[pkg-opensc-commit] [libp11] 05/33: Workaround for incorrect CKA_EC_POINT format
Eric Dorland
eric at moszumanska.debian.org
Mon Sep 19 02:11:02 UTC 2016
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository libp11.
commit 874154bc49d28c1358037f923e8d773ba0472b9d
Author: Michał Trojnara <Michal.Trojnara at stunnel.org>
Date: Wed Apr 20 23:34:09 2016 +0200
Workaround for incorrect CKA_EC_POINT format
Workaround for broken PKCS#11 modules not returning CKA_EC_POINT
in the ASN1_OCTET_STRING format. Closes #79.
---
NEWS | 3 +++
src/p11_ec.c | 9 +++++++--
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/NEWS b/NEWS
index 0a561a6..f3db415 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,9 @@
NEWS for Libp11 -- History of user visible changes
New in 0.4.1; unreleased
+* Workaround for broken PKCS#11 modules not returning CKA_EC_POINT
+ in the ASN1_OCTET_STRING format (Michał Trojnara)
+* Improved building against OpenSSL 1.1.0-dev (Michał Trojnara)
New in 0.4.0; 2016-03-28; Michał Trojnara
* Merged engine_pkcs11 (Michał Trojnara)
diff --git a/src/p11_ec.c b/src/p11_ec.c
index 6b49775..20905ca 100644
--- a/src/p11_ec.c
+++ b/src/p11_ec.c
@@ -119,15 +119,20 @@ static EC_KEY *pkcs11_get_ec(PKCS11_KEY *key)
if (!key_getattr_alloc(pubkey, CKA_EC_POINT, &point, &point_len)) {
const unsigned char *a;
ASN1_OCTET_STRING *os;
+ EC_KEY *success = NULL;
- /* PKCS#11 returns ASN1_OCTET_STRING */
+ /* PKCS#11-compliant modules should return ASN1_OCTET_STRING */
a = point;
os = d2i_ASN1_OCTET_STRING(NULL, &a, (long)point_len);
if (os) {
a = os->data;
- o2i_ECPublicKey(&ec, &a, os->length);
+ success = o2i_ECPublicKey(&ec, &a, os->length);
ASN1_STRING_free(os);
}
+ if (success == NULL) { /* Workaround for broken PKCS#11 modules */
+ a = point;
+ o2i_ECPublicKey(&ec, &a, point_len);
+ }
OPENSSL_free(point);
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git
More information about the pkg-opensc-commit
mailing list