search

OP-TEE / optee_docs

This git contains the official documentation for the OP-TEE project
BSD 2-Clause "Simplified" License
58 stars 96 forks source link

key label doesn't work with pkcs11 #245

Closed citypw closed 2 weeks ago

citypw commented 3 weeks ago

Reproducible: Initialization of OpenSC/HSM and key generation:

```
$alias p11="pkcs11-tool --module /vault1317/libckteec.so"

$p11 --init-token --label mytoken --so-pin 1234567890

$p11 --label mytoken --login --so-pin 1234567890 --init-pin --pin 12345

$p11 -l --pin 12345 --keypairgen --key-type EC:secp521r1 --label mykey

$openssl pkey -engine pkcs11 -inform engine -in "pkcs11:token=mytoken;pin-value=12345;object=mykey" -pubout -text
Engine "pkcs11" set.
Segmentation fault (core dumped)

```

OpenSSL engine would only accept key id as a param instead of key label. So the document need to update. In the other hand, OpenSSL lack of EC_point * check for NULL ptr led to the segmentation fault after dereference. Filed a bug report and workaround patch for OpenSSL as well. I'll send a fix via PR soon.