[pkg-opensc-commit] [libp11] 05/33: Workaround for incorrect CKA_EC_POINT format

[Eric Dorland]

This is an automated email from the git hooks/post-receive script.

eric pushed a commit to branch master
in repository libp11.

commit 874154bc49d28c1358037f923e8d773ba0472b9d
Author: Michał Trojnara <Michal.Trojnara at stunnel.org>
Date:   Wed Apr 20 23:34:09 2016 +0200

    Workaround for incorrect CKA_EC_POINT format
    
    Workaround for broken PKCS#11 modules not returning CKA_EC_POINT
    in the ASN1_OCTET_STRING format.  Closes #79.
---
 NEWS         | 3 +++
 src/p11_ec.c | 9 +++++++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index 0a561a6..f3db415 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,9 @@
 NEWS for Libp11 -- History of user visible changes
 
 New in 0.4.1; unreleased
+* Workaround for broken PKCS#11 modules not returning CKA_EC_POINT
+  in the ASN1_OCTET_STRING format (Michał Trojnara)
+* Improved building against OpenSSL 1.1.0-dev (Michał Trojnara)
 
 New in 0.4.0; 2016-03-28; Michał Trojnara
 * Merged engine_pkcs11 (Michał Trojnara)
diff --git a/src/p11_ec.c b/src/p11_ec.c
index 6b49775..20905ca 100644
--- a/src/p11_ec.c
+++ b/src/p11_ec.c
@@ -119,15 +119,20 @@ static EC_KEY *pkcs11_get_ec(PKCS11_KEY *key)
 	if (!key_getattr_alloc(pubkey, CKA_EC_POINT, &point, &point_len)) {
 		const unsigned char *a;
 		ASN1_OCTET_STRING *os;
+		EC_KEY *success = NULL;
 
-		/* PKCS#11 returns ASN1_OCTET_STRING */
+		/* PKCS#11-compliant modules should return ASN1_OCTET_STRING */
 		a = point;
 		os = d2i_ASN1_OCTET_STRING(NULL, &a, (long)point_len);
 		if (os) {
 			a = os->data;
-			o2i_ECPublicKey(&ec, &a, os->length);
+			success = o2i_ECPublicKey(&ec, &a, os->length);
 			ASN1_STRING_free(os);
 		}
+		if (success == NULL) { /* Workaround for broken PKCS#11 modules */
+			a = point;
+			o2i_ECPublicKey(&ec, &a, point_len);
+		}
 		OPENSSL_free(point);
 	}
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git