Jason King schreef op do 13-06-2019 om 22:17 [-0700]:
Itâs not for any application Iâm writing â I have a PKCS#11 provider and have to deal with applications that are using the provider, but are perhaps doing things in a less than sane manner, but arguably
compliant with the spec.
The PKCS11-base section 5.2 explains the expected behavior for output buffers:
if pBuf == NULL, *pulBufLen is set to a value big enough to hold the output (but possible a bit larger) and CKR_OK is returned, and the operation can be retried.
If pBuf != NULL, if *pulBufLen is too small, *pulBufLen is set to the _exact_ value required for the output and CKR_BUFFER_TOO_SMALL is returned (emphasis in the spec).
In PKCS11-base section 5.8 for C_Decrypt, it says âa call to C_Decrypt always terminates the active decryption operation _unless_ it returns CKR_BUFFER_TOO_SMALL or is a successful call (i.e. one which
returns CKR_OK) to determine the length of the buffer needed to hold the plaintext' (emphasis mine). That means in my example, C_Decrypt is supposed to return CKR_BUFFER_TOO_SMALL, and the decrypt operation is not terminated. What does it mean if the active
decryption operation is not terminated? My understanding is that it means C_Decrypt can be called again until the operation is terminated (i.e. pData != NULL or returns an error other than CKR_BUFFER_TOO_SMALL). Iâm not sure what else it could mean.
It also doesn't say that you need to have performed a (partial) decrypt operation, nor that you can't return CKR_BUFFER_TOO_SMALL even when after the decrypt operation it turns out that things could have fit after all.
So what you want to do is:
- If the buffer is less than the maximum expected possible size of the decrypted data: return CKR_BUFFER_TOO_SMALL immediately, don't decrypt anything.
- If the buffer is not less than that value: decrypt, store things in the buffer, return CKR_OK (unless the decrypt operation failed for other reasons, of course).
|