NSS needs to handle better token insertion and removal.

RESOLVED FIXED in 3.9.3

Status

NSS
Libraries
P2
enhancement
RESOLVED FIXED
13 years ago
13 years ago

People

(Reporter: Robert Relyea, Assigned: Robert Relyea)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 4 obsolete attachments)

(Assignee)

Description

13 years ago
Currently NSS handles token insertion and removals by polling. PKCS #11 supplies
and interface for us to get token events. NSS needs a function give applications
access to this server.

PKCS 2.20 also allows for the slotlist to grow as new slots are dynamically
added. NSS needs a way to grow it's slotlist on the fly as well.
(Assignee)

Updated

13 years ago
Target Milestone: --- → 3.9.3
(Assignee)

Comment 1

13 years ago
Created attachment 154054 [details] [diff] [review]
Add functions to wait for new token events and update new slots on the fly.

This code adds new several new functions:

SECMOD_WaitForAnyTokenEvent - waits for a token insertion or removal using the
PKCS#11 C_WaitForSlotEvent() call. If the module does not support the call, a
polling method is invoked. This varies from the previous attempt and defining
an API for this function in that The previous call waited for a single slot,
not on a whole module. The new interface is more efficient, and matches the
PKCS #11 interface better.

SECMOD_CancelWait() - cancels a pending wait. The only way to do this in PKCS
#11 is to call Finalize, so this function should really only be used while
shutting down (though it does re-init the module).

SECMOD_UpdateSlotList() - applications can call this function whenever the
application feels new slots may have been added. SECMOD_WaitForAnyTokenEvent
automatically calls SECMOD_UpdateSlotList whenever it gets a slot id that it
doesn't recognize.

This patch adds a new element to a public data structure (evControlMask). It
also adds the requirement that applications need to get the moduleList ReadLock
when examining the slots[] array directly. This is only necessary if the
application calls SECMOD_UpdateSlotList or SECMOD_WaitForAnyTokenEvent, so
existing apps do not have an issue.
(Assignee)

Updated

13 years ago
Attachment #154054 - Flags: superreview?(kinmoz)
Attachment #154054 - Flags: review?(wchang0222)
(Assignee)

Comment 2

13 years ago
Created attachment 154055 [details] [diff] [review]
Really the" Add functions to wait for new token events and update new slots on the fly." patch

The other was from another tree... the refactoring patch
Attachment #154054 - Attachment is obsolete: true
(Assignee)

Updated

13 years ago
Attachment #154055 - Flags: superreview?(kinmoz)
Attachment #154055 - Flags: review?(wchang0222)
(Assignee)

Updated

13 years ago
Attachment #154054 - Flags: superreview?(kinmoz)
Attachment #154054 - Flags: review?(wchang0222)
(Assignee)

Comment 3

13 years ago
Comment on attachment 154055 [details] [diff] [review]
Really the" Add functions to wait for new token events and update new slots on the fly." patch

Changing review from wan-teh (going on vacation) to nelson (returning from
vaction).
Attachment #154055 - Flags: review?(wchang0222) → review?(nelson)
Comment on attachment 154055 [details] [diff] [review]
Really the" Add functions to wait for new token events and update new slots on the fly." patch

I gave Bob a written  set of review feedback.
Attachment #154055 - Flags: review?(nelson) → review-
(Assignee)

Comment 5

13 years ago
Created attachment 154630 [details] [diff] [review]
Address Nelson's review comments.

The major change is adding locking around trust domain access to the token list
and the token iterator. The PKCS #11 module list reader/writer locks have also
been converted to use the NSS reader/writer lock support.
(Assignee)

Updated

13 years ago
Attachment #154055 - Attachment is obsolete: true
(Assignee)

Comment 6

13 years ago
Created attachment 154631 [details] [diff] [review]
Oops wrong patch, Let's try this again...
Attachment #154630 - Attachment is obsolete: true
(Assignee)

Comment 7

13 years ago
Created attachment 154632 [details] [diff] [review]
This *should* be the correct patch...

It's time to go home... bob needs to get some sleep before he touches anymore C
code...
Attachment #154631 - Attachment is obsolete: true
(Assignee)

Comment 8

13 years ago
Comment on attachment 154632 [details] [diff] [review]
This *should* be the correct patch...

OK, this is the one that needs to be reviewed.
Attachment #154632 - Flags: review?(nelson)
(Assignee)

