Fix handling of invalid object handles #495
Conversation
Signed-off-by: Jakub Zelenka <[email protected]>
This is useful for refreshing invalid object handles Signed-off-by: Jakub Zelenka <[email protected]>
Signed-off-by: Jakub Zelenka <[email protected]>
bukka
force-pushed
the
refresh-on-invalid
branch
from
6b2529b to
c925ead
Compare
| ret = p11prov_sig_operate_init(sigctx, false, &session); | ||
| if (ret != CKR_OK) { | ||
| return ret; | ||
| if (ret == CKR_OBJECT_HANDLE_INVALID && p11prov_obj_refresh_invalid(sigctx->key) == CKR_OK) { |
There was a problem hiding this comment.
you should move this whole section directly in p11prov_sig_operate_init()
| @@ -870,7 +870,7 @@ static CK_RV p11prov_sig_operate_init(P11PROV_SIG_CTX *sigctx, bool digest_op, | |||
| } | |||
|
|
|||
| done: | |||
| if (ret != CKR_OK) { | |||
| if (ret != CKR_OK && ret != CKR_OBJECT_HANDLE_INVALID) { | |||
There was a problem hiding this comment.
if you do the refreshing in this function, as you should, then this will go away, as it should.
This exception here is a trap for any of the callers.
|
Note that this kind of change will need tests, or it will regress easily. |
|
@simo5 Cool, thanks. Ok I will look into adding that to other _init and make it more generic and will also take into account your comments. In terms of test I could look into adding an integration test for nginx and pkcs11-proxy which should cover the sign one and would be probably useful for testing the fork reload as nginx forks workers. Would you also want tests for other _init? If so, I would probably have to look into some longer running app so I can restart daemon and then retry it. If you have an idea about some existing application for such testing, that would be great! |
Assuming we can make a generic function for this, then just one test application with the proxy should be fine. Let's see where it goes as you add code. |
|
Just a word of warning, closing sessions means destroying all ephemeral keys created as session objects. |
|
Ah yeah, good point. I will look into it. |
Description
This is an initial fix for #494 which describes all the details about the actual issue.
The fix first removes the errors in session refreshing if the session was successfully re-opened.
It then exposes function for refreshing of invalid objects - this uses the same logic as after the fork refreshing triggered from store.
And it adds a logic in signature for handling
CKR_OBJECT_HANDLE_INVALIDerror. It basically refreshes the object and repeat the operation. It also clears errors if refreshing and repeated operation is successful.For my use case signInit is enough but I realise that this would be quite incomplete so other places should be addressed in the similar way. But before I look into it, I wanted to hear if this approach would be acceptable so please let me know your thoughts. Also if acceptable I will be happy to look into providing some tests.
Checklist
Reviewer's checklist: