OpenSC opennssl.c in sc_pkcs11_verify_data assumes that it can retieve the CKA_VALUE for a public key object, and expect it to be usable as RSA. But internally sc_pkcs15_pubkey can have a "raw" or "spki" version of the public key as defined by PKCS#15. Card drivers or pkcs15-<card> routines may store either the "raw" or "spki" versions. A get attribute request for CKA_VALUE for a public key will return either the raw, spki or will derived rsa verison of the pubkey. This commit will test if the CKA_VALUE is a spki and use d2i_PUBKEY which takes a spki version and returns an EVP_KEY. If it not an spki the current method, d21_PublicKey(EVP_PKEY_RSA,...) is used which only works for RSA. The problem was found while testing pkcs11-tool -t -l where the verify tests would fail with a CKR_GENERAL_ERROR because the card driver stored the public key as a spki. On branch verify-pubkey-as-spki-2 Changes to be committed: modified: src/pkcs11/openssl.c Date: Fri Apr 07 07:50:00 2017 -0600 |
||
---|---|---|
MacOSX | ||
doc | ||
etc | ||
m4 | ||
packaging/debian.templates | ||
solaris | ||
src | ||
win32 | ||
.gitignore | ||
.travis.yml | ||
CONTRIBUTING.md | ||
COPYING | ||
ISSUE_TEMPLATE.md | ||
Makefile.am | ||
Makefile.mak | ||
NEWS | ||
README | ||
README.md | ||
appveyor.yml | ||
bootstrap | ||
bootstrap.ci | ||
configure.ac | ||
version.m4 |
README.md
OpenSC documentation
Wiki is available online
Please take a look at the documentation before trying to use OpenSC.