[Bug 3561] Open SSH does not support 1-byte structure packing on non-windows systems for PKCS11
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Apr 19 12:46:29 AEST 2023
https://bugzilla.mindrot.org/show_bug.cgi?id=3561
--- Comment #4 from Damien Miller <djm at mindrot.org> ---
The spec might say use 1-byte packing, but I can't find a Unix/Linux
implementation that actually does this.
OpenSC doesn't:
https://github.com/OpenSC/libp11/blob/master/src/pkcs11.h
WolfSSL doesn't:
https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/pkcs11.h
Android doesn't:
https://android.googlesource.com/platform/hardware/ti/omap4-aah/+/master/security/tf_sdk/include/pkcs11.h
and the example header file from OASIS themselves is at best ambiguous:
http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/errata01/csprd01/include/pkcs11-v2.40/pkcs11.h
No incompatibilities in OpenSSH have been reported so far relating to
this, and you haven't described what problems you're experiencing and
what platform/OS you're using.
> Although many implementations of PKCS11 on non-windows systems also
> do this, is that really a good reason to ignore the standard?
Yes, is it actually a great reason to ignore the standard. Following it
would make us incompatible with the overwhelming majority of software
that our users expect us to interoperate with.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list