> Robert Relyea <rrel...@redhat.com> wrote: > Sorry my bad, I wasn't clear. The double decrypt happens in the case where > you first call C_Decrypt with pData = NULL. In that case you can return 128 > instead of decrypting the data just to get the length. In the case where > C_Decrypt is called with pData != NULL, you need to return the actual number > of bytes coded by the PKCS #1 encoding because you are actually returning > the decrypted data at this point.
AFAIK first call C_Decrypt with pData=NULL and pulDataLen=0 should return the decrypt bytes length (X). Then, second call should have pData!=NULL and pulDataLen=y. if y<X ->CKR_BUFFER_TOO_SMALL Returning 128 doesnt work (and shouldnt), cause the decrypted data is 24 (always?) bytes length Anyhow, i now return the correct size (24) and dont "trust" on C_Decrypt input pulDataLen. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
