OpenSC wrote:
#129: trunk breaks openssh support
---------------------+------------------------------------------------------
Reporter: aj | Owner: [email protected]
Type: defect | Status: new
Priority: highest | Milestone: 0.11.2
Component: opensc | Version: trunk
Severity: blocker | Resolution:
Keywords: |
---------------------+------------------------------------------------------
Comment (by aj):
looking at openssh code:
ssh_rsa_sign prints
debug("slen %u > len %u", slen, len);
also this code is found
slen = RSA_size(key->rsa);
and
ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa);
which most likely ends in
sc_sign(int type, u_char *m, unsigned int m_len,
unsigned char *sigret, unsigned int *siglen, RSA *rsa)
which calls
/* FIXME: length of sigret correct? */
/* FIXME: check 'type' and modify flags accordingly */
flags = SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_HASH_SHA1;
r = sc_pkcs15_compute_signature(p15card, key_obj, flags,
m, m_len, sigret, RSA_size(rsa));
any idea what we changed in our signing code? maybe those "FIXME" need to
be fixed?
wasn't this code simply copied from the old ssh code (as far as I
remember is this FIXME pretty old ... of course a FIXME nonetheless
is a strong indication that something needs to be changed ;-) .
Before I try it myself, something I will certainly do soon:
Which card did you use ?
Does the opensc-debug contain some hint that something went wrong ?
Cheers,
Nils
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
