Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RFE] Bad module with C_GetInterface returning 0x54 - fallback to C_GetFunctionList #621

Closed
space88man opened this issue Feb 20, 2024 · 2 comments
Closed

[RFE] Bad module with C_GetInterface returning 0x54 - fallback to C_GetFunctionList #621

space88man opened this issue Feb 20, 2024 · 2 comments
Labels
category: proxy module enhancement question
Milestone
0.25.4

Comments

@space88man
Copy link
Contributor

space88man commented Feb 20, 2024
edited
Loading 

p11-kit: call to C_GetInterface failed in module: /usr/lib64/pkcs11/../../lib/libCryptoki2_64.so: This operation is not supported

I have a module that exports C_GetInterfaceList and C_GetInterface and returns 0x54, so p11-kit-proxy will error out.

RFE: In this case could we still fallback to C_GetFunctionList like pkcs11-spy or make this configurable.

The module works when wrapped by pkcs11-spy, though which seems to be more forgiving.

The module in question is Luna HSM v10.5.

When p11-kit calls C_GetInterface it checks for CKR_OK, perhaps it could also check for CKR_FUNCTION_NOT_SUPPORTED and bail out to C_GetFunctionList in that case.
@space88man space88man changed the title [Question] How to handle an older module with C_GetInterface returning 0x54 - fallback possible ? [RFE] Bad module with C_GetInterface returning 0x54 - fallback to C_GetFunctionList Feb 20, 2024
@ZoltanFridrich
Copy link
Contributor

Thank you for the RFE. Perhaps there could be a fallback to C_GetFunctionList in case C_GetInterface is not supported. We will look into it.

space88man added a commit to space88man/p11-kit that referenced this issue Feb 22, 2024
@space88man
Fallback if C_GetInterface returns 0x54
9b1cdf2 
Addresses p11-glue#621

Signed-off-by: S-P Chan <[email protected]>
@space88man space88man mentioned this issue Feb 22, 2024
Merged
space88man added a commit to space88man/p11-kit that referenced this issue Mar 4, 2024
@space88man
Fallback if C_GetInterface returns 0x54
932127e 
Addresses p11-glue#621

Signed-off-by: S-P Chan <[email protected]>
ZoltanFridrich pushed a commit that referenced this issue Mar 5, 2024
@space88man @ZoltanFridrich
Fallback if C_GetInterface returns 0x54
e8abb00 
Addresses #621

Signed-off-by: S-P Chan <[email protected]>
@ZoltanFridrich
Copy link
Contributor

This has been done in #622

@ueno ueno added this to the 0.25.4 milestone Jul 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
category: proxy module enhancement question
Projects
None yet
Milestone
0.25.4
Development

No branches or pull requests
3 participants
@ueno @ZoltanFridrich @space88man