[gnutls-devel] GnuTLS | p11tool does not distinguish key objects with the same label (#1467)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Wed Oct 11 11:36:39 CEST 2023

Edheldil commented: https://gitlab.com/gnutls/gnutls/-/issues/1467#note_1598437833

To refine the problem statement a bit: The problem manifests if there are multiple objects in a token that have the same label and ID.

p11tool could distinguish between the objects using their handle if it did all querying in a single session. It even first does so with a generic search template using only label and/or id a MaxObjectCount 8192 , but then closes that "common" session and does a new session and a new search (C_FindObjectsInit) for each previously found object,
this time with label and/or id and object class and type search template and MaxObjectCount=1. And these searches then return some random object from the matching set depending on vagaries of the specific token and pkcs11 library. :sigh:

This is also probably related to p11tool's inability to change object's label or id if there's more than one with the same label and id.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1467#note_1598437833
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20231011/fd13aaf3/attachment.html>

More information about the Gnutls-devel mailing list