Bug 2427 - ssh keygen is trying to read uninitialized slots on smart card (and is failing)
Summary: ssh keygen is trying to read uninitialized slots on smart card (and is failing)
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: Smartcard (show other bugs)
Version: 6.9p1
Hardware: Other Linux
: P5 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks: V_7_0
  Show dependency treegraph
 
Reported: 2015-07-14 17:48 AEST by Jakub Jelen
Modified: 2016-08-02 10:41 AEST (History)
1 user (show)

See Also:

Attachments
ignore uninitialized slots (577 bytes, text/plain)
2015-07-14 17:48 AEST, Jakub Jelen 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jakub Jelen 2015-07-14 17:48:55 AEST 
Created attachment 2664 [details]
ignore uninitialized slots

Based on our investigation of Smart Cart usability with openSSH we found several minor problems that were filled in our red hat bugzilla [1]. One of them is that keygen is trying to open session on uninitialised slots on smart card (tested with softHSM soft token).

First view was that the problem is on soft token side, but it announces the slot in correct way, with CKF_TOKEN_INITIALIZED flag, which should prevent tools to open session on this slot.

I created patch against master that is skipping slots with this flag, rather than failing hard on OpenSession.

Minimal reproducer is available in referenced bugzilla. To see whole output that is available as an attachment, swap the last line with:
$ export PKCS11SPY=/usr/lib64/pkcs11/libsofthsm2.so
$ ssh-keygen -vvvD /usr/lib64/pkcs11/pkcs11-spy.so

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1241874
Comment 1 Damien Miller 2015-07-18 18:02:33 AEST 
Applied - thanks
Comment 2 Damien Miller 2016-08-02 10:41:56 AEST 
Close all resolved bugs after 7.3p1 release