Martin Paljak wrote, On 2008-12-05 07:03: > Hi! > > PKCS#11 modules advertise its versions in two different places: in the > structure returned by C_GetFunctionList and in C_GetInfo. What happens > if those versions mismatch or which one has higher priority?
Answering only for NSS, NSS ignores the value in the structure returned by C_GetFunctionList, and only pays attention to the value in the structure returned by C_GetInfo. > Does the version number change the way NSS (or Firefox in that matter) > behaves? NSS requires that the major version number be exactly 2. The minor version number affects two aspects of NSS's behavior towards that module. 1) It affects the value of the argument passed to C_Initialize. If the minor version number is zero, NSS knows that it must pass a NULL argument to C_Initialize, and must provide its own locking around many calls to PKCS#11 functions, because v2.0 modules are not defined to provide their own. Otherwise, NSS passes the address of a CK_C_INITIALIZE_ARGS structure to C_Initialize, and determines whether the module requires external locking through other means. 2) It affects how NSS waits for events from slots, such as token insertion and removal events. If the minor version number is non-zero, NSS uses C_WaitForSlotEvent. If the minor version number is zero, or if C_WaitForSlotEvent returns CKR_FUNCTION_NOT_SUPPORTED, NSS uses its own algorithm, polling periodically to wait for slot events. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
