49 struct helper {  struct
59 static struct helper **helpers;  argument
62 static struct helper *
77 static struct helper *
93 static struct helper *
110 helper_free(struct helper *helper)  in helper_free()  argument
115 	if (helper == NULL)  in helper_free()
117 	if (helper->path == NULL || helper->ec_meth == NULL ||  in helper_free()
118 	    helper->rsa_meth == NULL)  in helper_free()
120 	debug3_f("free helper for provider %s", helper->path);  in helper_free()
122 		if (helpers[i] == helper) {  in helper_free()
135 	free(helper->path);  in helper_free()
136 	EC_KEY_METHOD_free(helper->ec_meth);  in helper_free()
137 	RSA_meth_free(helper->rsa_meth);  in helper_free()
138 	free(helper);  in helper_free()
142 helper_terminate(struct helper *helper)  in helper_terminate()  argument
144 	if (helper == NULL) {  in helper_terminate()
146 	} else if (helper->fd == -1) {  in helper_terminate()
151 		    helper->path, helper->nrsa, helper->nec);  in helper_terminate()
152 		close(helper->fd);  in helper_terminate()
154 		helper->fd = -1;  in helper_terminate()
155 		helper->pid = -1;  in helper_terminate()
162 	if (helper->nrsa == 0 && helper->nec == 0)  in helper_terminate()
163 		helper_free(helper);  in helper_terminate()
243 	struct helper *helper;  in rsa_encrypt()  local
245 	if ((helper = helper_by_rsa(rsa)) == NULL || helper->fd == -1)  in rsa_encrypt()
247 	debug3_f("signing with PKCS11 provider %s", helper->path);  in rsa_encrypt()
272 	send_msg(helper->fd, msg);  in rsa_encrypt()
275 	if (recv_msg(helper->fd, msg) == SSH2_AGENT_SIGN_RESPONSE) {  in rsa_encrypt()
294 	struct helper *helper;  in rsa_finish()  local
296 	if ((helper = helper_by_rsa(rsa)) == NULL)  in rsa_finish()
298 	debug3_f("free PKCS11 RSA key for provider %s", helper->path);  in rsa_finish()
299 	if (helper->rsa_finish != NULL)  in rsa_finish()
300 		helper->rsa_finish(rsa);  in rsa_finish()
301 	if (helper->nrsa == 0)  in rsa_finish()
303 	helper->nrsa--;  in rsa_finish()
305 	    helper->path, helper->nrsa, helper->nec);  in rsa_finish()
306 	if (helper->nrsa == 0 && helper->nec == 0)  in rsa_finish()
307 		helper_terminate(helper);  in rsa_finish()
322 	struct helper *helper;  in ecdsa_do_sign()  local
324 	if ((helper = helper_by_ec(ec)) == NULL || helper->fd == -1)  in ecdsa_do_sign()
326 	debug3_f("signing with PKCS11 provider %s", helper->path);  in ecdsa_do_sign()
355 	send_msg(helper->fd, msg);  in ecdsa_do_sign()
358 	if (recv_msg(helper->fd, msg) == SSH2_AGENT_SIGN_RESPONSE) {  in ecdsa_do_sign()
376 	struct helper *helper;  in ecdsa_do_finish()  local
378 	if ((helper = helper_by_ec(ec)) == NULL)  in ecdsa_do_finish()
380 	debug3_f("free PKCS11 ECDSA key for provider %s", helper->path);  in ecdsa_do_finish()
381 	if (helper->ec_finish != NULL)  in ecdsa_do_finish()
382 		helper->ec_finish(ec);  in ecdsa_do_finish()
383 	if (helper->nec == 0)  in ecdsa_do_finish()
385 	helper->nec--;  in ecdsa_do_finish()
387 	    helper->path, helper->nrsa, helper->nec);  in ecdsa_do_finish()
