JDK-6676643: Improve current C_GetAttributeValue native implementation #3709
Conversation
Include mechanism info into PKCS11 exception message and remove duplicated constant definitions in PKCS11Constants and PKCS11Exception classes.
|
👋 Welcome back valeriep! A progress list of the required criteria for merging this PR into |
|
@valeriepeng The following label will be automatically applied to this pull request:
When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command. |
Webrevs
|
|
|
||
| if (rv != CKR_OK) { | ||
| if (rv == CKR_ATTRIBUTE_SENSITIVE || rv == CKR_ATTRIBUTE_TYPE_INVALID) { | ||
| msg = malloc(80); // should be more than sufficient |
There was a problem hiding this comment.
I'm worried about asserting that 80 is sufficient especially as extremely large numbers of attributes could be retrieved and the limit check later on seems a bit lax.
There was a problem hiding this comment.
80 should be sufficient, as we only include attribute type of those UNAVAILABLE ones. For example, there may be 6 attributes specified, but realistically only one or two being unavailable. Are you aware of any case which a large number of attributes are unavailable? I added the limit check to ensure no out-of-bound writes. In the worst case, the reported types may be incomplete, i.e. up to 80 bytes. Otherwise, we may need two passes, one to find out the number of unavailable attributes, and one to allocate and set the content. Or, do you have other suggestion?
| // format msg w/ attribute(s) whose value is unavailable | ||
| temp1 = msg; | ||
| temp2 = msg + 80; | ||
| for (i = 0; i < ckAttributesLength && temp1 < temp2; i++) { |
There was a problem hiding this comment.
I think that this loop will append at most 11 bytes to the string each time (is this correct?), if so, we can make the check temp1 < temp2 - 12 to count the final null and avoid running off the end with a buffer overflow.
There was a problem hiding this comment.
I apologize. This counting code is correct and doesn't have any of the issues I claimed. snprintf takes care of everything and I just missed it last night.
There was a problem hiding this comment.
It's alright, thanks for checking and review.
| if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { | ||
|
|
||
| if (rv != CKR_OK) { | ||
| if (rv == CKR_ATTRIBUTE_SENSITIVE || rv == CKR_ATTRIBUTE_TYPE_INVALID) { |
There was a problem hiding this comment.
According to the PKCS#11v2.40 spec, CKR_BUFFER_TOO_SMALL should be handled in the same special ways as these too (in that it isn't a "true error").
There was a problem hiding this comment.
For this particular call, the pValue field is null, it's meant to query the exact length of the specified attribute. Thus, CKR_BUFFER_TOO_SMALL should not be returned.
Afterwards, we then allocate the buffer based on this queried result, so CKR_BUFFER_TOO_SMALL should also not occur.
So, based on the current API usage, CKR_BUFFER_TOO_SMALL should not happen.
There was a problem hiding this comment.
All my concerns are addressed then. So, while my review doesn't count towards acceptance of this change, everything LGTM.
There was a problem hiding this comment.
Thanks for your review still. Good to have an extra pair of eyes to look over the changes...
| * CKR_OK. Otherwise, it returns the returnValue as a jLong. | ||
| * This function generates a PKCS#11Exception with the returnValue as the | ||
| * errorcode. If the returnValue is not CKR_OK. The functin returns 0, if the | ||
| * returnValue is CKR_OK. Otherwise, it returns the returnValue as a jLong. | ||
| * | ||
| * @param env - used to call JNI funktions and to get the Exception class |
There was a problem hiding this comment.
NitPick: here and above some German seems to have slipped in. I think we want "functions"
There was a problem hiding this comment.
I didn't notice the German, just copy-n-paste. Will fix the typos.
There was a problem hiding this comment.
Other PKCS#11 JNI sources have the same German typos, I prefer to leave them out of this. Will fix them when they are touched in other fixes.
| }; | ||
|
|
||
| private static void register(String name, long errorCode) { | ||
| errorMap.put(errorCode, name); |
There was a problem hiding this comment.
I may check the put() return value and throw error for duplicated items, just in case duplicated copy-and-past register.
| // for unknown PKCS11 return values, just use hex as its string | ||
| if (res == null) { | ||
| res = "0x" + Functions.toFullHexString((int)errorCode); | ||
| errorMap.put(errorCode, res); |
There was a problem hiding this comment.
It would be nice if the errorMap is immutable once the known error codes get registered.
| register("CKR_FUNCTION_REJECTED", 0x00000200L); | ||
| register("CKR_TOKEN_RESOURCE_EXCEEDED", 0x00000201L); | ||
| register("CKR_OPERATION_CANCEL_FAILED", 0x00000202L); | ||
| register("CKR_VENDOR_DEFINED", 0x80000000L); |
There was a problem hiding this comment.
See below comment, I may have the hash map unmodifiable after the registration.
|
@valeriepeng This change now passes all automated pre-integration checks. ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details. After integration, the commit message for the final commit will be: You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 314 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. ➡️ To integrate this PR with the above commit message to the |
| long value() { | ||
| return value; | ||
| } |
There was a problem hiding this comment.
I guess it is safe to use the 'value' variable directly for enum. The value() method may be not necessary. Just a personal preference, ignore it if you like the current way.
There was a problem hiding this comment.
Sure, I like it too. Will update.
There was a problem hiding this comment.
Thank you. I have no more comment.
|
/integrate |
openjdk
bot
added
integrated
|
@valeriepeng Since your change was applied there have been 315 commits pushed to the
Your commit was automatically rebased without conflicts. Pushed as commit 7ab6dc8. 💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored. |
Anyone can help review this somewhat trivial fix? The main change is inside src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_objmgmt.c. This is to help better troubleshooting by reporting the type of unavailable attributes in PKCS11 exception message when C_GetAttributeValue(...) call failed. The java file changes are just cleanup for consolidating the CKR_* constants definition into PKCS11Exception class.
Thanks,
Valerie
Progress
Issue
Reviewers
Reviewing
Using
gitCheckout this PR locally:
$ git fetch https://git.openjdk.java.net/jdk pull/3709/head:pull/3709$ git checkout pull/3709Update a local copy of the PR:
$ git checkout pull/3709$ git pull https://git.openjdk.java.net/jdk pull/3709/headUsing Skara CLI tools
Checkout this PR locally:
$ git pr checkout 3709View PR using the GUI difftool:
$ git pr show -t 3709Using diff file
Download this PR as a diff file:
https://git.openjdk.java.net/jdk/pull/3709.diff