- rees@cvs.openbsd.org 2001/07/26 20:04:27
[scard.c ssh-keygen.c]
Inquire Cyberflex class for 0xf0 cards
change aid to conform to 7816-5
remove gratuitous fid selects
diff --git a/ChangeLog b/ChangeLog
index 7008ff9..59e54f0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -40,6 +40,11 @@
[sshd.8 sshd.c]
add -t option to test configuration file and keys; pekkas@netcore.fi
ok markus@
+ - rees@cvs.openbsd.org 2001/07/26 20:04:27
+ [scard.c ssh-keygen.c]
+ Inquire Cyberflex class for 0xf0 cards
+ change aid to conform to 7816-5
+ remove gratuitous fid selects
20010803
- (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on
@@ -6150,4 +6155,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
-$Id: ChangeLog,v 1.1437 2001/08/06 21:09:07 mouring Exp $
+$Id: ChangeLog,v 1.1438 2001/08/06 21:10:52 mouring Exp $
diff --git a/scard.c b/scard.c
index 25776d2..b8640b8 100644
--- a/scard.c
+++ b/scard.c
@@ -24,7 +24,7 @@
#ifdef SMARTCARD
#include "includes.h"
-RCSID("$OpenBSD: scard.c,v 1.6 2001/07/25 11:59:35 markus Exp $");
+RCSID("$OpenBSD: scard.c,v 1.7 2001/07/26 20:04:27 rees Exp $");
#include <openssl/engine.h>
#include <sectok.h>
@@ -51,7 +51,6 @@
static int
sc_open(void)
{
- u_char atr[256];
int sw;
if (sc_fd >= 0)
@@ -62,11 +61,13 @@
error("sectok_open failed: %s", sectok_get_sw(sw));
return -1;
}
- if (sectok_reset(sc_fd, 0, atr, &sw) <= 0) {
+ if (sectok_reset(sc_fd, 0, NULL, &sw) <= 0) {
error("sectok_reset failed: %s", sectok_get_sw(sw));
sc_fd = -1;
return sc_fd;
}
+ if ((cla = cyberflex_inq_class(sc_fd)) < 0)
+ cla = 0;
debug("sc_open ok %d", sc_fd);
return sc_fd;
@@ -75,29 +76,11 @@
static int
sc_enable_applet(void)
{
- u_char contID[2], aid[MAX_BUF_SIZE];
- int i, len, sw, aid_len;
+ static u_char aid[] = {0xfc, 0x53, 0x73, 0x68, 0x2e, 0x62, 0x69, 0x6e};
+ int sw = 0;
- len = sw = 0;
- contID[0] = 0x77;
- contID[1] = 0x78;
-
- if (sectok_selectfile(sc_fd, cla, root_fid, &sw) < 0) {
- error("sectok_selectfile root_fid failed: %s",
- sectok_get_sw(sw));
- sc_close();
- return -1;
- }
- if (sectok_selectfile(sc_fd, cla, contID, &sw) < 0) {
- error("sectok_selectfile failed: %s", sectok_get_sw(sw));
- sc_close();
- return -1;
- }
- /* send applet id */
- for (i = 0; i < sizeof(aid); i++)
- aid[i] = 0x77;
- aid_len = 5;
- sectok_apdu(sc_fd, cla, 0xa4, 0x04, 0, aid_len, aid, 0, NULL, &sw);
+ /* select applet id */
+ sectok_apdu(sc_fd, cla, 0xa4, 0x04, 0, sizeof aid, aid, 0, NULL, &sw);
if (!sectok_swOK(sw)) {
error("sectok_apdu failed: %s", sectok_get_sw(sw));
sc_close();
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 8b0b4d8..0033573 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.72 2001/07/02 22:40:18 markus Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.73 2001/07/26 20:04:27 rees Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
@@ -400,7 +400,6 @@
struct stat st;
u_char *elements[NUM_RSA_KEY_ELEMENTS];
u_char key_fid[2];
- u_char atr[256];
u_char AUT0[] = {0xad, 0x9f, 0x61, 0xfe, 0xfa, 0x20, 0xce, 0x63};
int len, status = 1, i, fd = -1, ret;
int sw = 0, cla = 0x00;
@@ -425,12 +424,12 @@
COPY_RSA_KEY(dmp1, 4);
COPY_RSA_KEY(n, 5);
len = BN_num_bytes(prv->rsa->n);
- fd = sectok_open(reader, 0, NULL);
+ fd = sectok_open(reader, 0, &sw);
if (fd < 0) {
error("sectok_open failed");
goto done;
}
- ret = sectok_reset(fd, 0, atr, &sw);
+ ret = sectok_reset(fd, 0, NULL, &sw);
if (ret <= 0) {
error("sectok_reset failed");
goto done;