On Fri, 26 Nov 2010 18:01:04 -0200 Klaus Heinrich Kiwi <[email protected]> wrote:
> The PKCS#11 spec explicitly forbids CKA_VALUE_LEN in AES Key > templates for C_UnwrapKey(), but without it we can't correctly > unwrap AES Keys (which have variable size) using unwrapping > mechanisms that don't get the decrypted size right (such as > X.509 RSA). > > Fix AES Unwrapping by creating/updating a CKA_VALUE_LEN attribute > that is calculated from the size of the key data buffer. If it does > not match with a "known" size, try checking for an existing > CKA_VALUE_LEN attribute in the template. > > Signed-off-by: Klaus Heinrich Kiwi <[email protected]> > --- > usr/lib/pkcs11/common/key.c | 75 ++++++++++++++++++++++++------------------ > 1 files changed, 43 insertions(+), 32 deletions(-) Applied to the master branch -- Klaus Heinrich Kiwi | [email protected] | http://blog.klauskiwi.com Open Source Security blog : http://www.ratliff.net/blog IBM Linux Technology Center : http://www.ibm.com/linux/ltc ------------------------------------------------------------------------------ What happens now with your Lotus Notes apps - do you make another costly upgrade, or settle for being marooned without product support? Time to move off Lotus Notes and onto the cloud with Force.com, apps are easier to build, use, and manage than apps on traditional platforms. Sign up for the Lotus Notes Migration Kit to learn more. http://p.sf.net/sfu/salesforce-d2d _______________________________________________ Opencryptoki-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech
