-
Bug
-
Resolution: Not an Issue
-
P4
-
None
-
7
-
generic
-
generic
I wrote:
The PKCS11 provider document makes a statement about the delayed
selection mechanism that I think is wrong given the implementation.
It claims that for Cipher, KeyAgreement, Mac, etc.:
If an application calls the initialization method multiple times
(each time with a different key, for example), the proper provider
for the given key is selected each time. In other words, a
different provider may be selected for each initialization call.
Was it the intent, and the code in Cipher is wrong? Or are the docs wrong, and need to be fixed?
Sean thought he remembers that was the original intent, but wasn't sure.
-----
Andreas responded:
After some back and forth, this was the intent, but the implementation
never got updated to reflect that. Basically, calling init() should
erase all existing state and give the same result as if called on a
new object.
-----
Andreas thinks there may be a fairly old bug against this, but I can't find it. Refiling.
The PKCS11 provider document makes a statement about the delayed
selection mechanism that I think is wrong given the implementation.
It claims that for Cipher, KeyAgreement, Mac, etc.:
If an application calls the initialization method multiple times
(each time with a different key, for example), the proper provider
for the given key is selected each time. In other words, a
different provider may be selected for each initialization call.
Was it the intent, and the code in Cipher is wrong? Or are the docs wrong, and need to be fixed?
Sean thought he remembers that was the original intent, but wasn't sure.
-----
Andreas responded:
After some back and forth, this was the intent, but the implementation
never got updated to reflect that. Basically, calling init() should
erase all existing state and give the same result as if called on a
new object.
-----
Andreas thinks there may be a fairly old bug against this, but I can't find it. Refiling.
- duplicates
-
-
- Closed
-