[Bug 3561] New: Open SSH does not support 1-byte structure packing on non-windows systems for PKCS11

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Apr 11 01:04:15 AEST 2023


https://bugzilla.mindrot.org/show_bug.cgi?id=3561

            Bug ID: 3561
           Summary: Open SSH does not support 1-byte structure packing on
                    non-windows systems for PKCS11
           Product: Portable OpenSSH
           Version: 9.3p1
          Hardware: Other
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: Miscellaneous
          Assignee: unassigned-bugs at mindrot.org
          Reporter: doug.springer at idahoscientific.com

The PKCS11 specification is very clear on byte packing (1 byte), but
openssh does not even attempt to do so for anything besides Windows.
Instead, it relies on the compiler to set the size of CK_ULONG, CK_LONG
to unsigned long, which may be 32 or 64 depending on system and
compiler. While the PKCS11 API is painful in it's original form, it is
a very simple matter to add a definition for the appropriate packed
syntax, and define it for the compiler, or rely on a pragma.

This should at least be configurable at build time. Although many
implementations of PKCS11 on non-windows systems also do this, is that
really a good reason to ignore the standard? There really isn't a
standard at that point. This is especially troubling since the API
allows many places to fail.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list