[Bug 3561] Open SSH does not support 1-byte structure packing on non-windows systems for PKCS11

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Apr 25 08:18:24 AEST 2023


https://bugzilla.mindrot.org/show_bug.cgi?id=3561

--- Comment #5 from RickyDoug <doug.springer at idahoscientific.com> ---
I totally agree with you that there are few, if any that even
build-time support it and none that release binaries packed, at least
that I have found. 

The real issue is someone copied a header file without packing that has
now made it 'standard' in the Linux realm. Unfortunately every project
copied the same file or something very similar, and now we have
non-compliant implementations all over the place. The PKCS11 standard
is very clear that packing is required. An example header does not
constitute a standard. Just because whoever wrote the API didn't know
anything about Unix and basically said so in the header does not make
the requirement ambiguous.

BTW, the packing control wouldn't be in the pkcs11.h file, it's usually
in the header that includes it. The google test suite is the only
project that thought about this and provided a way.

Here's a simple, two line solution:
https://github.com/google/pkcs11test/blob/dev/pkcs11-env.h

And really that is all this bug report is about... the *ability* to
build packed structures so the *possibility* exits somewhere in the
future for the project to be compliant. For other users using source
code, the project can be compliant now.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list