[gnutls-devel] GnuTLS | Regression in certtool handling Ed25519 keys from PKCS#11 in 3.8.2 (#1515)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Wed Nov 29 11:40:24 CET 2023

Jakub Jelen commented: https://gitlab.com/gnutls/gnutls/-/issues/1515#note_1671339452

@dueno pointed out this will likely be a regression from !1779.

I see that the asn1 parsing in `_gnutls_x509_read_ecc_params` expects the EC_PARAMS to be a `namedCurve` (OID), which is not the case for the Ed25519 keys, which present `curveName` as a `printableString`, so I think we need to use different ASN1 structure to parse PKCS#11 parameters for EdDSA. There is already `pkcs-11-ec-Parameters` (used in other places where eddsa parameters are parsed), which should do, but I am not completely sure what all side effects will come out of this if we will change this in this particular place.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1515#note_1671339452
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20231129/3762c4da/attachment.html>

More information about the Gnutls-devel mailing list