OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [pkcs11] fwd: CKM_PKCS5_PBKD2_PARAMS struct: password length


On 4/04/2013 8:25 AM, Burns, Robert wrote:

Exact structure from our v2.10 'virgin' pkcs11t.h file shows the error as well, along with conflicting naming using the ‘ul’ construct:

 

/* CK_PKCS5_PBKD2_PARAMS is new for v2.10.

* CK_PKCS5_PBKD2_PARAMS is a structure that provides the

* parameters to the CKM_PKCS5_PBKD2 mechanism. */

typedef struct CK_PKCS5_PBKD2_PARAMS {

...

        CK_ULONG_PTR                               ulPasswordLen;

} CK_PKCS5_PBKD2_PARAMS;

 

Does the question now become one of backwards compatibility if we have some vendors who fixed the flaw, and others who implemented it as documented and declared in the previously published headers?


We have a mix in the implementations I've seen (just took another pass through the various vendor header files):
1) corrected the clearly erroneous header file to have CK_ULONG
2) left incorrect header file as-is but implemented as thought it is a CK_ULONG instead of CK_ULONG_PTR
3) implemented with that type actually as a pointer to the value ignoring the 'ul' prefix indicator

That typographical error (that's certainly how I view it) remains in the v2.30 draft header files.

See http://www.cryptsoft.com/pkcs11doc/ as a handy reference to the PKCS#11 documents and their corresponding header files.

What this means is that we have a non-interoperable situation at the moment and that going forward someone will have to change their implementation. I suggest a straw poll on the solution as the simple path forward as I doubt a consensus will exist given that it will impact products.

Tim.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]