[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pkcs11] space padded strings
I asked Bob Relyea at RedHat privately, and he replied: ----------------- Because the data is a fixed byte array of 32 bytes. Internally NSS turns it into a null terminated string, but space padding makes the PKCS #11 string predictable (you can compare PKCS #11 strings by comparing the 32 byte values directly). If you null terminated the string, then code that does direct comparison could fail because it will pick up junk after the null. bob -----------------From my opinion, I got the same feeling that PKCS #11 will trust anything within the buffer of its size. And, the user has to trust all of them. For example, TOKEN_INFO label has size 32 bytes. Once the user obtain this label value from PKCS#11, the user has to trust all 32 bytes, and can only do very limited validation on this value.
Say, only the following can be detected: " my_name " (invalid due to a space at the front)"my_name JUNK JUNK " (it's invalid for our eyes only, but, it is valid for PKCS#11)
Best, Oscar On 06/17/14 03:11 PM, Valerie Anne Fenwick wrote:
Hi all - All of the strings in PKCS11 are currently space padded and NOT Null terminated. Does anyone recall the background as to why we did that? Do we still need to? Thanks! Valerie
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]