-
Type:
Improvement
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 2.0.0b1
-
Fix Version/s: 2.0.0b2
-
Component/s: PKCS#11 Interface
-
Labels:
We should support the _PAD variants of ciphers in CBC mode since that is the preferred way of using these cipher modes. This requires a change to the higher level interface C_EncryptUpdate since it now has a hard constraint on input data matching the block size of the cipher, and would require checking of block size constraints for other cipher modes (ECB and CBC without padding) down to lower layers in the code.
--------------------
Original description:
A user reported an incompatibility between SoftHSM v2 and the Sun Java PKCS #11 provider. Some investigation shows that the cause most likely is that SoftHSM always checks if input to C_EncryptUpdate matches the block size of the cipher (on line 2166 of SoftHSM.cpp).
This check is actually only required if the cipher operates in ECB mode; in all other modes, the internal cipher engine should take care of padding partially filled blocks. A fix would be to relax this constraint such that it is only applied when the cipher operates in ECB mode.
A request has been sent to the user to test this by re-running his test program with line 2166 of SoftHSM.cpp commented out.