388 	if (helper->nrsa == 0 && helper->nec == 0)  in ecdsa_do_finish()
389 		helper_terminate(helper);  in ecdsa_do_finish()
394 wrap_key(struct helper *helper, struct sshkey *k)  in wrap_key()  argument
399 	debug3_f("wrap %s for provider %s", sshkey_type(k), helper->path);  in wrap_key()
403 		if (RSA_set_method(rsa, helper->rsa_meth) != 1)  in wrap_key()
405 		if (helper->nrsa++ >= INT_MAX)  in wrap_key()
413 		if (EC_KEY_set_method(ecdsa, helper->ec_meth) != 1)  in wrap_key()
415 		if (helper->nec++ >= INT_MAX)  in wrap_key()
424 	    helper->path, helper->nrsa, helper->nec);  in wrap_key()
435 	struct helper *helper = NULL;  in pkcs11_make_cert()  local
454 		if ((helper = helper_by_rsa(rsa_priv)) == NULL ||  in pkcs11_make_cert()
455 		    helper->fd == -1)  in pkcs11_make_cert()
461 		if (RSA_set_method(rsa_cert, helper->rsa_meth) != 1)  in pkcs11_make_cert()
463 		if (helper->nrsa++ >= INT_MAX)  in pkcs11_make_cert()
472 		if ((helper = helper_by_ec(ec_priv)) == NULL ||  in pkcs11_make_cert()
473 		    helper->fd == -1)  in pkcs11_make_cert()
479 		if (EC_KEY_set_method(ec_cert, helper->ec_meth) != 1)  in pkcs11_make_cert()
481 		if (helper->nec++ >= INT_MAX)  in pkcs11_make_cert()
495 	    helper->path, helper->nrsa, helper->nec);  in pkcs11_make_cert()
502 pkcs11_start_helper_methods(struct helper *helper)  in pkcs11_start_helper_methods()  argument
518 	EC_KEY_METHOD_get_init(ec_meth, &ec_init, &helper->ec_finish,  in pkcs11_start_helper_methods()
525 	helper->rsa_finish = RSA_meth_get_finish(rsa_meth);  in pkcs11_start_helper_methods()
531 	helper->ec_meth = ec_meth;  in pkcs11_start_helper_methods()
532 	helper->rsa_meth = rsa_meth;  in pkcs11_start_helper_methods()
536 static struct helper *
541 	struct helper *helper;  in pkcs11_start_helper()  local
551 	helper = xcalloc(1, sizeof(*helper));  in pkcs11_start_helper()
552 	if (pkcs11_start_helper_methods(helper) == -1) {  in pkcs11_start_helper()
561 		RSA_meth_free(helper->rsa_meth);  in pkcs11_start_helper()
562 		EC_KEY_METHOD_free(helper->ec_meth);  in pkcs11_start_helper()
563 		free(helper);  in pkcs11_start_helper()
585 	helper->fd = pair[0];  in pkcs11_start_helper()
586 	helper->path = xstrdup(path);  in pkcs11_start_helper()
587 	helper->pid = pid;  in pkcs11_start_helper()
589 	    helper->path, helper->fd, (long)helper->pid);  in pkcs11_start_helper()
592 	helpers[nhelpers++] = helper;  in pkcs11_start_helper()
593 	return helper;  in pkcs11_start_helper()
607 	struct helper *helper;  in pkcs11_add_provider()  local
609 	if ((helper = helper_by_provider(name)) == NULL &&  in pkcs11_add_provider()
610 	    (helper = pkcs11_start_helper(name)) == NULL)  in pkcs11_add_provider()
619 	send_msg(helper->fd, msg);  in pkcs11_add_provider()
622 	type = recv_msg(helper->fd, msg);  in pkcs11_add_provider()
636 			wrap_key(helper, k);  in pkcs11_add_provider()
657 	struct helper *helper;  in pkcs11_del_provider()  local
664 	if ((helper = helper_by_provider(name)) != NULL)  in pkcs11_del_provider()
665 		helper_terminate(helper);  in pkcs11_del_provider()