Re: pkcs11 problem with Netscape

Wed, 19 Jan 2005 05:06:26 -0800

Ok, now I have a buffer which is equal to the input data size. As I said in the post, when Netscape 7.2 (and 4.7) initializes a encrypt operation (RC2 Secret Key of 16 bytes). It's ok. After that it calls the C_EncryptUpdate method of the pkcs11 module with an input data of 8 bytes. The method C_EncryptUpdate (which use openSSL functions to do the work: int result = EVP_CipherUpdate(ctx,pEncryptedPart,(int *)pulEncryptedPartLen,pPart,ulPartLen);) returns a encrypted block with a size of 8 bytes (which I think is the correct size). Well, that size not seems to be the hoped by Netscape, because it close the session (if all were ok it should call C_EncryptUpdate more times and ends with a call to C_EncryptFinal) wich opened to develope the C_Encrypt operation.
I don't understand what is happening. Thanks in advance.


Robert Relyea wrote: 
Antonio Andres Espallardo wrote:

Hi. I'm developing a pkcs11 module, which offeir support for RC2 algorithm and some algorithm more. The behavior of Netscape 7.2 when I make use of the pkcs11 module is like this:

1) Netscape creates an RC2 Secret Key of 16 bytes length
2) It inits an encrypt operation, calling the method C_EncryptInit
3) It calls the method C_EncryptUpdate of the pkcs11, but the out buffer is too small, consecuently the pkcs11 return CKR_BUFFER_TOO_SMALL. Well, now Netscape detroy the secret key object and finalizes, when it should retry with a bigger buffer.


How big of a buffer is NSS providing? The spec says for CKM_RC2_CBC you need a buffer which is equal to the input data size. (and input data should be a multiple of 8). What are you seeing from NSS?

bob 
_______________________________________________
mozilla-crypto mailing list
mozilla-crypto@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-crypto

Reply via email to