[Bug 3561] New: Open SSH does not support 1-byte structure packing on non-windows systems for PKCS11
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Apr 11 01:04:15 AEST 2023
https://bugzilla.mindrot.org/show_bug.cgi?id=3561
Bug ID: 3561
Summary: Open SSH does not support 1-byte structure packing on
non-windows systems for PKCS11
Product: Portable OpenSSH
Version: 9.3p1
Hardware: Other
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: Miscellaneous
Assignee: unassigned-bugs at mindrot.org
Reporter: doug.springer at idahoscientific.com
The PKCS11 specification is very clear on byte packing (1 byte), but
openssh does not even attempt to do so for anything besides Windows.
Instead, it relies on the compiler to set the size of CK_ULONG, CK_LONG
to unsigned long, which may be 32 or 64 depending on system and
compiler. While the PKCS11 API is painful in it's original form, it is
a very simple matter to add a definition for the appropriate packed
syntax, and define it for the compiler, or rely on a pragma.
This should at least be configurable at build time. Although many
implementations of PKCS11 on non-windows systems also do this, is that
really a good reason to ignore the standard? There really isn't a
standard at that point. This is especially troubling since the API
allows many places to fail.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list