Comments (6)
The PKCS#11 engine is produced with OpenSC's libp11 project, so they're the folks that you should turn to primarly.
However, I have looked at their code, and nothing in their code seems to imply a length limit. However, the URI is subject to URI encoding (i.e bytes can be specified with %xx
where x
are hex digits)... so, could it be that your 100 character id includes a percent sign somewhere that isn't followed by two hex digits? That would be a plausible cause for your issue.
from openssl.
Thanks for the quick reply and for taking a look! The specific id format is a totally valid guess, but this can also be reproduced with a basic id of 101x "a"s, which triggers the URI error. The same id with 100x "a"s doesn't 🤷
I've just filed the same issue in libp11 (OpenSC/libp11#531), so up to you if you want to keep this open too.
from openssl.
Closing as it is not an OpenSSL issue.
from openssl.
Closing as it is not an OpenSSL issue.
@t8m How exactly did you determine that it's not an OpenSSL issue? Is it because you read and understood the analysis written by @levitte above, or because you just assumed that if the same issue is opened in two projects then the bug must be in the other project? If there is another reason for your decision please don't hesitate to share it with us.
I'm not saying your decision is wrong; I'm just curious about how you came up with it.
from openssl.
@mtrojnar There is no such limit applied to URI length in OpenSSL so this must be a problem with the engine or the underlying PKCS11 implementation.
from openssl.
Off-topic: pkcs11-tool has limit of 100 CK_BYTE for object id => 200 characters in hexadecimal notation.
It seems to me libp11 engine uses 255 characters for object id. Dunno why fail for 100 .
from openssl.
Related Issues (20)
- Data race in tls_process_new_session_ticket? HOT 22
- A method for duplicating library context HOT 7
- SM
- How Do I Change the SM2 Key Format In Openssl3.0
- Implement `EVP_MD_FLAG_*FIPS*`
- UNCHECKED FUNCTION RESULT HOT 1
- Scrypt cannot be used with more than 16 megabytes of memory HOT 31
- PEM_write_bio_PUBKEY causes segmentation fault when EVP_PKEY has private key and no public key HOT 1
- Forward port fixups from https://github.com/openssl/openssl/pull/24630 to master branch HOT 1
- Tsan data race between sa_doall and ossl_sa_set HOT 16
- TYPE_free() does not document that TYPE_free(NULL) does nothing HOT 18
- OSSL_STORE_LOADER_free() has conflicting documentation HOT 5
- iteration 19 evokes undefined behaviour [gentoo] HOT 7
- Unable to load PKCS7 object with EC key HOT 2
- "Error finalizing cipher loop" when running openssl speed -evp -decrypt for AES-GCM HOT 8
- Issue while installing the riscv-pk -- ../pk/pk.c:188: Error: unknown CSR `senvcfg' HOT 2
- Unable to install OpenSSL on Wndows 11 HOT 4
- s_client seems not using client certificate when connecting via proxy HOT 5
- v3.3.0: CMS + EC keys + PKCS#11 does not work HOT 4
- Add support for cross compiling on Windows for Android HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openssl.