On 08/11/2010 09:53 PM, Wan-Teh Chang wrote: > On Wed, Aug 11, 2010 at 1:18 PM, Matej Kurpel <mkur...@gmail.com> wrote: > >> Hello, >> I am trying to implement a PKCS#11 module for my diploma thesis. It is >> intended to be used with thunderbird. I am using opensc pkcs11-spy module to >> debug it. I have a problem for quite some days I don't seem to be able to >> solve myself. >> At first, thunderbird searches for token certificates >> (CKA_CLASS=CKO_CERTIFICATE and CKA_TOKEN=TRUE). I am returning an object >> with handle 0x1 (letting thunderbird know I have such a certificate). Later, >> thunderbird asks for its attributes CKA_TOKEN and CKA_LABEL but gives >> zero-sized buffers for both values. This is where my problem lies - I don't >> know what to return and if I have to fill the values in the template or not. >> According to the specification (if I understood correctly), I should return >> CKR_BUFFER_TOO_SMALL and fill the ulValueLen properties to the length of the >> two attribute values, which makes perfect sense. >> > I think this is correct. > > I don't know why Thunderbird doesn't call C_GetAttributeValue again > with the right buffer sizes. > No, you need to return CKR_OK. You only return CKR_BUFFER_TOO_SMALL if a buffer was supplied and it didn't fit (in which case you set the offending attribute length to -1). See the PKCS #11 spec for C_GetAttributeValue.
By returning CKR_BUFFER_TOO_SMALL to NSS, you are telling it that the requested operation failed (That operation was to get the lengths of the attributes it wanted to read). see: http://mxr.mozilla.org/security/source/security/nss/lib/pk11wrap/pk11obj.c#210 It shouldn't be crashing (at least not before calling C_GetAttributeValue again). There's an option to run thunderbird under a debugger. A stack traceback at the point of crash will tell a lot (as Konstantin pointed out). bob > Wan-Teh >
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
