Merge pull request #690 from hansonchar/develop

jschlyter · web-flow · commit 557b2fd49c64 · 2025-01-29T06:27:14.000+01:00
Replace CKR_GENERAL_ERROR with CKR_ENCRYPTED_DATA_INVALID or CKR_ENCRYPTED_DATA_LEN_RANGE upon decryption failure
diff --git a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp
@@ -3309,15 +3309,15 @@ static CK_RV SymDecrypt(Session* session, CK_BYTE_PTR pEncryptedData, CK_ULONG u
 	if (!cipher->decryptUpdate(encryptedData,data))
 	{
 		session->resetOp();
-		return CKR_GENERAL_ERROR;
+		return CKR_ENCRYPTED_DATA_INVALID;
 	}
 
 	// Finalize decryption
 	ByteString dataFinal;
 	if (!cipher->decryptFinal(dataFinal))
 	{
 		session->resetOp();
-		return CKR_GENERAL_ERROR;
+		return CKR_ENCRYPTED_DATA_INVALID;
 	}
 	data += dataFinal;
 	if (data.size() > ulEncryptedDataLen)
@@ -3378,15 +3378,15 @@ static CK_RV AsymDecrypt(Session* session, CK_BYTE_PTR pEncryptedData, CK_ULONG
 	if (!asymCrypto->decrypt(privateKey,encryptedData,data,mechanism))
 	{
 		session->resetOp();
-		return CKR_GENERAL_ERROR;
+		return CKR_ENCRYPTED_DATA_INVALID;
 	}
 
 	// Check size
 	if (data.size() > size)
 	{
 		ERROR_MSG("The size of the decrypted data exceeds the size of the mechanism");
 		session->resetOp();
-		return CKR_GENERAL_ERROR;
+		return CKR_ENCRYPTED_DATA_LEN_RANGE;
 	}
 	if (data.size() != 0)
 	{
@@ -3475,22 +3475,22 @@ static CK_RV SymDecryptUpdate(Session* session, CK_BYTE_PTR pEncryptedData, CK_U
 	ByteString data(pEncryptedData, ulEncryptedDataLen);
 	ByteString decryptedData;
 
-	// Encrypt the data
+	// Decrypt the data
 	if (!cipher->decryptUpdate(data, decryptedData))
 	{
 		session->resetOp();
-		return CKR_GENERAL_ERROR;
+		return CKR_ENCRYPTED_DATA_INVALID;
 	}
 	DEBUG_MSG("ulEncryptedDataLen: %#5x  output buffer size: %#5x  blockSize: %#3x  remainingSize: %#4x  maxSize: %#5x  decryptedData.size(): %#5x",
 		  ulEncryptedDataLen, *pDataLen, blockSize, remainingSize, maxSize, decryptedData.size());
 
-	// Check output size from crypto. Unrecoverable error if to large.
+	// Check output size from crypto. Unrecoverable error if too large.
 	if (*pDataLen < decryptedData.size())
 	{
 		session->resetOp();
 		ERROR_MSG("DecryptUpdate returning too much data. Length of output data buffer is %i but %i bytes was returned by the decrypt.",
 				*pDataLen, decryptedData.size());
-		return CKR_GENERAL_ERROR;
+		return CKR_ENCRYPTED_DATA_LEN_RANGE;
 	}
 
 	if (decryptedData.size() > 0)
@@ -3578,7 +3578,7 @@ static CK_RV SymDecryptFinal(Session* session, CK_BYTE_PTR pDecryptedData, CK_UL
 	if (!cipher->decryptFinal(decryptedFinal))
 	{
 		session->resetOp();
-		return CKR_GENERAL_ERROR;
+		return CKR_ENCRYPTED_DATA_INVALID;
 	}
 	DEBUG_MSG("output buffer size: %#2x  size: %#2x  decryptedFinal.size(): %#2x",
 		  *pulDecryptedDataLen, size, decryptedFinal.size());
@@ -3589,7 +3589,7 @@ static CK_RV SymDecryptFinal(Session* session, CK_BYTE_PTR pDecryptedData, CK_UL
 		session->resetOp();
 		ERROR_MSG("DecryptFinal returning too much data. Length of output data buffer is %i but %i bytes was returned by the encrypt.",
 			  *pulDecryptedDataLen, decryptedFinal.size());
-		return CKR_GENERAL_ERROR;
+		return CKR_ENCRYPTED_DATA_LEN_RANGE;
 	}
 
 	if (decryptedFinal.size() > 0)

