Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace CKR_GENERAL_ERROR with CKR_ENCRYPTED_DATA_INVALID or CKR_ENCRYPTED_DATA_LEN_RANGE upon decryption failure #690

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
+10 −10
Open

Replace CKR_GENERAL_ERROR with CKR_ENCRYPTED_DATA_INVALID or CKR_ENCRYPTED_DATA_LEN_RANGE upon decryption failure #690

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 10 additions & 10 deletions src/lib/SoftHSM.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3296,15 +3296,15 @@ static CK_RV SymDecrypt(Session* session, CK_BYTE_PTR pEncryptedData, CK_ULONG u
if (!cipher->decryptUpdate(encryptedData,data))
{
session->resetOp();
return CKR_GENERAL_ERROR;
return CKR_ENCRYPTED_DATA_INVALID;
}

// Finalize decryption
ByteString dataFinal;
if (!cipher->decryptFinal(dataFinal))
{
session->resetOp();
return CKR_GENERAL_ERROR;
return CKR_ENCRYPTED_DATA_INVALID;
}
data += dataFinal;
if (data.size() > ulEncryptedDataLen)
Expand Down Expand Up @@ -3365,15 +3365,15 @@ static CK_RV AsymDecrypt(Session* session, CK_BYTE_PTR pEncryptedData, CK_ULONG
if (!asymCrypto->decrypt(privateKey,encryptedData,data,mechanism))
{
session->resetOp();
return CKR_GENERAL_ERROR;
return CKR_ENCRYPTED_DATA_INVALID;
}

// Check size
if (data.size() > size)
{
ERROR_MSG("The size of the decrypted data exceeds the size of the mechanism");
session->resetOp();
return CKR_GENERAL_ERROR;
return CKR_ENCRYPTED_DATA_LEN_RANGE;
}
if (data.size() != 0)
{
Expand Down Expand Up @@ -3458,22 +3458,22 @@ static CK_RV SymDecryptUpdate(Session* session, CK_BYTE_PTR pEncryptedData, CK_U
ByteString data(pEncryptedData, ulEncryptedDataLen);
ByteString decryptedData;

// Encrypt the data
// Decrypt the data
if (!cipher->decryptUpdate(data, decryptedData))
{
session->resetOp();
return CKR_GENERAL_ERROR;
return CKR_ENCRYPTED_DATA_INVALID;
}
DEBUG_MSG("ulEncryptedDataLen: %#5x output buffer size: %#5x blockSize: %#3x remainingSize: %#4x maxSize: %#5x decryptedData.size(): %#5x",
ulEncryptedDataLen, *pDataLen, blockSize, remainingSize, maxSize, decryptedData.size());

// Check output size from crypto. Unrecoverable error if to large.
// Check output size from crypto. Unrecoverable error if too large.
if (*pDataLen < decryptedData.size())
{
session->resetOp();
ERROR_MSG("DecryptUpdate returning too much data. Length of output data buffer is %i but %i bytes was returned by the decrypt.",
*pDataLen, decryptedData.size());
return CKR_GENERAL_ERROR;
return CKR_ENCRYPTED_DATA_LEN_RANGE;
}

if (decryptedData.size() > 0)
Expand Down Expand Up @@ -3557,7 +3557,7 @@ static CK_RV SymDecryptFinal(Session* session, CK_BYTE_PTR pDecryptedData, CK_UL
if (!cipher->decryptFinal(decryptedFinal))
{
session->resetOp();
return CKR_GENERAL_ERROR;
return CKR_ENCRYPTED_DATA_INVALID;
}
DEBUG_MSG("output buffer size: %#2x size: %#2x decryptedFinal.size(): %#2x",
*pulDecryptedDataLen, size, decryptedFinal.size());
Expand All @@ -3568,7 +3568,7 @@ static CK_RV SymDecryptFinal(Session* session, CK_BYTE_PTR pDecryptedData, CK_UL
session->resetOp();
ERROR_MSG("DecryptFinal returning too much data. Length of output data buffer is %i but %i bytes was returned by the encrypt.",
*pulDecryptedDataLen, decryptedFinal.size());
return CKR_GENERAL_ERROR;
return CKR_ENCRYPTED_DATA_LEN_RANGE;
}

if (decryptedFinal.size() > 0)
Expand Down