[Opendnssec-user] PKCS11Exception: CKR_DATA_LEN_RANGE using softhsm2
Roland van Rijswijk - Deij
Roland.vanRijswijk at surfnet.nl
Fri Dec 5 07:09:32 UTC 2014
> I'm getting this error:
> Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DATA_LEN_RANGE
> Is this maybe a known limitation for softhsm2 ? there is some workaround
> ? Thx for your help.
I've had a quick look at the code, and this seems to be a bug;
C_EncryptUpdate always checks if the input block adheres to the cipher's
required block size. It should only do this if the cipher is used in ECB
mode. I have created SOFTHSM-107
(https://issues.opendnssec.org/browse/SOFTHSM-107) in our issue tracking
system for this bug, it will be addressed in the next version of SoftHSM
Meanwhile you could help us by testing this by doing the following:
- Build SoftHSM v2 from source (instructions here:
- go to "src/lib" in the source tree
- edit "SoftHSM.cpp"
- go to line 2166 and comment it out (this is the check for block size
- re-run your test program and let us know the result
Thanks in advance for reporting this issue.
-- Roland M. van Rijswijk - Deij
-- SURFnet bv
-- w: http://www.surf.nl/en/about-surf/subsidiaries/surfnet
-- e: roland.vanrijswijk at surfnet.nl
Please note: As of 1 January 2015 SURFnet has a new address and
Kantoren Hoog Overborch (Hoog Catharijne) - Moreelsepark 48, 3511 EP
Utrecht - PO Box 19035, 3501 DA Utrecht - Telephone: +31 88-7873000
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4412 bytes
Desc: S/MIME Cryptographic Signature
More information about the Opendnssec-user