Re: [pkcs11]: CKM_PKCS5_PBKD2_PARAMS struct: password length

[Tim Hudson <tjh@cryptsoft.com>]

On 18/04/2013 7:40 AM, Andrey Jivsov wrote:
> On all operating systems the first page of the process's address space
is protected,
> so that the addresses in the range of 0 - 512 are always illegal and
cannot be valid pointers.

That is an incorrect assumption. On most operating systems that is true
- but it is not true on all. It may be true for a sufficiently wide
range for it to be a reasonable strategy for implementations (producers)
that wish to implement that approach but a consumer of PKCS11 has no
idea as to whether or not this behaviour is supported. All three
behaviours are in implementations which are deployed.

It needs to be fixed as there is no reasonable work around.

> Thus, I believe that it's technically possible to write a PKCS#11
library that will inter-operate with a client, whether it's doing (1) or
(2).

On many operating systems an implementation can work around the issue
and support clients doing (1) or (2) but not on all.

Tim.