Hello,
I am developing a PKCS#11 module and stumbled upon a confusion as how to
manage multiple applications calling Cryptoki calls. I can't seem to get
an answer by reading the PKCS#11 specification, nor by googling, so I am
asking you :)
Currently, I have a boolean flag indicating whether C_Initialize has
been called. It is set to true in call to C_Initialize, and back to
false in C_Finalize. Now, when I load my module into Firefox, it calls
C_Initialize upon its start and C_Finalize when closing the last window.
But when I launch Thunderbird (with the module loaded as well) while
Firefox is already running, it calls C_Initialize, and, obviously fails
with CKR_CRYPTOKI_ALREADY_INITIALIZED.
From what I understood from the specification, access to a Cryptoki
library should be permitted for more applications simultaneously. The
problem is, I don't have any form of application identification on
C_Initialize; only on C_OpenSession (the pApplication pointer). If I am
to implement application identification on C_OpenSession, then when is
C_Initialize supposed to return CKR_CRYPTOKI_ALREADY_INITIALIZED and
when CKR_OK? I don't have a way of knowing if it's the same or new
application trying to initalize the library.
Any clues, please?
M. Kurpel
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
