On Tue, 27 Apr 2021 04:31:42 GMT, Greg Rubin
<github.com+829871+salusasecon...@openjdk.org> wrote:
>> Anyone can help review this somewhat trivial fix? The main change is inside
>> src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_objmgmt.c. This is to
>> help better troubleshooting by reporting the type of unavailable attributes
>> in PKCS11 exception message when C_GetAttributeValue(...) call failed. The
>> java file changes are just cleanup for consolidating the CKR_* constants
>> definition into PKCS11Exception class.
>>
>> Thanks,
>> Valerie
>
> src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_objmgmt.c line 252:
>
>> 250:
>> 251: if (rv != CKR_OK) {
>> 252: if (rv == CKR_ATTRIBUTE_SENSITIVE || rv ==
>> CKR_ATTRIBUTE_TYPE_INVALID) {
>
> According to the PKCS#11v2.40 spec, `CKR_BUFFER_TOO_SMALL` should be handled
> in the same special ways as these too (in that it isn't a "true error").
For this particular call, the pValue field is null, it's meant to query the
exact length of the specified attribute. Thus, CKR_BUFFER_TOO_SMALL should not
be returned.
Afterwards, we then allocate the buffer based on this queried result, so
CKR_BUFFER_TOO_SMALL should also not occur.
So, based on the current API usage, CKR_BUFFER_TOO_SMALL should not happen.
-------------
PR: https://git.openjdk.java.net/jdk/pull/3709