Comment 9

13 years ago
Checkin log for NSS 3.9

Checking in nss/nss.def;
/cvsroot/mozilla/security/nss/lib/nss/nss.def,v  <--  nss.def
new revision: 1.128.4.2; previous revision: 1.128.4.1
done
Checking in pk11wrap/pk11err.c;
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11err.c,v  <--  pk11err.c
new revision: 1.1.276.1; previous revision: 1.1
done
Checking in pk11wrap/pk11list.c;
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11list.c,v  <--  pk11list.c
new revision: 1.3.238.1; previous revision: 1.3
done
Checking in pk11wrap/pk11load.c;
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11load.c,v  <--  pk11load.c
new revision: 1.9.16.1; previous revision: 1.9
done
Checking in pk11wrap/pk11pars.c;
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11pars.c,v  <--  pk11pars.c
new revision: 1.14.16.1; previous revision: 1.14
done
Checking in pk11wrap/pk11util.c;
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11util.c,v  <--  pk11util.c
new revision: 1.41.16.1; previous revision: 1.41
done
Checking in pk11wrap/secmod.h;
/cvsroot/mozilla/security/nss/lib/pk11wrap/secmod.h,v  <--  secmod.h
new revision: 1.17.16.1; previous revision: 1.17
done
Checking in pk11wrap/secmodi.h;
/cvsroot/mozilla/security/nss/lib/pk11wrap/secmodi.h,v  <--  secmodi.h
new revision: 1.14.16.2; previous revision: 1.14.16.1
done
Checking in pk11wrap/secmodt.h;
/cvsroot/mozilla/security/nss/lib/pk11wrap/secmodt.h,v  <--  secmodt.h
new revision: 1.20.16.2; previous revision: 1.20.16.1
done
Checking in pk11wrap/secmodti.h;
/cvsroot/mozilla/security/nss/lib/pk11wrap/secmodti.h,v  <--  secmodti.h
new revision: 1.16.16.2; previous revision: 1.16.16.1
done
Checking in pki/pki3hack.c;
/cvsroot/mozilla/security/nss/lib/pki/pki3hack.c,v  <--  pki3hack.c
new revision: 1.79.14.2; previous revision: 1.79.14.1
done
Checking in pki/pki3hack.h;
/cvsroot/mozilla/security/nss/lib/pki/pki3hack.h,v  <--  pki3hack.h
new revision: 1.15.16.2; previous revision: 1.15.16.1
done
Checking in pki/pkit.h;
/cvsroot/mozilla/security/nss/lib/pki/pkit.h,v  <--  pkit.h
new revision: 1.13.98.1; previous revision: 1.13
done
Checking in pki/trustdomain.c;
/cvsroot/mozilla/security/nss/lib/pki/trustdomain.c,v  <--  trustdomain.c
new revision: 1.48.38.1; previous revision: 1.48
done
Checking in util/secerr.h;
/cvsroot/mozilla/security/nss/lib/util/secerr.h,v  <--  secerr.h
new revision: 1.12.16.2; previous revision: 1.12.16.1
done
(Assignee)

Comment 10

13 years ago
Checkin log to tip:

Checking in nss/nss.def;
/cvsroot/mozilla/security/nss/lib/nss/nss.def,v  <--  nss.def
new revision: 1.133; previous revision: 1.132
done
Checking in pk11wrap/pk11err.c;
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11err.c,v  <--  pk11err.c
new revision: 1.3; previous revision: 1.2
done
Checking in pk11wrap/pk11list.c;
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11list.c,v  <--  pk11list.c
new revision: 1.6; previous revision: 1.5
done
Checking in pk11wrap/pk11load.c;
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11load.c,v  <--  pk11load.c
new revision: 1.14; previous revision: 1.13
done
Checking in pk11wrap/pk11pars.c;
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11pars.c,v  <--  pk11pars.c
new revision: 1.17; previous revision: 1.16
done
Checking in pk11wrap/pk11util.c;
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11util.c,v  <--  pk11util.c
new revision: 1.44; previous revision: 1.43
done
Checking in pk11wrap/secmod.h;
/cvsroot/mozilla/security/nss/lib/pk11wrap/secmod.h,v  <--  secmod.h
new revision: 1.20; previous revision: 1.19
done
Checking in pk11wrap/secmodi.h;
/cvsroot/mozilla/security/nss/lib/pk11wrap/secmodi.h,v  <--  secmodi.h
new revision: 1.19; previous revision: 1.18
done
Checking in pk11wrap/secmodt.h;
/cvsroot/mozilla/security/nss/lib/pk11wrap/secmodt.h,v  <--  secmodt.h
new revision: 1.24; previous revision: 1.23
done
Checking in pk11wrap/secmodti.h;
/cvsroot/mozilla/security/nss/lib/pk11wrap/secmodti.h,v  <--  secmodti.h
new revision: 1.20; previous revision: 1.19
done
Checking in pki/pki3hack.c;
/cvsroot/mozilla/security/nss/lib/pki/pki3hack.c,v  <--  pki3hack.c
new revision: 1.83; previous revision: 1.82
done
Checking in pki/pki3hack.h;
/cvsroot/mozilla/security/nss/lib/pki/pki3hack.h,v  <--  pki3hack.h
new revision: 1.18; previous revision: 1.17
done
Checking in pki/pkit.h;
/cvsroot/mozilla/security/nss/lib/pki/pkit.h,v  <--  pkit.h
new revision: 1.16; previous revision: 1.15
done
Checking in pki/trustdomain.c;
/cvsroot/mozilla/security/nss/lib/pki/trustdomain.c,v  <--  trustdomain.c
new revision: 1.50; previous revision: 1.49
done
Checking in util/secerr.h;
/cvsroot/mozilla/security/nss/lib/util/secerr.h,v  <--  secerr.h
new revision: 1.16; previous revision: 1.15
done
Status: NEW → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → FIXED
Comment on attachment 154632 [details] [diff] [review]
This *should* be the correct patch...

I gave Bob verbal r=nelson before the checkins.
Attachment #154632 - Flags: review?(nelson) → review+
Priority: -- → P2
(Assignee)

Updated

13 years ago
Attachment #154055 - Flags: superreview?(kinmoz)
You need to log in before you can comment on or make changes to this bug.