Here is a short list of a few particular things about return values that Cryptoki developers might want to be aware of:
As mentioned in Sections 11.1.2 and 11.1.3, a Cryptoki library may not be able to make a distinction between a token being removed before a function invocation and a token being removed during a function invocation.
The difference between CKR_DATA_INVALID and CKR_DATA_LEN_RANGE can be somewhat subtle. Unless an application needs to be able to distinguish between these return values, it is best to always treat them equivalently.