*heh* ;-) This morning *I* installed Fedora 16 and tried it out with a pkcs12 file for the client identity. Same memory allocation error. Maybe libcoolkey has issues, but it's not the only problem. Looks like I'll be spending a few days getting a true blue (red?) RHEL 6.2 system so I can submit a couple of service requests. I have a critical customer who will be needing this as part of some upgrades in a few months. I think we have time to do this right/officially. On May 7, 2012, at 11:53 AM, Douglas E. Engert wrote: > On 5/7/2012 9:45 AM, Douglas E. Engert wrote: >> >> >> On 5/5/2012 12:58 PM, Henry B. Hotz wrote: >>> Thanks for the info. I may have issues to deal with afer this one. *sigh* >>> >>> Since the specific problem shows with a PKCS12 credential as well, I'm thinking I should get a real RedHat 6.2 instance to test with first. >>> > > Here is a possible patch that appears to work for 1024 bit keys at least: > > --- ./src/libckyapplet/,cky_applet.c Fri May 4 13:34:35 2012 > +++ ./src/libckyapplet/cky_applet.c Mon May 7 13:40:23 2012 > @@ -1298,7 +1298,7 @@ > if (length + dataSize > CKY_MAX_WRITE_CHUNK_SIZE) { > CKYBuffer_AppendBuffer(&tmp, data, 0, CKY_MAX_WRITE_CHUNK_SIZE-length); > } else { > - CKYBuffer_AppendBuffer(&tmp, data, 0, length+dataSize); > + CKYBuffer_AppendBuffer(&tmp, data, 0, dataSize); > } > > prsd.tag_1.tag = 0; > @@ -1331,7 +1331,7 @@ > } > > pasd.chain = 0; > - pasd.len = dataSize; > + pasd.len = dataSize + 1 + ber_len_1 + 1 + ber_len_2; > > ret = CKYApplet_HandleAPDU(conn, PIVAppletFactory_SignDecrypt, > &pasd, NULL, CKY_SIZE_UNKNOWN, _______________________________________________ Coolkey-devel mailing list Coolkey-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/coolkey-devel