Closed Bug 298627 Opened 15 years ago Closed 15 years ago

Need to give apps access to Random number generators on tokens.


(NSS :: Libraries, enhancement)

Not set


(Not tracked)



(Reporter: rrelyea, Assigned: rrelyea)


(Blocks 1 open bug)



(1 file, 1 obsolete file)

Currently apps only have one API to access the random number generator --
PK11_GenerateRandom. This function used the default token for Random numbers
(usually the softoken). Apps may need to grab random numbers from various other
tokens as well.

Currently there are functions to seed and read from the default random number
slot, and functions to seed a specific slot, but there is no function to
generate from a specific slot.
I thought steve had already written a bug on this, but I can't seem to find it,
so here's it is.
Target Milestone: --- → 3.11
Attachment #187158 - Flags: superreview?(julien.pierre.bugs)
Attachment #187158 - Flags: review?(wtchang)
Steve mentioned this bug in JSS bug 293908.  It is a good
idea to write this NSS bug for the NSS issue.
Blocks: 293908
Comment on attachment 187158 [details] [diff] [review]
Give Token Random number access to applications

Bob, you attached the wrong patch :-)
Attachment #187158 - Attachment is obsolete: true
Attachment #187158 - Flags: superreview?(julien.pierre.bugs)
Attachment #187158 - Flags: review?(wtchang)
Attachment #187160 - Flags: superreview?(julien.pierre.bugs)
Attachment #187160 - Flags: review?(wtchang)
There should also be the corresponding addition to nss/nss.def

I'll attach that patch after we branch and I can clear bug 294556.
Comment on attachment 187160 [details] [diff] [review]
Get the correct patch

r=wtc.	I assume the nss.def change is implied.
Attachment #187160 - Flags: review?(wtchang) → review+
Comment on attachment 187160 [details] [diff] [review]
Get the correct patch

Just curious: in PK11_SeedRandom, why don't we need to
protect the PK11_EnterSlotMonitor(slot) and
PK11_ExitSlotMonitor(slot) calls with "if (!slot->isInternal)",
as we do in PK11_GetRandom?

Nice to have: a name that self-documents the difference from
Technically we need to enter the slot monitor for both, but we 'know' that the
softoken is 'safe' to call in this case without a lock. C_SeedRandom is also
safe in the softoken, but it didn't show up as a bottleneck.

A agree with the need for a better name: PK11_GenerateRandomOnSlot() ?

Ah, now I remember.  It was done to reduce lock contention
inside PK11_GenerateRandom.

PK11_GenerateRandomOnSlot (or PK11_GenerateRandomOnToken)
sounds good.
Attachment #187160 - Flags: superreview?(julien.pierre.bugs) → superreview+
Checking in nss/nss.def;
/cvsroot/mozilla/security/nss/lib/nss/nss.def,v  <--  nss.def
new revision: 1.148; previous revision: 1.147
Checking in pk11wrap/pk11pub.h;
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11pub.h,v  <--  pk11pub.h
new revision: 1.7; previous revision: 1.6
Checking in pk11wrap/pk11slot.c;
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11slot.c,v  <--  pk11slot.c
new revision: 1.84; previous revision: 1.83
Closed: 15 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.