-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix handling of invalid object handles #495
base: main
Are you sure you want to change the base?
Conversation
Signed-off-by: Jakub Zelenka <jakub.openssl@gmail.com>
This is useful for refreshing invalid object handles Signed-off-by: Jakub Zelenka <jakub.openssl@gmail.com>
Signed-off-by: Jakub Zelenka <jakub.openssl@gmail.com>
6b2529b
to
c925ead
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds reasonable in principle, however this change would have to be added to any "_init()" for any operation.
So all the operation in asymmetric_cpiher.c and exchange.c etc...
ret = p11prov_sig_operate_init(sigctx, false, &session); | ||
if (ret != CKR_OK) { | ||
return ret; | ||
if (ret == CKR_OBJECT_HANDLE_INVALID && p11prov_obj_refresh_invalid(sigctx->key) == CKR_OK) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you should move this whole section directly in p11prov_sig_operate_init()
@@ -870,7 +870,7 @@ static CK_RV p11prov_sig_operate_init(P11PROV_SIG_CTX *sigctx, bool digest_op, | |||
} | |||
|
|||
done: | |||
if (ret != CKR_OK) { | |||
if (ret != CKR_OK && ret != CKR_OBJECT_HANDLE_INVALID) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if you do the refreshing in this function, as you should, then this will go away, as it should.
This exception here is a trap for any of the callers.
Note that this kind of change will need tests, or it will regress easily. |
@simo5 Cool, thanks. Ok I will look into adding that to other _init and make it more generic and will also take into account your comments. In terms of test I could look into adding an integration test for nginx and pkcs11-proxy which should cover the sign one and would be probably useful for testing the fork reload as nginx forks workers. Would you also want tests for other _init? If so, I would probably have to look into some longer running app so I can restart daemon and then retry it. If you have an idea about some existing application for such testing, that would be great! |
Assuming we can make a generic function for this, then just one test application with the proxy should be fine. Let's see where it goes as you add code. |
Just a word of warning, closing sessions means destroying all ephemeral keys created as session objects. |
Ah yeah, good point. I will look into it. |
Description
This is an initial fix for #494 which describes all the details about the actual issue.
The fix first removes the errors in session refreshing if the session was successfully re-opened.
It then exposes function for refreshing of invalid objects - this uses the same logic as after the fork refreshing triggered from store.
And it adds a logic in signature for handling
CKR_OBJECT_HANDLE_INVALID
error. It basically refreshes the object and repeat the operation. It also clears errors if refreshing and repeated operation is successful.For my use case signInit is enough but I realise that this would be quite incomplete so other places should be addressed in the similar way. But before I look into it, I wanted to hear if this approach would be acceptable so please let me know your thoughts. Also if acceptable I will be happy to look into providing some tests.
Checklist
Reviewer's checklist: