OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [pkcs11-comment] C_Decrypt / C_DecryptFinal behavior

Jason King schreef op do 13-06-2019 om 22:17 [-0700]:
Itâs not for any application Iâm writing â I have a PKCS#11 provider and have to deal with applications that are using the provider, but are perhaps doing things in a less than sane manner, but arguably compliant with the spec.

The PKCS11-base section 5.2 explains the expected behavior for output buffers:
  if pBuf == NULL, *pulBufLen is set to a value big enough to hold the output (but possible a bit larger) and CKR_OK is returned, and the operation can be retried.
  If pBuf != NULL, if *pulBufLen is too small, *pulBufLen is set to the _exact_ value required for the output and CKR_BUFFER_TOO_SMALL is returned (emphasis in the spec).

In PKCS11-base section 5.8 for C_Decrypt, it says âa call to C_Decrypt always terminates the active decryption operation _unless_ it returns CKR_BUFFER_TOO_SMALL or is a successful call (i.e. one which returns CKR_OK) to determine the length of the buffer needed to hold the plaintext' (emphasis mine).  That means in my example, C_Decrypt is supposed to return CKR_BUFFER_TOO_SMALL, and the decrypt operation is not terminated.  What does it mean if the active decryption operation is not terminated?  My understanding is that it means C_Decrypt can be called again until the operation is terminated (i.e. pData != NULL or returns an error other than CKR_BUFFER_TOO_SMALL).  Iâm not sure what else it could mean.

It also doesn't say that you need to have performed a (partial) decrypt operation, nor that you can't return CKR_BUFFER_TOO_SMALL even when after the decrypt operation it turns out that things could have fit after all.

So what you want to do is:

- If the buffer is less than the maximum expected possible size of the decrypted data: return CKR_BUFFER_TOO_SMALL immediately, don't decrypt anything.
- If the buffer is not less than that value: decrypt, store things in the buffer, return CKR_OK (unless the decrypt operation failed for other reasons, of course).

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]