[gnutls-devel] GnuTLS | Regression in certtool handling Ed25519 keys from PKCS#11 in 3.8.2 (#1515)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Wed Nov 29 11:40:24 CET 2023




Jakub Jelen commented: https://gitlab.com/gnutls/gnutls/-/issues/1515#note_1671339452

@dueno pointed out this will likely be a regression from !1779.

I see that the asn1 parsing in `_gnutls_x509_read_ecc_params` expects the EC_PARAMS to be a `namedCurve` (OID), which is not the case for the Ed25519 keys, which present `curveName` as a `printableString`, so I think we need to use different ASN1 structure to parse PKCS#11 parameters for EdDSA. There is already `pkcs-11-ec-Parameters` (used in other places where eddsa parameters are parsed), which should do, but I am not completely sure what all side effects will come out of this if we will change this in this particular place.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1515#note_1671339452
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20231129/3762c4da/attachment.html>


More information about the Gnutls-devel mailing list