[openssh-commits] [openssh] 03/04: upstream: Perform the softhsm2 setup as discrete steps rather than

git+noreply at mindrot.org git+noreply at mindrot.org
Fri Oct 6 14:33:46 AEDT 2023 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit e84517f51532ec913d8fb01a8aab7307134774bb
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Fri Oct 6 03:25:14 2023 +0000

    upstream: Perform the softhsm2 setup as discrete steps rather than
    
    as a long shell pipeline. Makes it easier to figure out what has happened
    when it breaks.
    
    OpenBSD-Regress-ID: b3f1292115fed65765d0a95414df16e27772d81c
---
 regress/agent-pkcs11.sh | 27 +++++++++++++++++----------
 1 file changed, 17 insertions(+), 10 deletions(-)

diff --git a/regress/agent-pkcs11.sh b/regress/agent-pkcs11.sh
index 268a70de..f8409caa 100644
--- a/regress/agent-pkcs11.sh
+++ b/regress/agent-pkcs11.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: agent-pkcs11.sh,v 1.9 2021/07/25 12:13:03 dtucker Exp $
+#	$OpenBSD: agent-pkcs11.sh,v 1.10 2023/10/06 03:25:14 djm Exp $
 #	Placed in the Public Domain.
 
 tid="pkcs11 agent test"
@@ -54,6 +54,7 @@ export SSH_ASKPASS
 unset DISPLAY
 
 # start command w/o tty, so ssh-add accepts pin from stdin
+# XXX could force askpass instead
 notty() {
 	perl -e 'use POSIX; POSIX::setsid(); 
 	    if (fork) { wait; exit($? >> 8); } else { exec(@ARGV) }' "$@"
@@ -61,18 +62,23 @@ notty() {
 
 trace "generating keys"
 RSA=${DIR}/RSA
+RSAP8=${DIR}/RSAP8
+ECPARAM=${DIR}/ECPARAM
 EC=${DIR}/EC
-$OPENSSL_BIN genpkey -algorithm rsa > $RSA
-$OPENSSL_BIN pkcs8 -nocrypt -in $RSA |\
-    softhsm2-util --slot "$slot" --label 01 --id 01 --pin "$TEST_SSH_PIN" --import /dev/stdin
+ECP8=${DIR}/ECP8
+$OPENSSL_BIN genpkey -algorithm rsa > $RSA || fatal "genpkey RSA fail"
+$OPENSSL_BIN pkcs8 -nocrypt -in $RSA > $RSAP8 || fatal "pkcs8 RSA fail"
+softhsm2-util --slot "$slot" --label 01 --id 01 \
+    --pin "$TEST_SSH_PIN" --import $RSAP8 || fatal "softhsm import RSA fail"
+
 $OPENSSL_BIN genpkey \
     -genparam \
     -algorithm ec \
-    -pkeyopt ec_paramgen_curve:prime256v1 |\
-    $OPENSSL_BIN genpkey \
-    -paramfile /dev/stdin > $EC
-$OPENSSL_BIN pkcs8 -nocrypt -in $EC |\
-    softhsm2-util --slot "$slot" --label 02 --id 02 --pin "$TEST_SSH_PIN" --import /dev/stdin
+    -pkeyopt ec_paramgen_curve:prime256v1 > $ECPARAM || fatal "param EC fail"
+$OPENSSL_BIN genpkey -paramfile $ECPARAM > $EC || fatal "genpkey EC fail"
+$OPENSSL_BIN pkcs8 -nocrypt -in $EC > $ECP8 || fatal "pkcs8 EC fail"
+softhsm2-util --slot "$slot" --label 02 --id 02 \
+    --pin "$TEST_SSH_PIN" --import $ECP8 || fatal "softhasm import EC fail"
 
 trace "start agent"
 eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s` > /dev/null
@@ -99,7 +105,8 @@ else
 		chmod 600 $k
 		ssh-keygen -y -f $k > $k.pub
 		pub=$(cat $k.pub)
-		${SSHADD} -L | grep -q "$pub" || fail "key $k missing in ssh-add -L"
+		${SSHADD} -L | grep -q "$pub" || \
+			fail "key $k missing in ssh-add -L"
 		${SSHADD} -T $k.pub || fail "ssh-add -T with $k failed"
 
 		# add to authorized keys

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list