Skip to content

Commit

Permalink
ta: pkcs11: Correct return value for encryption with invalid input
Browse files Browse the repository at this point in the history
When invalid input data is provided for TEE_AsymmetricEncrypt() it will
fail with TEE_ERROR_BAD_PARAMETERS.

PCSK#11 operation for C_Encrypt()/C_EncryptFinal() should return in this
case CKR_DATA_LEN_RANGE.

Specified in:
PKCS #11 Cryptographic Token Interface Base Specification
Version 2.40 Plus Errata 01
5.8 Encryption functions
C_Encrypt/C_EncryptFinal

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
  • Loading branch information
vesajaaskelainen authored and jforissier committed Aug 9, 2021
1 parent dc8c77f commit 6a6299f
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions ta/pkcs11/src/processing_asymm.c
Original file line number Diff line number Diff line change
Expand Up @@ -668,6 +668,8 @@ enum pkcs11_rc step_asymm_operation(struct pkcs11_session *session,
out_buf, &out_size);
output_data = true;
rc = tee2pkcs_error(res);
if (rc == PKCS11_CKR_ARGUMENTS_BAD)
rc = PKCS11_CKR_DATA_LEN_RANGE;
break;

case PKCS11_FUNCTION_DECRYPT:
Expand Down

0 comments on commit 6a6299f

Please sign in to comment.