Re: PKCS#11 bugs

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PKCS#11 bugs

From:	Nikos Mavrogiannopoulos
Subject:	Re: PKCS#11 bugs
Date:	Fri, 17 Jun 2011 20:41:31 +0200
User-agent:	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110424 Thunderbird/3.1.10

On 06/17/2011 09:13 AM, Rickard Bellgrim wrote:

> Great, now it logs in as SO. Just one more thing. Also set the 
> CKA_PRIVATE to false. As I noted above, the default value is 
> "token-specific". Otherwise the SO cannot create the object. If this 
> is fixed then it works. See table 6 (access rules) in the PKCS#11
> API, page 22.

I've set it to false when the CKA_TRUSTED is set as well.

> I also noted that the library enters an eternal loop when wrong PIN 
> has been entered. This was because I do not set PIN_COUNT_LOW or
> PIN_FINAL_TRY in SoftHSM. GnuTLS will thus keep using the cached PIN.
> I will see what I can do about that.

I've also limited the number of attempts a PIN is used with p11tool.
This would prevent such an infinite loop.

regards,
Nikos

[Prev in Thread]

Current Thread

[Next in Thread]

PKCS#11 bugs, Rickard Bellgrim, 2011/06/14
- Re: PKCS#11 bugs, Rickard Bellgrim, 2011/06/14
- Re: PKCS#11 bugs, Nikos Mavrogiannopoulos, 2011/06/15
  - Re: PKCS#11 bugs, Rickard Bellgrim, 2011/06/16
    - Re: PKCS#11 bugs, Nikos Mavrogiannopoulos, 2011/06/16
  - Re: PKCS#11 bugs, Rickard Bellgrim, 2011/06/16
    - Re: PKCS#11 bugs, Nikos Mavrogiannopoulos, 2011/06/16
    - Re: PKCS#11 bugs, Rickard Bellgrim, 2011/06/17
    - Re: PKCS#11 bugs, Rickard Bellgrim, 2011/06/17
    - Re: PKCS#11 bugs, Rickard Bellgrim, 2011/06/17
    - Re: PKCS#11 bugs, Nikos Mavrogiannopoulos <=

Prev by Date: Re: PKCS#11 bugs
Next by Date: Re: asn1_der_decoding API misuse
Previous by thread: Re: PKCS#11 bugs
Next by thread: asn1_der_decoding API misuse
Index(es):
- Date
- Thread