From b11dcfd14bfc49b2273798a28295dda1eea9cf5e Mon Sep 17 00:00:00 2001 From: Alessio Di Mauro Date: Mon, 9 Nov 2015 14:40:34 +0100 Subject: [PATCH] YKCS11: accept EC keys that are 1 byte shorter. --- ykcs11/objects.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/ykcs11/objects.c b/ykcs11/objects.c index b18fee4..fa3ed8c 100644 --- a/ykcs11/objects.c +++ b/ykcs11/objects.c @@ -1150,12 +1150,13 @@ CK_RV check_create_ec_key(CK_ATTRIBUTE_PTR templ, CK_ULONG n, CK_BYTE_PTR id, has_params == CK_FALSE) return CKR_TEMPLATE_INCOMPLETE; - if (*value_len != 32) + if (*value_len == 32 || *value_len == 31) { + if (ec_params_len != 10 || memcmp(ec_params, PRIME256V1, ec_params_len) != 0) + return CKR_ATTRIBUTE_VALUE_INVALID; + } + else /*if () TODO: P384*/ return CKR_ATTRIBUTE_VALUE_INVALID; - if (*value_len == 32 && (ec_params_len != 10 || memcmp(ec_params, PRIME256V1, ec_params_len)) != 0) - return CKR_TEMPLATE_INCONSISTENT; - return CKR_OK; }