On 08/13/10 04:44, Robert Relyea wrote:
On Wed, Aug 11, 2010 at 1:18 PM, Matej Kurpel<mkur...@gmail.com> wrote:
[ ... skip ... ] Later, thunderbird asks for its attributes CKA_TOKEN and
CKA_LABEL but gives zero-sized buffers for both values. ... According to the
specification (if I understood correctly), I should return CKR_BUFFER_TOO_SMALL
and fill the ulValueLen properties to the length of the two attribute values,
which makes perfect sense.
No, you need to return CKR_OK. You only return CKR_BUFFER_TOO_SMALL if a buffer
was supplied and it didn't fit (in which case you set the offending attribute
length to -1). See the PKCS #11 spec for C_GetAttributeValue.
By returning CKR_BUFFER_TOO_SMALL to NSS, you are telling it that the requested
operation failed (That operation was to get the lengths of the attributes it
wanted to read).
Hello, Robert.
Matej told us that buffers were supplied, but zero-size. He didn't tell that
buffers were NULL.
see
http://mxr.mozilla.org/security/source/security/nss/lib/pk11wrap/pk11obj.c#210
I am not sure, whether this applies to Matej issue, but PK11_GetAttributes is
defective. It doesn't care about nullifying CK_ATTRIBUTE::pValue before 1st
call to C_GetAttributeValue. The caller of PK11_GetAttributes should care about.
--
Konstantin.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
