On Tue, 7 Dec 2010 11:44:35 -0200 Klaus Heinrich Kiwi <[email protected]> wrote:
> On Fri, 26 Nov 2010 18:01:04 -0200 > Klaus Heinrich Kiwi <[email protected]> wrote: > > > The PKCS#11 spec explicitly forbids CKA_VALUE_LEN in AES Key > > templates for C_UnwrapKey(), but without it we can't correctly > > unwrap AES Keys (which have variable size) using unwrapping > > mechanisms that don't get the decrypted size right (such as > > X.509 RSA). > > > > Fix AES Unwrapping by creating/updating a CKA_VALUE_LEN attribute > > that is calculated from the size of the key data buffer. If it does > > not match with a "known" size, try checking for an existing > > CKA_VALUE_LEN attribute in the template. > > > > Signed-off-by: Klaus Heinrich Kiwi <[email protected]> > > --- > > usr/lib/pkcs11/common/key.c | 75 > > ++++++++++++++++++++++++------------------ > > 1 files changed, 43 insertions(+), 32 deletions(-) > > Applied to the master branch > > > I had to revert this one: commit 1e678c3d2e760677c4e063c535af40c93e7d2db1 Author: Klaus Heinrich Kiwi <[email protected]> Date: Wed Dec 8 14:02:08 2010 -0200 Revert "AES Unwrap: Fix CKA_VALUE_LEN handling" This reverts commit 8f19afe29188e27699fd273ba711239050dcd2c6, which is causing some odd memory-corruption issues, probably related to updating the CKA_VALUE_LEN attribute of the AES key template without being sure it where/if it was allocated. Will need to come back with a different strategy. Signed-off-by: Klaus Heinrich Kiwi <[email protected]> -- Klaus Heinrich Kiwi | [email protected] | http://blog.klauskiwi.com Open Source Security blog : http://www.ratliff.net/blog IBM Linux Technology Center : http://www.ibm.com/linux/ltc ------------------------------------------------------------------------------ This SF Dev2Dev email is sponsored by: WikiLeaks The End of the Free Internet http://p.sf.net/sfu/therealnews-com _______________________________________________ Opencryptoki-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech
