CVSROOT: /cvs
Module name: src
Changes by: d...@cvs.openbsd.org 2023/07/19 08:03:45
Modified files:
usr.bin/ssh : ssh-pkcs11-client.c
Log message:
Separate ssh-pkcs11-helpers for each p11 module
Make ssh-pkcs11-client start an independent helper for each provider,
providing better isolation between modules and reliability if a single
module misbehaves.
This also implements reference counting of PKCS#11-hosted keys,
allowing ssh-pkcs11-helper subprocesses to be automatically reaped
when no remaining keys reference them. This fixes some bugs we have
that make PKCS11 keys unusable after they have been deleted, e.g.
https://bugzilla.mindrot.org/show_bug.cgi?id=3125
ok markus@