Original file line number	Diff line number	Diff line change
`@@ -3309,15 +3309,15 @@ static CK_RV SymDecrypt(Session* session, CK_BYTE_PTR pEncryptedData, CK_ULONG u`
`3309`	`3309`	`if (!cipher->decryptUpdate(encryptedData,data))`
`3310`	`3310`	`{`
`3311`	`3311`	`session->resetOp();`
`3312`		`- return CKR_GENERAL_ERROR;`
	`3312`	`+ return CKR_ENCRYPTED_DATA_INVALID;`
`3313`	`3313`	`}`
`3314`	`3314`
`3315`	`3315`	`// Finalize decryption`
`3316`	`3316`	`ByteString dataFinal;`
`3317`	`3317`	`if (!cipher->decryptFinal(dataFinal))`
`3318`	`3318`	`{`
`3319`	`3319`	`session->resetOp();`
`3320`		`- return CKR_GENERAL_ERROR;`
	`3320`	`+ return CKR_ENCRYPTED_DATA_INVALID;`
`3321`	`3321`	`}`
`3322`	`3322`	`data += dataFinal;`
`3323`	`3323`	`if (data.size() > ulEncryptedDataLen)`
`@@ -3378,15 +3378,15 @@ static CK_RV AsymDecrypt(Session* session, CK_BYTE_PTR pEncryptedData, CK_ULONG`
`3378`	`3378`	`if (!asymCrypto->decrypt(privateKey,encryptedData,data,mechanism))`
`3379`	`3379`	`{`
`3380`	`3380`	`session->resetOp();`
`3381`		`- return CKR_GENERAL_ERROR;`
	`3381`	`+ return CKR_ENCRYPTED_DATA_INVALID;`
`3382`	`3382`	`}`
`3383`	`3383`
`3384`	`3384`	`// Check size`
`3385`	`3385`	`if (data.size() > size)`
`3386`	`3386`	`{`
`3387`	`3387`	`ERROR_MSG("The size of the decrypted data exceeds the size of the mechanism");`
`3388`	`3388`	`session->resetOp();`
`3389`		`- return CKR_GENERAL_ERROR;`
	`3389`	`+ return CKR_ENCRYPTED_DATA_LEN_RANGE;`
`3390`	`3390`	`}`
`3391`	`3391`	`if (data.size() != 0)`
`3392`	`3392`	`{`
`@@ -3475,22 +3475,22 @@ static CK_RV SymDecryptUpdate(Session* session, CK_BYTE_PTR pEncryptedData, CK_U`
`3475`	`3475`	`ByteString data(pEncryptedData, ulEncryptedDataLen);`
`3476`	`3476`	`ByteString decryptedData;`
`3477`	`3477`
`3478`		`- // Encrypt the data`
	`3478`	`+ // Decrypt the data`
`3479`	`3479`	`if (!cipher->decryptUpdate(data, decryptedData))`
`3480`	`3480`	`{`
`3481`	`3481`	`session->resetOp();`
`3482`		`- return CKR_GENERAL_ERROR;`
	`3482`	`+ return CKR_ENCRYPTED_DATA_INVALID;`
`3483`	`3483`	`}`
`3484`	`3484`	`DEBUG_MSG("ulEncryptedDataLen: %#5x output buffer size: %#5x blockSize: %#3x remainingSize: %#4x maxSize: %#5x decryptedData.size(): %#5x",`
`3485`	`3485`	`ulEncryptedDataLen, *pDataLen, blockSize, remainingSize, maxSize, decryptedData.size());`
`3486`	`3486`
`3487`		`- // Check output size from crypto. Unrecoverable error if to large.`
	`3487`	`+ // Check output size from crypto. Unrecoverable error if too large.`
`3488`	`3488`	`if (*pDataLen < decryptedData.size())`
`3489`	`3489`	`{`
`3490`	`3490`	`session->resetOp();`
`3491`	`3491`	`ERROR_MSG("DecryptUpdate returning too much data. Length of output data buffer is %i but %i bytes was returned by the decrypt.",`
`3492`	`3492`	`*pDataLen, decryptedData.size());`
`3493`		`- return CKR_GENERAL_ERROR;`
	`3493`	`+ return CKR_ENCRYPTED_DATA_LEN_RANGE;`
`3494`	`3494`	`}`
`3495`	`3495`
`3496`	`3496`	`if (decryptedData.size() > 0)`
`@@ -3578,7 +3578,7 @@ static CK_RV SymDecryptFinal(Session* session, CK_BYTE_PTR pDecryptedData, CK_UL`
`3578`	`3578`	`if (!cipher->decryptFinal(decryptedFinal))`
`3579`	`3579`	`{`
`3580`	`3580`	`session->resetOp();`
`3581`		`- return CKR_GENERAL_ERROR;`
	`3581`	`+ return CKR_ENCRYPTED_DATA_INVALID;`
`3582`	`3582`	`}`
`3583`	`3583`	`DEBUG_MSG("output buffer size: %#2x size: %#2x decryptedFinal.size(): %#2x",`
`3584`	`3584`	`*pulDecryptedDataLen, size, decryptedFinal.size());`
`@@ -3589,7 +3589,7 @@ static CK_RV SymDecryptFinal(Session* session, CK_BYTE_PTR pDecryptedData, CK_UL`
`3589`	`3589`	`session->resetOp();`
`3590`	`3590`	`ERROR_MSG("DecryptFinal returning too much data. Length of output data buffer is %i but %i bytes was returned by the encrypt.",`
`3591`	`3591`	`*pulDecryptedDataLen, decryptedFinal.size());`
`3592`		`- return CKR_GENERAL_ERROR;`
	`3592`	`+ return CKR_ENCRYPTED_DATA_LEN_RANGE;`
`3593`	`3593`	`}`
`3594`	`3594`
`3595`	`3595`	`if (decryptedFinal.size() > 0)`