FindObjects bool is always false #26
Comments
|
This definitely looks broken to me. It is impossible to determine whether I think a breaking change is required to remove this boolean response value. It is misleading and I can't see how it can ever be accurate. It's already tripped me up on some code I wrote to work with SoftHSM2. In a pathological case, you cannot even be sure the token has run out of objects if The workaround for now is to ignore this boolean value and keep calling until no objects are returned. |
|
@miekg Can we reopen this? |
|
Your interpretation of the spec seems correct to me. It's unclear whether changing the code would be a good idea since implementations may be depending on it never returning true (see this example in the pkcs11 tree: https://github.com/miekg/pkcs11/blob/master/p11/session.go#L75) The safest fix would be updating the comment to mark it as deprecated and describing what the correct use should be. |
|
[ Quoting <notifications@github.com> in "Re: [miekg/pkcs11] FindObjects bool..." ]
Your interpretation of the spec seems correct to me. It's unclear whether changing the code would be a good idea since implementations may be depending on it never returning true (see this example *in the pkcs11 tree*: https://github.com/miekg/pkcs11/blob/master/p11/session.go#L75)
The safest fix would be updating the comment to mark it as deprecated and describing what the correct use should be.
A backwards incompatible change could be fine if we break builds.
Do we need another function that is correct, while deprecating this one?
|
The previous behavior is not consistent with the specification; the only way to detect the end of the search is when no objects are returned. In the future this field should be removed but in the meantime there is no need to force a breaking change. Also updates p11.Session.FindObjects to no longer use the deprecated field, and to handle arbitrarily large result sets.
|
The existing signature is sufficient to use the function correctly, you just ignore the boolean and stop searching when the result is empty. So there's not really any benefit to changing it until there are other breaking changes to bundle it with. I opened a pull request to update the docs and fix the p11 version of the function to not use it. |
|
I'd opt for a breaking change. Removing a return value will break builds, so people won't miss this happening. People who are ignoring the return value are minimally inconvenienced. People with broken code that assumes it works correctly will have more work to do, but they had buggy code anyway. I fear people will miss documentation changes. |
|
[ Quoting <notifications@github.com> in "Re: [miekg/pkcs11] FindObjects bool..." ]
I'd opt for a breaking change. Removing a return value will break builds, so people won't miss this happening. People who are ignoring the return value are minimally inconvenienced. People with broken code that assumes it works correctly will have more work to do, but they had buggy code anyway.
I fear people *will* miss documentation changes.
They will indeed. "dep ensure" or something similar will not tell you, just
breaking build seems legit here.
|
|
Should #55 be addressed at the same time then? Ideally there should be a tag before the breaking change so that people using dependency management can pin it until they can update their code. |
|
If we're going to break things, its better to group those, so yes? releases is a separate issues: now with vgo we should actually start doing this. |
The previous behavior is not consistent with the specification; the only way to detect the end of the search is when no objects are returned. In the future this field should be removed but in the meantime there is no need to force a breaking change. Also updates p11.Session.FindObjects to no longer use the deprecated field, and to handle arbitrarily large result sets.
The bool on FindObjects which according to the comment indicates if the resultset is larger than max, always returns false. FindObjects comment.
The softHSMv1 findObjects implementation returns the number of results read until max. So it will never be larger than max.
The oasis docs specify the following
So it seems the softHSM implementation is correct.
The text was updated successfully, but these errors were encountered: