Dňa 13. 8. 2010 18:35, Robert Relyea wrote / napísal(a):
On 08/13/2010 05:37 AM, Konstantin Andreev wrote:
On 08/13/10 04:44, Robert Relyea wrote:
On Wed, Aug 11, 2010 at 1:18 PM, Matej Kurpel<mkur...@gmail.com>
wrote:
[ ... skip ... ] Later, thunderbird asks for its attributes
CKA_TOKEN and CKA_LABEL but gives zero-sized buffers for both
values. ... According to the specification (if I understood
correctly), I should return CKR_BUFFER_TOO_SMALL and fill the
ulValueLen properties to the length of the two attribute values,
which makes perfect sense.
No, you need to return CKR_OK. You only return CKR_BUFFER_TOO_SMALL
if a buffer was supplied and it didn't fit (in which case you set the
offending attribute length to -1). See the PKCS #11 spec for
C_GetAttributeValue.
By returning CKR_BUFFER_TOO_SMALL to NSS, you are telling it that the
requested operation failed (That operation was to get the lengths of
the attributes it wanted to read).
Hello, Robert.
Matej told us that buffers were supplied, but zero-size. He didn't
tell that buffers were NULL.
Ah, that case CKR_BUFFER_TOO_SMALL would be appriopriate. I'm pretty
sure that that was not the case. I suspect he didn't check for NULL
since I know of no where in NSS that would do such a thing, but I know
exactly where we are asking for CKA_TOKEN and CKA_LABEL with a NULL buffer.
see
http://mxr.mozilla.org/security/source/security/nss/lib/pk11wrap/pk11obj.c#210
I am not sure, whether this applies to Matej issue, but
PK11_GetAttributes is defective. It doesn't care about nullifying
CK_ATTRIBUTE::pValue before 1st call to C_GetAttributeValue. The
caller of PK11_GetAttributes should care about.
Yes, it does require the caller to set things to NULL first..
bob
--
Konstantin.
Guys, I figured out that Thunderbird didn't like this assignment of
CKA_TOKEN when assigning the values (with the buffers of right sizes
already allocated):
pTemplate[i].pValue = (CK_BBOOL *)TRUE;
(but it compiled fine). I changed it to
*((CK_BBOOL *)pTemplate[i].pValue) = TRUE;
and it works perfectly! I am pretty n00b at C++ (well, still learning).
I will avoid this mistake in the future. Thanks again for your willing
to help :)
M. Kurpel
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
