Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failure in decrypting invalid ciphertext should not return CKR_GENERAL_ERROR #689

Closed
hansonchar opened this issue Dec 3, 2022 · 0 comments · Fixed by #690
Closed

Failure in decrypting invalid ciphertext should not return CKR_GENERAL_ERROR #689

hansonchar opened this issue Dec 3, 2022 · 0 comments · Fixed by #690
Labels
bug Some isn't right

Comments

@hansonchar
Copy link
Contributor

According to PKCS#11 spec, a CKR_GENERAL_ERROR is returned if some unrecoverable error has occurred:

CKR_GENERAL_ERROR: Some horrible, unrecoverable error has occurred. In the worst case, it is possible that the function only partially succeeded, and that the computer and/or token is in an inconsistent state.

In general, failure in decryption is most likely due to invalid ciphertext, and if so either CKR_ENCRYPTED_DATA_INVALID or CKR_ENCRYPTED_DATA_LEN_RANGE should be returned instead of CKR_GENERAL_ERROR since such decryption failure does not lead to unrecoverable error and does not cause the token to be in an inconsistent state.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Some isn't right
Projects
None yet
Milestone
No milestone
2 participants
@jschlyter @hansonchar