Fwd: LP#929108 support reading PIN from file when using PKCS#11 devices

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon Apr 16 11:22:35 PDT 2012

On 04/16/2012 07:27 PM, Stef Walter wrote:

>> Maybe this can be mitigated by providing a sanitize_pkcs11_url()
>> function that would strip this field? Then programmers would be advised
>> to call this function for untrusted urls.
> Is the problem of PKCS#11 URIs from untrusted sources sufficiently
> understood? Until the problem and use cases are better understood, I
> would err on the side of discouraging any use of PKCS#11 URIs from
> untrusted sources.

Untrusted sources is quite difficult to define. Untrusted source
might also be the user in some application, so a sanitization might
be required for some applications.

>>> But for sanity's sake would we want to limit the size of the file that
>>> p11-kit will read in its p11_kit_pin_file_callback() handler?
>> Having a sanity check would also be good regardless of a url sanitize
>> function.
> 1MB be a good max sanity check size?

For a PIN? I'd use something like 256 bytes or so!

> Also, while we're on the topic, is the current behavior of reading the
> PIN file byte-for-byte verbatim what's generally expected?

Are there alternatives? PKCS #11 accepts a byte string anyway.


More information about the p11-glue mailing list