Define constants for (CK_ULONG)-1

[Stef Walter <stefw@redhat.com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

As discussed earlier on the mailing list, following are the
modifications to the specification to be made in order to define
constants for (CK_ULONG)-1.

In line with Peter's suggestion, three new constants are defined:

 CKA_INVALID
 CKM_INVALID
 CK_INVALID_LENGTH

Since providing a clear diff of a docx file is challenging, I hope
that the following format indicating which paragraphs should be
added/replaced in which sections is sufficiently clear.

Cheers,

Stef




6.4 Object Types

   ...

   o CK_ATTRIBUTE_TYPE

   ...

*** paragraph to be added
|  The constant CKA_INVALID is defined as an invalid attribute type. It
|   is equal to -1 (when cast to a CK_ULONG). Use of attribute with an
|  invalid type with any PKCS#11 function will result in a failure.


   o CK_ATTRIBUTE; CK_ATTRIBUTE_PTR

   ...

*** paragraph to be added
|  The constant CK_INVALID_LENGTH is used to denote an invalid or
|  unavailable value in a CK_ATTRIBUTE. It is equal to -1 (when cast
|  to a CK_ULONG). See C_GetAttributeValue for further details.


6.5 Data types for mechanisms

   ...

   o CK_MECHANISM_TYPE; CK_MECHANISM_TYPE_PTR

   ...

*** paragraph to be added
|  The constant CKM_INVALID is defined as an invalid or unknown
|  mechanism type. It is equal to -1 (when cast to a CK_ULONG).


7.7.2 Overview

   ...

*** table row to be modified
   CKA_KEY_GEN_MECHANISM  CK_MECHANISM_TYPE  Identifier of the mechanism
                                             used to generate the key
                                             material.
|                                             (default CKM_INVALID)


8.7 Object management functions

   o C_GetAttributeValue

   ...

*** paragraph to be modified
   1. If the specified attribute (i.e., the attribute specified by the
      type field for the object cannot be revealed because the object
      is sensitive or unextractable, then the ulValueLen field in that
|     triple is modified to hold the value CK_INVALID_LENGTH.

*** paragraph to be modified
   2. Otherwise, if the specified value for the object is invalid (the
      object does not possess such an attribute), then the ulValueLen
      field in that triple is modified to hold the value
|     CK_INVALID_LENGTH.

*** paragraph to be modified
   5. Otherwise, the ulValueLen field is modified to hold the value
|     CK_INVALID_LENGTH.

*** paragraph to be modified
   In the special case of an attribute whose value is an array of
   attributes, for example CKA_WRAP_TEMPLATE, where it is passed in
   with pValue not NULL, then if the pValue of elements within the
   array is NULL_PTR then the ulValueLen of elements within the array
   will be set to the required length. If the pValue of elements within
   the array is not NULL_PTR, then the ulValueLen element of attributes
   within the array must reflect the space that the corresponding
   pValue points to, and pValue is filled in if there is sufficient
   room. Therefore it is important to initialize the contents of a
   buffer before calling C_GetAttributeValue to get such an array
   value. If any ulValueLen within the array isn't large enough, it
|  will be set to CK_INVALID_LENGTH and the function will return
   CKR_BUFFER_TOO_SMALL, as it does if an attribute in the pTemplate
   argument has ulValueLen too small. Note that any attribute whose
   value is an array of attributes is identifiable by virtue of the
   attribute type having the CKF_ARRAY_ATTRIBUTE bit set.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlGM6KMACgkQe/sRCNknZa9AugCcDc9pU6qNTb62mDchXkPn1j2u
az8AoN2lmSwLM9rVYTmmoklYaMFmTrEo
=/G38
-----END PGP SIGNATURE-----