Fix OAEP source param #440

space88man · 2022-03-11T15:44:16Z

The only supported value for the source field of OAEP params is 1UL or CKZ_DATA_SPECIFIED.

Some HSMs(Thales Luna) are strict about enforcing this and reject 0UL as an invalid mechanism.

It could be that softhsm2 is more lenient about parsing this parameter.

Addresses #439

Update: indeed softhsm2 does not check this parameter for CKZ_DATA_SPECIFIED during decryption

src/p11_pkey.c

Jakuje · 2022-03-14T09:31:31Z

I am wondering why this is not caught by the tests that try the OAEP encryption. The softhsm should be checking for this since 2014.

Jakuje · 2022-03-14T09:42:29Z

I am wondering why this is not caught by the tests that try the OAEP encryption. The softhsm should be checking for this since 2014.

Sigh ... the check is there for encryption, wrapping, unwrapping, but not for decryption ... filled softhsm/SoftHSMv2#671

The only supported value is 1UL CKZ_DATA_SPECIFIED

space88man force-pushed the fix-oaep branch 2 times, most recently from f4c96fd to f0195de Compare March 11, 2022 16:13

Jakuje reviewed Mar 14, 2022

View reviewed changes

src/p11_pkey.c Outdated Show resolved Hide resolved

Jakuje mentioned this pull request Mar 14, 2022

Check RSA-OAEP mechanims when decrypting softhsm/SoftHSMv2#671

Open

space88man force-pushed the fix-oaep branch from f0195de to def6fcc Compare March 14, 2022 12:19

Fix OAEP source param

668b2bd

The only supported value is 1UL CKZ_DATA_SPECIFIED

space88man force-pushed the fix-oaep branch from def6fcc to 668b2bd Compare March 14, 2022 12:42

mtrojnar merged commit 6ae925d into OpenSC:master Mar 17, 2022

space88man deleted the fix-oaep branch March 18, 2022 00:47

cr-tk mentioned this pull request Nov 22, 2022

Software mock for yubikey / pkcs11 tkhq/qos#162

Open

Provide feedback