Open H5117 opened 5 months ago
ZoltanFridrich
commented
5 months ago When setting attributes of a p11-kit URI, all attribute values are allocated with malloc() which "returns a pointer that is suitably aligned for any object type with fundamental alignment". So I guess the p11_kit_uri_get_attributes() and p11_kit_uri_get_attribute() functions should have the same allignment guarantee, ie. it should be safe to pass them to lets say C_FindObjectsInit().
H5117
commented
5 months ago OK, i. e. for now it is safe. But what about future? Is there some policy in p11-kit that guarantees it won't change?
I am going to use this assumption in the code for unlocking a root volume with a PKCS#11 token, and with wrong alignment a system will fail to boot.
ZoltanFridrich
commented
5 months ago It is unlikely to change, but I don't think that currently there is any policy that guarantees this in p11-kit. We might add a guarantee. I will discuss this with @ueno
H5117
commented
4 months ago Any decision on this?
ueno
commented
4 months ago As far as I recall, we reached the consensus that the API should guarantee the alignment. It may not be possible alone, if the applications set arbitrary attribute through p11_kit_uri_set_attribute; we can add the guidance to the documentation.
PKCS#11 2.40 and later describes a CK_ATTRIBUTE in the following way:
And "the application" is defined in the following way:
But API of p11-kit for URIs in the gray zone here, because parsing a PKCS#11 URI does not require to call Cryptoki interface.
So, the question: what alignment guarantees does p11-kit provide for CK_ATTRIBUTEs returned by
p11_kit_uri_get_attributes()orp11_kit_uri_get_attribute()? Can I pass these attributes toC_FindObjectsInit()safely or should I repack them to ensure that *pValue is properly aligned?