[gnutls-devel] GnuTLS | p11tool does not distinguish key objects with the same label (#1467)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Wed Oct 11 11:36:39 CEST 2023
Edheldil commented: https://gitlab.com/gnutls/gnutls/-/issues/1467#note_1598437833
To refine the problem statement a bit: The problem manifests if there are multiple objects in a token that have the same label and ID.
p11tool could distinguish between the objects using their handle if it did all querying in a single session. It even first does so with a generic search template using only label and/or id a MaxObjectCount 8192 , but then closes that "common" session and does a new session and a new search (C_FindObjectsInit) for each previously found object,
this time with label and/or id and object class and type search template and MaxObjectCount=1. And these searches then return some random object from the matching set depending on vagaries of the specific token and pkcs11 library. :sigh:
This is also probably related to p11tool's inability to change object's label or id if there's more than one with the same label and id.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1467#note_1598437833
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20231011/fd13aaf3/attachment.html>
More information about the Gnutls-devel
mailing list