11_init(1); - nkeys = pkcs11_add_provider(pkcs11provider, NULL, &keys); + nkeys = pkcs11_add_provider(pkcs11provider, NULL, &keys, &comments); if (nkeys <= 0) fatal("cannot read public key from pkcs11"); for (i = 0; i < nkeys; i++) { @@ -853,10 +853,13 @@ do_download(struct passwd *pw) free(fp); } else { (void) sshkey_write(keys[i], stdout); /* XXX check */ - fprintf(stdout, "\n"); + fprintf(stdout, "%s%s\n", + *(comments[i]) == '\0' ? "" : " ", comments[i]); } + free(comments[i]); sshkey_free(keys[i]); } + free(comments); free(keys); pkcs11_terminate(); exit(0); @@ -1703,7 +1706,8 @@ load_pkcs11_key(char *path) fatal("Couldn't load CA public key \"%s\": %s", path, ssh_err(r)); - nkeys = pkcs11_add_provider(pkcs11provider, identity_passphrase, &keys); + nkeys = pkcs11_add_provider(pkcs11provider, identity_passphrase, + &keys, NULL); debug3("%s: %d keys", __func__, nkeys); if (nkeys <= 0) fatal("cannot read public key from pkcs11"); |