Public bug reported:
After the 0.20.0-3ubuntu0.1~esm2 update of opensc, the package breaks
smartcard based authentication with an `EVP_VerifyFinal failed` error.
This can be reproduced by inserting any smartcard based authentication
device, and after configuring opensc running the `pkcs11-tool -l -t`
command, inputting the PIN, and observing the results.
With the regression, the command will fail while verifying the
signatures, with the following example output:
```
Signatures (currently only for RSA)
testing key 0 (PIV AUTH key)
all 4 signature functions seem to work
testing signature mechanisms:
RSA-X-509: ERR: verification failed
RSA-PKCS: ERR: verification failed
SHA1-RSA-PKCS: ERR: verification failed
MD5-RSA-PKCS: ERR: verification failed
RIPEMD160-RSA-PKCS: ERR: verification failed
SHA256-RSA-PKCS: ERR: verification failed
Verify (currently only for RSA)
testing key 0 (PIV AUTH key)
RSA-X-509: ERR: verification failed ERR: C_Verify() returned
CKR_SIGNATURE_INVALID (0xc0)
Decryption (currently only for RSA)
```
** Affects: opensc (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2104948
Title:
Security regression on focal for opensc
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/2104948/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
