Versioning on C_GetMechanismInfo RSA keysizes (#486)

* Versioning on C_GetMechanismInfo RSA keysizes

* Fix broken openssl dependency

.github/workflows/macos_build.yml

@@ -10,12 +10,12 @@ jobs:
     steps:
       # This action checks-out the repository under $GITHUB_WORKSPACE, so the workflow can access it.
       - name: checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Install prerequisites
         run: |
           set -x
-          brew install pkg-config check gengetopt help2man opensc
-          brew reinstall openssl
+          brew install check gengetopt help2man opensc zlib
+          brew reinstall openssl@3
       - name: Build and install
         run: |
           set -x

.github/workflows/macos_release.yml

@@ -60,8 +60,8 @@ jobs:
       - name: Install prerequisites
         run: |
           set -x
-          brew install pkg-config check gengetopt help2man openssl zlib
-          brew reinstall openssl
+          brew install check gengetopt help2man opensc zlib
+          brew reinstall openssl@3
 
       - name: Build MacOS binaries
         env:

ykcs11/ykcs11.c

@@ -695,13 +695,20 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetMechanismInfo)(
     goto mechinfo_out;
   }
 
-  locking.pfnUnlockMutex(global_mutex);
-
   if ((rv = get_token_mechanism_info(type, pInfo)) != CKR_OK) {
     DBG("Unable to retrieve mechanism information");
+    locking.pfnUnlockMutex(global_mutex);
     goto mechinfo_out;
   }
 
+  if(!is_version_compatible(slots[slotID].piv_state, 5, 7, 0)) {
+    if(pInfo->ulMaxKeySize == 4096) {
+      pInfo->ulMaxKeySize = 2048;
+    }
+  }
+
+  locking.pfnUnlockMutex(global_mutex);
+
   rv = CKR_OK;
 
 mechinfo_out: