Document Actions  

Document:
New_wording_for_ckr_buffer_too_small.docx

Draft (A preliminary unapproved sketch, outline, or version.)

Details

Submitted By Mr. Robert Relyea on 2020-04-27 11:08 pm UTC

Publication Type

None at this time.

Group / Folder

OASIS PKCS 11 TC / Working Drafts

Modified by

Not modified.

Copy

This document is not a copy.

Technical Contact

None at this time.

Download Count

294

Download Agreement

None at this time.

Description

Here's the wording which implements the semantics we talked about. On further reflection we could solve the issue in another way:

Note that even though the operation isn't closed, future calls to xxxxUpdate are undefined if the output buffer is specified.

I believe the expected implementation of the semantic was:
1) if no buffer is specified, return CKR_BUFFER_TOO_SMALL and a length big enough to handle whatever data is left.
2) if a buffer is specified, do the final decrypt and now we know the length. if the length is too small, return the full length and cache the decrypted data. On the next call we return that decrypted data.

In this mode, calling C_DecryptUpdate again, or using a different encrypted buffer in C_Decrypt would not work as expected.

Anyway I think we should discuss this on our next call.

bob