On Tue, 27 Apr 2021 04:31:42 GMT, Greg Rubin <github.com+829871+salusasecon...@openjdk.org> wrote:
>> Anyone can help review this somewhat trivial fix? The main change is inside >> src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_objmgmt.c. This is to >> help better troubleshooting by reporting the type of unavailable attributes >> in PKCS11 exception message when C_GetAttributeValue(...) call failed. The >> java file changes are just cleanup for consolidating the CKR_* constants >> definition into PKCS11Exception class. >> >> Thanks, >> Valerie > > src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_objmgmt.c line 252: > >> 250: >> 251: if (rv != CKR_OK) { >> 252: if (rv == CKR_ATTRIBUTE_SENSITIVE || rv == >> CKR_ATTRIBUTE_TYPE_INVALID) { > > According to the PKCS#11v2.40 spec, `CKR_BUFFER_TOO_SMALL` should be handled > in the same special ways as these too (in that it isn't a "true error"). For this particular call, the pValue field is null, it's meant to query the exact length of the specified attribute. Thus, CKR_BUFFER_TOO_SMALL should not be returned. Afterwards, we then allocate the buffer based on this queried result, so CKR_BUFFER_TOO_SMALL should also not occur. So, based on the current API usage, CKR_BUFFER_TOO_SMALL should not happen. ------------- PR: https://git.openjdk.java.net/jdk/pull/3709