[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: fwd: CKM_PKCS5_PBKD2_PARAMS struct: password length
Dina seems to just be an observer right now, so I'm forwarding this message on her behalf of what seems to be a typo in the standard that has caused potential bugs in implementations. Valerie -------- Original Message -------- Subject: CKM_PKCS5_PBKD2_PARAMS struct: password length Date: Wed, 03 Apr 2013 14:26:08 -0700 From: Dina Kurktchi <dina.kurktchi@oracle.com> To: pkcs11@lists.oasis-open.org Hi all, What appears to be have been a typo in the specification resulted in at least one wrong implementation. The version of the spec I've been looking at is the Draft v2.30, dated Apr 2009, though I'm sure it's been lurking in v2.20 too. The version of the header files that I think we are using are based on v2.20 amendment 3. From our header files: #define CRYPTOKI_VERSION_MAJOR 2 #define CRYPTOKI_VERSION_MINOR 20 #define CRYPTOKI_VERSION_AMENDMENT 3 Section 6.22.3, the description of structure CK_PKCS5_PBKD2_PARAMS lists password length as: CK_ULONG_PTR ulPasswordLen; Well ... which is it? It should be either: (1) CK_ULONG ulPasswordLen; or (2) CK_ULONG_PTR pulPasswordLen; The description of each of the structure members that follows seems to indicate that (1) was meant, as it says: ulPasswordLen length in bytes of the password information Checking other *_PARAMS, like CK_PBE_PARAMS in section 6.22.2 just above for example, password length there is indeed CK_ULONG-typed, not a pointer. In today's concall, I heard "The" include files (which, and where?) list this struct member as CK_ULONG-typed. Our include files list it as CK_ULONG_PTR-typed, and that is how we implemented it. Regards, D.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]