Re: gnome-keyring Multiple libraries using PKCS#11 modules and CKR_ALREADY_INITIALIZED

From: Stef Walter <stefw collabora co uk>
To: Nikos Mavrogiannopoulos <nmav gnutls org>
Cc: "gnome-keyring-list gnome org" <gnome-keyring-list gnome org>
Subject: Re: gnome-keyring Multiple libraries using PKCS#11 modules and CKR_ALREADY_INITIALIZED
Date: Wed, 19 Jan 2011 12:29:19 -0600

On 01/19/2011 09:47 AM, Nikos Mavrogiannopoulos wrote:
> On 01/19/2011 04:24 PM, Stef Walter wrote:
> 
>> Imagine that one consumer A of a PKCS#11 module (like a library)
>> initializes successfully early, and then consumer B initializes with
>> CKR_ALREADY_INITIALIZED. If consumer A decides early on that it's done
>> with the PKCS#11 module, and decides to call CK_Finalize, then consumer
>> B loses access to the module.
> 
> Indeed but this is something that cannot be avoided.

So again we need to figure out what the solution is for
interoperability? Never calling CK_Finalize from a library?

>> One solution would be to recommend against using CK_Finalize from libraries.
>> It seems that PKCS#11 is lacking some sort of reference counting on
>> initialize/finalize.
> 
> Indeed. Pakchois adds a reference count on top of PKCS #11, but this
> assumes that everyone should use it to access pkcs #11.

Right, and so does libgck.

Cheers,

Stef

Follow-Ups:
- Re: gnome-keyring Multiple libraries using PKCS#11 modules and CKR_ALREADY_INITIALIZED
  - From: Nikos Mavrogiannopoulos

References:
- gnome-keyring Multiple libraries using PKCS#11 modules and CKR_ALREADY_INITIALIZED
  - From: Stef Walter
- Re: gnome-keyring Multiple libraries using PKCS#11 modules and CKR_ALREADY_INITIALIZED
  - From: Nikos Mavrogiannopoulos
- Re: gnome-keyring Multiple libraries using PKCS#11 modules and CKR_ALREADY_INITIALIZED
  - From: Stef Walter
- Re: gnome-keyring Multiple libraries using PKCS#11 modules and CKR_ALREADY_INITIALIZED
  - From: Nikos Mavrogiannopoulos

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]