Re: create certificate problem

2002-10-17 Thread POC 
Would it be possible to have the following 2 functions added to the
next version of the NSS public API:

CERT_CreateCertificate;
CERT_CreateValidity;

Ian McGreer indicates that the 1st function will make it in NSS 3.5.
What about the 2nd one? It too would be most useful in creating a
certificate...

Also, where on mozilla's Web site can I find a time table for future
NSS releases (e.g., NSS 3.5)?

-- POC

Re: create certificate problem

2002-10-17 Thread Julien Pierre 
POC wrote:

Would it be possible to have the following 2 functions added to the
next version of the NSS public API:

CERT_CreateCertificate;
CERT_CreateValidity;

Ian McGreer indicates that the 1st function will make it in NSS 3.5.
What about the 2nd one? It too would be most useful in creating a
certificate...

Also, where on mozilla's Web site can I find a time table for future
NSS releases (e.g., NSS 3.5)?

-- POC



Both of these functions are exported in NSS 3.5 and above.
NSS 3.6 was just released, and is already a part of the Mozilla browser. 
You can pull the source tree from NSS_3_6_BRANCH .
As far as the Mozilla web site, 
http://www.mozilla.org/projects/security/pki/nss/ is the address. It 
doesn't seem that we have any info about anything past 3.4 .

So here is what's missing .

NSS 3.5 was a release for the Mozilla browser only. No other products 
are known to use it. You can pull it from NSS_3_5_BRANCH if interested.

NSS 3.6 is a release for a broader range of products, and contains many 
performance enhancements, in particular with revocation (CRLs).

See 
http://www.mozilla.org/projects/security/pki/nss/nss-3.6/nss-3.6-plan.html 
. It doesn't appear there is a link to that document frmo anywhere else 
on Mozilla.

http://www.mozilla.org/projects/security/pki/nss/nss-3.6/nss-3.6-plan.html

FYI, here is what we are working on now, though the feature list for NSS 
3.7 is still subject to change :

http://www.mozilla.org/projects/security/pki/nss/nss-3.7/nss-3.7-plan.html

Re: about opensession

2002-10-17 Thread pingzhenyu 
Dear Sir

First opensession
 slot-sessionIDCount=1
 slot-index=2
 sessionID=?(0x0202)


pk11queue_add(session,
sessionID=0x0202,slot-head,slot-sessHashSize=32);
{ int tmp = pk11_hash(id,hash_size); \
session-next = slot-head[2]; \
session-prev = NULL; \
 if (slot-head[2]) slot-head[2]-prev = session; \
 slot-head[2] = session; }

   result:
sessionID=0x0202;
session-next=NULL;
session-prev=NULL;
slot-head[2]=session;

 Second opensession

 sessionID=?(0x0203)

pk11queue_add(session,
sessionID=0x0203,slot-head,slot-sessHashSize=32);
{ int tmp = pk11_hash(id,hash_size); \
session-next = slot-head[3]; \
session-prev = NULL; \
 if (slot-head[3]) slot-head[3]-prev = session; \
 slot-head[3] = session; }

   result:
sessionID=0x0202;
session-next=NULL;
session-prev=NULL;
slot-head[3]=session;

my question:

1Does  it seem to be working as intended in the examples my gave above?
2if yes.   can you tell me  what is the relation  slot-head between
session?
3I read the sourcecode in fortpk11.c.  The following figure describes
the realton .



 look at the programm in the pkcs11.h

 suppose:

 First opensession
 slot-sessionIDCount=1
 slot-index=2

 [sessionID = (PR_AtomicIncrement(slot-sessionIDCount)  0xff)
 | (slot-index  24);]
 sessionID=?(0x0202)

 Second opensession

 sessionID=?(0x0203)




 /* NSC_OpenSession opens a session between an application and a token. */
 CK_RV NSC_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags,
CK_VOID_PTR pApplication,CK_NOTIFY Notify,CK_SESSION_HANDLE_PTR
 phSession)
 {
 PK11Slot *slot;
 CK_SESSION_HANDLE sessionID;
 PK11Session *session;
 PK11Session *sameID;

 slot = pk11_SlotFromID(slotID);
 if (slot == NULL) return CKR_SLOT_ID_INVALID;

 /* new session (we only have serial sessions) */
 session = pk11_NewSession(slotID, Notify, pApplication,
flags | CKF_SERIAL_SESSION);
 if (session == NULL) return CKR_HOST_MEMORY;

 PK11_USE_THREADS(PZ_Lock(slot-slotLock);)
 if (slot-readOnly  (flags  CKF_RW_SESSION)) {
  /* NETSCAPE_SLOT_ID is Read ONLY */
  session-info.flags = ~CKF_RW_SESSION;
 }
 slot-sessionCount++;
 if (session-info.flags  CKF_RW_SESSION) {
  slot-rwSessionCount++;
 }
 PK11_USE_THREADS(PZ_Unlock(slot-slotLock);)

 do {
 do {
 sessionID = (PR_AtomicIncrement(slot-sessionIDCount) 
 0xff)
 | (slot-index  24);
 } while (sessionID == CK_INVALID_HANDLE);
 PK11_USE_THREADS(PZ_Lock(PK11_SESSION_LOCK(slot,sessionID));)
 pk11queue_find(sameID, sessionID, slot-head, slot-sessHashSize);
 if (sameID == NULL) {
 session-handle = sessionID;
 pk11_update_state(slot, session);
 pk11queue_add(session, sessionID,
 slot-head,slot-sessHashSize);
 } else {
 slot-sessionIDConflict++;  /* for debugging */
 }
 PK11_USE_THREADS(PZ_Unlock(PK11_SESSION_LOCK(slot,sessionID));)
 } while (sameID != NULL);

 *phSession = sessionID;
 return CKR_OK;
 }



 /* queueing helper macros */
 #define pk11_hash(value,size) ((value)  (size-1))/*size must be a power
of
 2*/
 #define pk11queue_add(element,id,head,hash_size) \
  { int tmp = pk11_hash(id,hash_size); \
  (element)-next = (head)[tmp]; \
  (element)-prev = NULL; \
  if ((head)[tmp]) (head)[tmp]-prev = (element); \
  (head)[tmp] = (element); }
 #define pk11queue_find(element,id,head,hash_size) \
  for( (element) = (head)[pk11_hash(id,hash_size)]; (element) != NULL; \
   (element) = (element)-next) { \
  if ((element)-handle == (id)) { break; } }
 #define pk11queue_is_queued(element,id,head,hash_size) \
  ( ((element)-next) || ((element)-prev) || \
   ((head)[pk11_hash(id,hash_size)] == (element)) )
 #define pk11queue_delete(element,id,head,hash_size) \
  if ((element)-next) (element)-next-prev = (element)-prev; \
  if ((element)-prev) (element)-prev-next = (element)-next; \
 else (head)[pk11_hash(id,hash_size)] = ((element)-next); \
  (element)-next = NULL; \
  (element)-prev = NULL; \




begin 666 clip_image001.gif
M1TE.#EA*P)%`7`,2'^E-O9G1W87)E.B!-:6-R;W-O9G0@3V9F:6-E`'Y
M! $`+ $I`D4!@0```/___P$`P+_#(RGRL-GXQTVHJOSGS[
M#GYB2(YFB9YJRJYN[^R`=3VC?ZSO?^#PP*A\2B\8A,*I?,IO,)C4JGR@-
MBLUJM]RN]PL.B\?DLOF,3JO7[+8;:WW+Y_2Z_8[/Z_?\OO\/!@72%AH(B8
MJ+C(V.CX:#@(.4E9:7F)F:FYR=EY(^D9*CI*6FIZBIH::7:ZOH*RL[2YL)
M6HN;J[O+V^O[ZW,+/$Q;'R,G'PGK-SL_ P=+1W-/U]C9VMO5U9_60%'BX^
M3EYN?HZKKX_L/^#A\O/P\N2'^/GP^?'2#@_P\PH,!! L:/(@PH4(!K'3T
M6P@QHL2)%!G^5@QH\:-_PL;DO+F!/'D20YL0ALJ3*E1!/XDG),J9,@2Z?