From a6c8a8d4d5c482163fc7c6784017cd8a802174f4 Mon Sep 17 00:00:00 2001
From: Ben Lindstrom <mouring@eviladmin.org>
Date: Mon, 6 Aug 2001 21:42:00 +0000
Subject: [PATCH]   - markus@cvs.openbsd.org 2001/08/01 23:38:45      [scard.c
 ssh.c]      support finish rsa keys.      free public keys after login ->
 call finish -> close smartcard.

---
 ChangeLog |  6 +++++-
 scard.c   | 21 +++++++++++++++++++--
 ssh.c     | 12 +++++++++++-
 3 files changed, 35 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index e42edd183..1f018a92c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -98,6 +98,10 @@
      [ssh-keygen.c]
      allow uploading RSA keys for non-default AUT0 (sha1 over passphrase 
      like sectok).
+  - markus@cvs.openbsd.org 2001/08/01 23:38:45
+     [scard.c ssh.c]
+     support finish rsa keys.
+     free public keys after login -> call finish -> close smartcard.
 
 20010803
  - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on
@@ -6208,4 +6212,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.1451 2001/08/06 21:40:04 mouring Exp $
+$Id: ChangeLog,v 1.1452 2001/08/06 21:42:00 mouring Exp $
diff --git a/scard.c b/scard.c
index 8b3abcfa0..cfcd953bd 100644
--- a/scard.c
+++ b/scard.c
@@ -24,7 +24,7 @@
 
 #ifdef SMARTCARD
 #include "includes.h"
-RCSID("$OpenBSD: scard.c,v 1.11 2001/08/01 22:03:33 markus Exp $");
+RCSID("$OpenBSD: scard.c,v 1.12 2001/08/01 23:38:45 markus Exp $");
 
 #include <openssl/engine.h>
 #include <sectok.h>
@@ -262,6 +262,20 @@ err:
 	return (len >= 0 ? len : status);
 }
 
+/* called on free */
+
+static int (*orig_finish)(RSA *rsa) = NULL;
+
+static int
+sc_finish(RSA *rsa)
+{
+	if (orig_finish)
+		orig_finish(rsa);
+	sc_close();
+	return 1;
+}
+
+
 /* engine for overloading private key operations */
 
 static ENGINE *smart_engine = NULL;
@@ -291,13 +305,16 @@ sc_get_engine(void)
 	smart_rsa.rsa_priv_enc	= sc_private_encrypt;
 	smart_rsa.rsa_priv_dec	= sc_private_decrypt;
 
+	/* save original */
+	orig_finish		= def->finish;
+	smart_rsa.finish	= sc_finish;
+
 	/* just use the OpenSSL version */
 	smart_rsa.rsa_pub_enc   = def->rsa_pub_enc;
 	smart_rsa.rsa_pub_dec   = def->rsa_pub_dec;
 	smart_rsa.rsa_mod_exp	= def->rsa_mod_exp;
 	smart_rsa.bn_mod_exp	= def->bn_mod_exp;
 	smart_rsa.init		= def->init;
-	smart_rsa.finish	= def->finish;
 	smart_rsa.flags		= def->flags;
 	smart_rsa.app_data	= def->app_data;
 	smart_rsa.rsa_sign	= def->rsa_sign;
diff --git a/ssh.c b/ssh.c
index 8f1d6ac73..185d15e1a 100644
--- a/ssh.c
+++ b/ssh.c
@@ -39,7 +39,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.133 2001/08/01 22:03:33 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.134 2001/08/01 23:38:45 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -756,6 +756,16 @@ again:
 		}
 		xfree(sensitive_data.keys);
 	}
+	for (i = 0; i < options.num_identity_files; i++) {
+		if (options.identity_files[i]) {
+			xfree(options.identity_files[i]);
+			options.identity_files[i] = NULL;
+		}
+		if (options.identity_keys[i]) {
+			key_free(options.identity_keys[i]);
+			options.identity_keys[i] = NULL;
+		}
+	}
 
 	exit_status = compat20 ? ssh_session2() : ssh_session();
 	packet_close();