Skip to content

Commit ab533d0

Browse files
JakujeJakuje
committed
epass: Do not report raw ECDSA mechanism, when only SHA1 and SHA2 are suppported
The "raw" ECDSA mechanism in ePass works only with the data of 32B length, which probably assumes its digest and which does not meet the PKCS#11 specification which allows signature of any data length with internal truncation.
1 parent c33bcb1 commit ab533d0

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

src/libopensc/card-epass2003.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1769,7 +1769,7 @@ epass2003_init(struct sc_card *card)
17691769
_sc_card_add_rsa_alg(card, 2048, flags, 0);
17701770

17711771
//set EC Alg Flags
1772-
flags = SC_ALGORITHM_ONBOARD_KEY_GEN|SC_ALGORITHM_ECDSA_HASH_SHA1|SC_ALGORITHM_ECDSA_HASH_SHA256|SC_ALGORITHM_ECDSA_HASH_NONE|SC_ALGORITHM_ECDSA_RAW;
1772+
flags = SC_ALGORITHM_ONBOARD_KEY_GEN | SC_ALGORITHM_ECDSA_HASH_SHA1 | SC_ALGORITHM_ECDSA_HASH_SHA256;
17731773
ext_flags = 0;
17741774
_sc_card_add_ec_alg(card, 256, flags, ext_flags, NULL);
17751775

0 commit comments

Comments
 (0)