Bug 584

Summary: scard-opensc.c doesn't work without PIN
Product: Portable OpenSSH Reporter: Nils Larsch <larsch>
Component: SmartcardAssignee: OpenSSH Bugzilla mailing list <openssh-bugs>
Status: CLOSED FIXED    
Severity: normal    
Priority: P2    
Version: -current   
Hardware: All   
OS: Linux   
Attachments:
Description Flags
proposed patch
none
fixed proposed patch none

Description Nils Larsch 2003-06-03 19:04:15 AEST 
The function sc_prkey_op_init (in scard-opensc.c) requires for every private
key a PKCS#15 AuthenticationObject object, but the this object is optional
=> sc_prkey_op_init fails if the key is not protected by a PIN.
If sc_pkcs15_find_pin_by_auth_id retuns SC_ERROR_OBJECT_NOT_FOUND then
(most likely) a PIN is not required to use the key => sc_prkey_op_init
should simply copy the private key and return 0 (== no error).

Regards,
Nils
Comment 1 Nils Larsch 2003-06-03 19:10:39 AEST 
Created attachment 318 [details]
proposed patch
Comment 2 Damien Miller 2003-06-04 19:22:49 AEST 
Fix applied, thanks.
Comment 3 Nils Larsch 2003-06-04 22:03:07 AEST 
Created attachment 322 [details]
fixed proposed patch

Sorry Damien, but I overlooked that sc_prkey_op_init is expected to
lock the card. With this patch (and with #577) I can use a PKCS#15 smart
card with OpenSSH (v1,v2) via OpenSC under Linux and Windows (+Cygwin)
(using ssh-agent or 'ssh -I ...' if the key is not protected by a PIN).

Thanks,
Nils
Comment 4 Nils Larsch 2003-06-04 22:06:51 AEST 
Sorry, but I overlooked a missing sc_lock.
Comment 5 Damien Miller 2003-06-04 22:12:44 AEST 
Applied too, thanks.
Comment 6 Damien Miller 2004-04-14 12:31:27 AEST 
Mass change of VERIFIED bugs to CLOSED