Re: gnome-keyring Multiple libraries using PKCS#11 modules and CKR_ALREADY_INITIALIZED

From: Nikos Mavrogiannopoulos <nmav gnutls org>
To: Stef Walter <stefw collabora co uk>
Cc: "gnome-keyring-list gnome org" <gnome-keyring-list gnome org>
Subject: Re: gnome-keyring Multiple libraries using PKCS#11 modules and CKR_ALREADY_INITIALIZED
Date: Wed, 19 Jan 2011 16:47:12 +0100

On 01/19/2011 04:24 PM, Stef Walter wrote:

> Imagine that one consumer A of a PKCS#11 module (like a library)
> initializes successfully early, and then consumer B initializes with
> CKR_ALREADY_INITIALIZED. If consumer A decides early on that it's done
> with the PKCS#11 module, and decides to call CK_Finalize, then consumer
> B loses access to the module.

Indeed but this is something that cannot be avoided.

> One solution would be to recommend against using CK_Finalize from libraries.
> It seems that PKCS#11 is lacking some sort of reference counting on
> initialize/finalize.

Indeed. Pakchois adds a reference count on top of PKCS #11, but this
assumes that everyone should use it to access pkcs #11.

regards,
Nikos

Follow-Ups:
- Re: gnome-keyring Multiple libraries using PKCS#11 modules and CKR_ALREADY_INITIALIZED
  - From: Stef Walter

References:
- gnome-keyring Multiple libraries using PKCS#11 modules and CKR_ALREADY_INITIALIZED
  - From: Stef Walter
- Re: gnome-keyring Multiple libraries using PKCS#11 modules and CKR_ALREADY_INITIALIZED
  - From: Nikos Mavrogiannopoulos
- Re: gnome-keyring Multiple libraries using PKCS#11 modules and CKR_ALREADY_INITIALIZED
  - From: Stef Walter

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]