Closed
Bug 248992
Opened 21 years ago
Closed 21 years ago
Mozilla mail calls PKCS#11 C_SignInit in wrong session (CKR_USER_NOT_LOGGED_IN)
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: nemec, Assigned: rrelyea)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113
Mozilla mail calls
C_OpenSession --- OK
C_Login(1. session) --- OK
C_OpenSession --- Why?
C_SignInit(2. session) --- Wrong! CKR_USER_NOT_LOGGED_IN
Reproducible: Always
Steps to Reproduce:
1. Get any PKCS#11 library (that can log), install it to Mozilla
2. Try to sign an e-mail with this library in Mozilla
3. See the log
Actual Results:
If PKCS#11 library requires user to be logged in (library should require it),
C_SignInit returns CKR_USER_NOT_LOGGED_IN and user sees an error dialog.
Expected Results:
C_OpenSession --- OK
C_Login(1. session) --- OK
C_SignInit(1. session) --- OK
...
|
Assignee | |
Comment 2•21 years ago
|
||
Someone misread the PKCS #11 spec. All sessions share the login state. The user
is describing exactly what NSS does, which is exactly how it is spec'd. For
more details see Chapter 6 of the PKCS #11 spec.
To answer the user as to why the second open session call. The first session
NSS uses for general house keeping (login/logout, etc). On tokens that support
multiple sessions, NSS puts each signature, decrypt, unwrap, etc on it's own
session. This allows parallization for those tokens that support it.
One hint, if you are having trouble supporting the full PKCS #11 session
semantics, try configuring your token to supply only 1 session. NSS will open
that session and use it exclusively and never try to open another.
bob
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•