Ok, I was at least part wrong :-)
PKCS11_sign makes the very reasonable choice of CKM_RSA_PKCS. With this mechanism, the assumption that key size == signature size is entirely reasonable. Its not clear to me if the caller would always be in a position to mirror this assumption. Should they be ? If not then I think we need the patch applied. In the case of openssl ssl/s3_srvr.c:ssl3_send_server_key_exchange uses EVP_PKEY_size to obtain the key size and pre allocate the buffer for the signature. Unfortunately it *fails* to pass this information on to RSA_sign, and instead passes the address of the un-initialized stack variable "u". (openssl 0.9.8b). I suspect this un-initialized variable issue is what led to the present PKCS11_sign (which gets hooked into RSA_sign) implementation which ignores the caller signature buffer length. So my question is, in light of the openssl issue, should PKCS11_sign stay as it is or be "fixed" ? I tried to log in to the libp11 tracker to create a ticket for all of this but got this response: AttributeError: Cannot find an implementation of the "IPasswordStore" interface named "HtPasswdStore". Please update the option account-manager.password_store in trac.ini. Cheers, Robin On 29/05/07, Robin Bryce <[EMAIL PROTECTED]> wrote: > On 26/05/07, Nils Larsch <[EMAIL PROTECTED]> wrote: > > Andreas Jellinghaus wrote: > > > On Thursday 24 May 2007 15:12:34 Robin Bryce wrote: > > >> supposed to obtain the required size from the implementation. Current > > >> code forces it to the result of PKCS11_get_key_size. I don't > > >> understand how this could ever be the "right thing" to do - what am I > > >> missing ? > > > > > > not sure either. if you want I can apply your patch so we can try to find > > > out. > > > > I think the patch is correct > > Thanks for taking the time to look at it. > > I've been down with flu for past few days. After posting the patch I > think I discovered the reason. openssl s_server does not appear to use > the "size discovery" idiom I mentioned in the OP. From memory, > RSA_size/ RSA_sign don't do the right thing with the ENGINE api. > > I was looking at this from the perspective of producing a patch for > apache2.2/mod_ssl that enabled openssl/engine support for a particular > piece of hardware rather than openssl's apps suite. So I missed the > significance of the comments in the original source. > > I'll open a ticket in libp11 for it when this flu lifts. > > Cheers, > Robin > > On 26/05/07, Nils Larsch <[EMAIL PROTECTED]> wrote: > > Andreas Jellinghaus wrote: > > > On Thursday 24 May 2007 15:12:34 Robin Bryce wrote: > > >> Was not sure whether this should be a ticket on the opensc trac or the > > >> libp11 trac. > > > > > > this is libp11 code, so the libp11 trac is prefered. > > > > > >> Thought I'd raise it here instead. I believe the current > > >> implementation of PKCS11_sign is broken. It should propogate the > > >> callers "guess" of signature size to the underlying p11 > > >> implementation. AIUI: Setting sigsize==0 is *how* applications are > > >> supposed to obtain the required size from the implementation. Current > > >> code forces it to the result of PKCS11_get_key_size. I don't > > >> understand how this could ever be the "right thing" to do - what am I > > >> missing ? > > > > > > not sure either. if you want I can apply your patch so we can try to find > > > out. > > > > I think the patch is correct > > > > Cheers, > > Nils > > _______________________________________________ > > opensc-devel mailing list > > opensc-devel@lists.opensc-project.org > > http://www.opensc-project.org/mailman/listinfo/opensc-devel > > > _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
