Closed Bug 177391 Opened 23 years ago Closed 23 years ago

Add a new function that blocks the calling thread until a token is removed

Categories

(NSS :: Libraries, enhancement, P1)

enhancement

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: wtc, Assigned: rrelyea)

Details

Attachments

(3 files)

Since PKCS #11 does not have a notification mechanism for the token removal events, we will need to resort to a polling mechanism. This RFE proposes that we add a function that polls the slots periodically for token presence. It returns to the caller as soon as a token is found to be removed. The application needs to provide the thread to call this function.
Priority: -- → P1
Target Milestone: --- → 3.7
Version: 3.5 → unspecified
Moved to target milestone 3.8 because the original NSS 3.7 release has been renamed 3.8.
Target Milestone: 3.7 → 3.8
We decided to include this new function in the 3.7 release, and Bob will implement it. Bob, please write a description of the function for review.
Assignee: jpierre → relyea
Target Milestone: 3.8 → 3.7
patch 1: pk11wrap changes.
Export our new file...
Attached file Test program...
Ready for review for an early morning checking.
Comment on attachment 108936 [details] [diff] [review] patch 2: changes to nss.def trailing semicolon missing
Attachment #108936 - Flags: review-
Comment on attachment 108935 [details] [diff] [review] patch 1: pk11wrap changes. I found two bugs in the handling of timeout. I suggest adding some comments to explain the token statuses and events, in particular the "changed" status, and how this function is supposed to be used. Bob, I left a copy of this patch with my comments at your desk.
Attachment #108935 - Flags: review-
Comment on attachment 108937 [details] Test program... Bob, you can consider adding this test (remtest.c) to the new mozilla/security/nss/cmd/tests directory. Also, instead of attaching a zip file, you can cvs add the new files and then use cvs diff -uN to generate the patch. The -N option includes the new files in the patch.
Bob, should the test call PK11_IsPresent before it enters the do-while loop calling PK11_WaitForTokenEvent? Seems like you should call PK11_IsPresent to obtain the initial token status.
Comment on attachment 108935 [details] [diff] [review] patch 1: pk11wrap changes. Another issue with this patch is that the detection of the "changed" event is unreliable if some other thread is calling PK11_IsPresent (directly or via other NSS functions) at the same time. The "changed" event is detected by a change in the slot series. At the beginning of PK11_WaitForTokenEvent we call PK11_GetSlotSeries to get the old slot series. If another thread calls PK11_IsPresent before our PK11_GetSlotSeries call, we will get the new slot series instead and won't see the change in the slot series. Here is a proposed solution. 1. Modify the PK11_WaitForTokenEvent function prototype. The caller passes in the old slot series as an argument. If the "present" or "changed" status is returned, the function also returns the current slot series to the caller. 2. It would be good to have a variant of the PK11_IsPresent function that also returns the current slot series if the token is present. This is because we should get the slot series and the token presence info *atomically* to get the most accurate slot series.
patches checked in (to tip and 3.7)
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: