This made most of the applications crashing in Fedora 34 when
smart card was plugged in.
The suggested patch makes the code path more obvious for gcc to
handle.
https://bugzilla.redhat.com/show_bug.cgi?id=1930652
card-opennpgp.c and pkcs15-openpgp.c have a strang way of
using sc_object_id_t to store what they call a binary_oid
or oid_binary. It is used to convert the EC curve asn1
returned in the cxdata.
This code uses asn1_decode_object_id to use sc_object_id_t
as used in the rest of the code.
The code and ec_curve tabes in card-openpgp.c where not changed.
pkcs15-openpgp.c was channge si to can use:
algorithm_info = sc_card_find_ec_alg(card, 0, &oid);
to retried the key_length to add to the pubkey and prkey entries.
The EC and EDDSA needs (i.e. field_length) to run.
On branch eddsa
Your branch is up to date with 'Jakuje/eddsa'.
Changes to be committed:
modified: card.c
modified: pkcs15-openpgp.c
The Ed25519 implementation in SoftHSM is now broken /non-interoperable. After fixing that,
the interoperability tests should work with this script:
* SoftHSMv2#528: Avoid creating duplicate mechanisms
* SoftHSMv2#522: Fix advertised min and max mechanism sizes according to final PKCS#11 3.0 specification
* SoftHSMv2#526: Adjust EDDSA code to return valid EC_PARAMS according to the final PKCS #11 3.0 specification
Since 09a594d bringing ECC support to openPGP card, it did not count
with GNUK. This adds exception for GNUK to unbreak ECC signatures
as GNUK presents BCD version < 3.
... as reported by coverity scan.
p11cards are freed by emptying the virtual slots. virtual slots are
creatd with the framework's create_tokens. Hence, we need to free
p11card if no tokens were created.
I am using a somewhat modified version of IsoApplet. Up till now it worked fine. However recently I stumbled upon a web site that
forces a client cert auth with RSA-PSS. And (at least on windows, using minidriver) it didn't work. It looks to me, that it's a bug
in the PSS support code in minidriver, as I cannot find any place where a MGF1 padding scheme is specified. And since none is specified
signing fails. This patch fixes this. It assumes, that the same hash is used for hashing and padding.
Jakub Jelen
Doug Engert
Frank Morgner
Peter Popovec
Luka Logar