[Softhsm-develop] SoftHSM v2 inconsistencies with regards to v1
Rickard Bellgrim
rickard at opendnssec.org
Sun Oct 5 19:13:50 UTC 2014
Thanks for comparing the behavior. Will check the details and get back to
you during next week.
On Thu, Oct 2, 2014 at 1:37 PM, Jerry Lundström <jerry.lundstrom at iis.se>
wrote:
> Hi,
>
> So I found some issues during my testing of my Perl module and SoftHSMv2
> with regards to v1, a few of them where just different return codes so
> they are not listed here.
>
> - C_Login with CKU_CONTEXT_SPECIFIC
> This will always returns CKR_OPERATION_NOT_INITIALIZED because its not
> handled (there is a TODO in the source).
>
> - C_Login while already logged in
> This returns CKR_SESSION_READ_ONLY_EXISTS while v1 returns
> CKR_USER_ANOTHER_ALREADY_LOGGED_IN.
>
> - Unable to use object/key handle after C_Logout
> In runObjectCheck() for v1 a key pair is created then the user is logged
> out to run tests while logged out and later on the user is logged back
> in to do the same. This does not work in v2, the object/key handle
> received while logged in does not work after logout/login,
> CKR_OBJECT_HANDLE_INVALID is received from for example
> C_GetAttributeValue, C_SetAttributeValue and C_DestroyObject.
> This problem also affected sign/verify/encrypt and decrypt tests, had to
> turn off a bunch of tests.
>
> - Encrypt and decrypt operations not separated
> In runDecryptCheck() a encrypt and decrypt operation is initiated at the
> same time, v1 could handle this but v2 does not.
>
> - Decrypting data with the wrong key returns CKR_GENERAL_ERROR
> This happens in v2 but in v1 CKR_ENCRYPTED_DATA_INVALID is returned
> which is a much better error.
>
> --
> Jerry Lundström - Software Engineer
> .SE - The Internet Infrastructure Foundation
> http://www.iis.se/
>
>
> _______________________________________________
> Softhsm-develop mailing list
> Softhsm-develop at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/softhsm-develop
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/softhsm-develop/attachments/20141005/439cb703/attachment.htm>
More information about the Softhsm-develop
mailing list