openssh bugs - Jul 2015 - [Bug 2427] New: ssh keygen is trying to read uninitialized slots on smart card (and is failing)

https://bugzilla.mindrot.org/show_bug.cgi?id=2427

            Bug ID: 2427
           Summary: ssh keygen is trying to read uninitialized slots on
                    smart card (and is failing)
           Product: Portable OpenSSH
           Version: 6.9p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: Smartcard
          Assignee: unassigned-bugs at mindrot.org
          Reporter: jjelen at redhat.com

Created attachment 2664
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2664&action=edit
ignore uninitialized slots

Based on our investigation of Smart Cart usability with openSSH we
found several minor problems that were filled in our red hat bugzilla
[1]. One of them is that keygen is trying to open session on
uninitialised slots on smart card (tested with softHSM soft token).

First view was that the problem is on soft token side, but it announces
the slot in correct way, with CKF_TOKEN_INITIALIZED flag, which should
prevent tools to open session on this slot.

I created patch against master that is skipping slots with this flag,
rather than failing hard on OpenSession.

Minimal reproducer is available in referenced bugzilla. To see whole
output that is available as an attachment, swap the last line with:
$ export PKCS11SPY=/usr/lib64/pkcs11/libsofthsm2.so
$ ssh-keygen -vvvD /usr/lib64/pkcs11/pkcs11-spy.so

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1241874

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2427

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED
             Blocks|                            |2403
                 CC|                            |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Applied - thanks

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2427

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Close all resolved bugs after 7.3p1 release

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.