[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: Some late issues found in 3.1
My team lead is working on the PKCS #11 provider for openssl and found some issues in the spec.
<simo> relyea: FYI the pkcs3.1 spec mentione C_Derive in a few places, I assume it means C_DeriveKey as I see no function named just C_Derive documented in the spec
<simo> rey-crypto-b: it'd also be nice if it sat CKD_SHA1_KDF really is the X9.63 derive with sha1
<simo> I had to go to thje softoken source code to figure that out
<relyea> yes. where does it say C_Derive?
<simo> relyea: ^
<simo> relyea: in the ECDH parts
<simo> the whole section is rather poorly documented imo
<relyea> send me pointers and I'll let the editors know. We'll at least get it fixed for 3.2.
<simo> you can find "C_Derive" in 6.42.6 Deriving Additional Keys
<simo> (4 times)
<simo> relyea: while sections 6.3.17 and 6.3.18 does not seem to be sufficient to understand how to correctly use C_DeriveKey which is not even mentioned
<simo> ah they also mentione C_Derive instead of C_deriveKey in their tables
<relyea> OK, thanks!
<simo> (tables 78,79 and 80)The critical thing, I think is the use of C_Derive rather than C_DeriveKey. I think it's a non-material change, since we clearly do not have a C_Derive function. We should at least fix it in 3.2. I think we are too late for 3.1 without an errata.
These issue exist in 3.0 as well, so It doesn't look urgent.
The other stuff is more 'nice to have'.
bob
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]