[Bug 3561] Open SSH does not support 1-byte structure packing on non-windows systems for PKCS11

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Apr 19 12:46:29 AEST 2023


https://bugzilla.mindrot.org/show_bug.cgi?id=3561

--- Comment #4 from Damien Miller <djm at mindrot.org> ---
The spec might say use 1-byte packing, but I can't find a Unix/Linux
implementation that actually does this. 

OpenSC doesn't:
https://github.com/OpenSC/libp11/blob/master/src/pkcs11.h
WolfSSL doesn't:
https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/pkcs11.h
Android doesn't:
https://android.googlesource.com/platform/hardware/ti/omap4-aah/+/master/security/tf_sdk/include/pkcs11.h

and the example header file from OASIS themselves is at best ambiguous:

http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/errata01/csprd01/include/pkcs11-v2.40/pkcs11.h

No incompatibilities in OpenSSH have been reported so far relating to
this, and you haven't described what problems you're experiencing and
what platform/OS you're using.

> Although many implementations of PKCS11 on non-windows systems also
> do this, is that really a good reason to ignore the standard?

Yes, is it actually a great reason to ignore the standard. Following it
would make us incompatible with the overwhelming majority of software
that our users expect us to interoperate with.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list