RSA: Accept empty OAEP parameter label

latchset / kryoptic

a pkcs#11 software token written in Rust

GNU General Public License v3.0

10 stars 4 forks source link

RSA: Accept empty OAEP parameter label #59

Closed Jakuje closed 4 months ago

Jakuje commented 4 months ago

My reading of the PKCS#11 specs is that the RSA-OAEP parameters source needs to be CKZ_DATA_SPECIFIED regardless if the lablel is specified or not. Currently, the combination of source=CKZ_DATA_SPECIFIED and NULL source data and ulSourceDataLen=0 is crashing now.

simo5 commented 4 months ago

Uhm the spec only sasy this:

Array of CK_BYTE containing the value of the encoding parameter. If the parameter is empty, pSourceData must be NULL and ulSourceDataLen must be zero.

Which is awfully underspecified, but clearly we should never crash.