Max PKCS#11 id URI length of 100 characters? about openssl HOT 6 CLOSED

The PKCS#11 engine is produced with OpenSC's libp11 project, so they're the folks that you should turn to primarly.

However, I have looked at their code, and nothing in their code seems to imply a length limit. However, the URI is subject to URI encoding (i.e bytes can be specified with %xx where x are hex digits)... so, could it be that your 100 character id includes a percent sign somewhere that isn't followed by two hex digits? That would be a plausible cause for your issue.

from openssl.

Thanks for the quick reply and for taking a look! The specific id format is a totally valid guess, but this can also be reproduced with a basic id of 101x "a"s, which triggers the URI error. The same id with 100x "a"s doesn't 🤷

I've just filed the same issue in libp11 (OpenSC/libp11#531), so up to you if you want to keep this open too.

from openssl.

Closing as it is not an OpenSSL issue.

from openssl.

Closing as it is not an OpenSSL issue.

@t8m How exactly did you determine that it's not an OpenSSL issue? Is it because you read and understood the analysis written by @levitte above, or because you just assumed that if the same issue is opened in two projects then the bug must be in the other project? If there is another reason for your decision please don't hesitate to share it with us.

I'm not saying your decision is wrong; I'm just curious about how you came up with it.

from openssl.

@mtrojnar There is no such limit applied to URI length in OpenSSL so this must be a problem with the engine or the underlying PKCS11 implementation.

from openssl.

Off-topic: pkcs11-tool has limit of 100 CK_BYTE for object id => 200 characters in hexadecimal notation.

It seems to me libp11 engine uses 255 characters for object id. Dunno why fail for 100 .

from openssl.