Alessandro Sorniotti
Alessandro Sorniotti
Part I: Migration and tests in lib/server/idemix work. fabric-ca's usage of the idemix package(s) is incorrect. Instead of relying on the bccsp abstraction, it makes direct use of the low-level...
This proposal recommends splitting the `github.com/hyperledger/aries-framework-go/component/kmscrypto/crypto/primitive/bbs12381g2pub' package into a separate repo. Reasons that speak in favour of this change: - ever since [ursa](https://github.com/hyperledger-archives/ursa) was moved to EOL, assets such as...
This proposal recommends changing the dependency used to handle the operations on elliptic curves needed by the BBS+ implementation. Currently, an implementation from [kilic](https://github.com/kilic/bls12-381) is directly used. We recommend switching...
The problem can be reproduced by running ``` go build -linkshared ./... ``` Output: ``` asm: fp_arithmetic_x86.s:1427: when dynamic linking, R15 is clobbered by a global variable access and is...
Use the `SerializedIdemixIdentity` proto definition from the idemix repo and not from fabric, whence idemix has been removed.
When using the websocket implementation of the comm stack, the `RemotePeerID` returned [here](platform/view/services/comm/host/host.go#L57) is the one that the server reads out from the client's `StreamInfo` message. The code doesn't seem...
The TlsCertHash [field](https://github.com/hyperledger-labs/fabric-smart-client/blob/v0.4.0/platform/view/services/server/view/protos/commands.proto#L53) is set by the client when mutual TLS is enabled. 2 issues: 1. the server doesn't seem to make use of it 2. if it did, there...
The struct defines `admins` [here](https://github.com/hyperledger-labs/fabric-smart-client/blob/main/platform/view/core/id/provider.go#L43) but the field is never used. This either means that we can remove it (and consequently change `view.IdentityProvider` ([here](https://github.com/hyperledger-labs/fabric-smart-client/blob/main/platform/view/services/server/view/ac.go#L19) and similar interfaces using that concept,...
A malicious view can override the services offered by the supplied `view.Context` (e.g. the signer service, the fabric network service..) to override their behaviour. Owing to the fact that the...
A session hijacking vulnerability affects the Hyperledger Fabric Smart Client's WebSocket communication layer. The issue arises because the server routes incoming messages to sessions based solely on a combination of...