In real world pTemplate=NULL case is only used by PKCS#11 test suites but
no need to crash them.
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
In real world phSession=NULL case is only used by PKCS#11 test suites but
no need to crash them.
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
In real world ppFunctionList=NULL case is only used by PKCS#11 test suites but
no need to crash them.
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Depending on stack state print_generic() could cause crash or spurious garbage
in logs.
Example crash:
*** buffer overflow detected ***: pkcs11test terminated
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Some test suites are excercising pMechanism==NULL case and this causes
crash when using pkcs11-spy for logging in between.
Centralize logging for pMechanism and handle NULL case.
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
two lines that are never executed are removed for the code.
The LOG_TEST_GOTO_ERR before these lines will goto err.
On branch PIV-improved-parsing
Changes to be committed:
modified: src/libopensc/card-piv.c
Based on Fuzz testing, many of the calls to sc_asn1_find_tag were replaced
with sc_asn1_read_tag. The input is also tested that the
expected tag is the first byte. Additional tests are also add.
sc_asn1_find_tag will skip 0X00 or 0Xff if found. NIST sp800-73-x specs
do not allow these extra bytes.
On branch PIV-improved-parsing
Changes to be committed:
modified: card-piv.c
The function is intentionally broken in OpenSSL 3.0 for provided keys
and returning NULL. But it should still work for the legacy gost engine
implementation (but I do not have a good way to check).
Discussed in openssl upstream issue:
https://github.com/openssl/openssl/issues/16081
C_Initialize() must make a copy of the function pointers supplied
via pInitArgs, as the PKCS#11 specification makes no guarantee that
the pInitArgs pointer is allowed to be dereferenced after C_Initialize()
returns.
Fixes issue #2170.
Proper Ed25519/X25519 certs have pubkey algo with OID 1.3.101.112/110, according to
RFC8410. This commit add these OIDs, and also fixes pubkey parsing/creation - according
to the same RFC, it's just a bytestring, without ASN.1 wrapping.
Also, according to the same RFC, EDDSA/X25519 MUST not have params, even empty.