RFR: JDK-6676643: Improve current C_GetAttributeValue native implementation
Greg Rubin
github.com+829871+salusasecondus at openjdk.java.net
Tue Apr 27 18:52:36 UTC 2021
On Tue, 27 Apr 2021 18:36:28 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_objmgmt.c line 252:
>>
>>> 250:
>>> 251: if (rv != CKR_OK) {
>>> 252: if (rv == CKR_ATTRIBUTE_SENSITIVE || rv == CKR_ATTRIBUTE_TYPE_INVALID) {
>>
>> According to the PKCS#11v2.40 spec, `CKR_BUFFER_TOO_SMALL` should be handled in the same special ways as these too (in that it isn't a "true error").
>
> For this particular call, the pValue field is null, it's meant to query the exact length of the specified attribute. Thus, CKR_BUFFER_TOO_SMALL should not be returned.
> Afterwards, we then allocate the buffer based on this queried result, so CKR_BUFFER_TOO_SMALL should also not occur.
> So, based on the current API usage, CKR_BUFFER_TOO_SMALL should not happen.
All my concerns are addressed then. So, while my review doesn't count towards acceptance of this change, everything LGTM.
-------------
PR: https://git.openjdk.java.net/jdk/pull/3709
More information about the security-dev
mailing list