Martin Paljak wrote: > FYI, OpenSC project [1] has a "fork" of the PKCS#11 headers [2].
Yes, I read the discussion about that and it also seems iffy. If Mozilla already has explicit permission to distribute them under the LGPL/GPL/MPL then that works much better. > At the same time, isn't GCM only present in the latest 2.30 draft? Yes. And, actually, I think I found a problem with the GCM interface that seems to make it impossible to use the PKCS#11 interface in a FIPS-140-compliant manner. In particular, NIST SP800-38D requires that the IV for the GCM mode be generated and maintained within the cryptographic boundary, and I think this require conflicts with the draft PKCS#11 interface. I hope to write about it next week. Regards, Brian
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto