Closed Bug 298627 Opened 15 years ago Closed 15 years ago
Need to give apps access to Random number generators on tokens
Currently apps only have one API to access the random number generator -- PK11_GenerateRandom. This function used the default token for Random numbers (usually the softoken). Apps may need to grab random numbers from various other tokens as well. Currently there are functions to seed and read from the default random number slot, and functions to seed a specific slot, but there is no function to generate from a specific slot.
I thought steve had already written a bug on this, but I can't seem to find it, so here's it is.
Target Milestone: --- → 3.11
Steve mentioned this bug in JSS bug 293908. It is a good idea to write this NSS bug for the NSS issue.
Comment on attachment 187158 [details] [diff] [review] Give Token Random number access to applications Bob, you attached the wrong patch :-)
There should also be the corresponding addition to nss/nss.def I'll attach that patch after we branch and I can clear bug 294556.
Comment on attachment 187160 [details] [diff] [review] Get the correct patch r=wtc. I assume the nss.def change is implied.
Attachment #187160 - Flags: review?(wtchang) → review+
Comment on attachment 187160 [details] [diff] [review] Get the correct patch Just curious: in PK11_SeedRandom, why don't we need to protect the PK11_EnterSlotMonitor(slot) and PK11_ExitSlotMonitor(slot) calls with "if (!slot->isInternal)", as we do in PK11_GetRandom? Nice to have: a name that self-documents the difference from PK11_GenerateRandom.
Technically we need to enter the slot monitor for both, but we 'know' that the softoken is 'safe' to call in this case without a lock. C_SeedRandom is also safe in the softoken, but it didn't show up as a bottleneck. A agree with the need for a better name: PK11_GenerateRandomOnSlot() ? bob
Ah, now I remember. It was done to reduce lock contention inside PK11_GenerateRandom. PK11_GenerateRandomOnSlot (or PK11_GenerateRandomOnToken) sounds good.
Attachment #187160 - Flags: superreview?(julien.pierre.bugs) → superreview+
Checking in nss/nss.def; /cvsroot/mozilla/security/nss/lib/nss/nss.def,v <-- nss.def new revision: 1.148; previous revision: 1.147 done Checking in pk11wrap/pk11pub.h; /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11pub.h,v <-- pk11pub.h new revision: 1.7; previous revision: 1.6 done Checking in pk11wrap/pk11slot.c; /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11slot.c,v <-- pk11slot.c new revision: 1.84; previous revision: 1.83 done
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.