On Mon, Aug 31, 2009 at 12:50 PM, Klaus Heinrich Kiwi<[email protected]> wrote: > While performing some tests with the openCryptoki library[1], I noted that > this implementations is actively pushing the CKF_SERIAL_SESSION bit into the > ->flags field in the client-provided CK_C_INITIALIZE_ARGS struct. This is > causing NSS to break when trying to load this as a pkcs11 modul,e as NSS > declares this struct to be a const.
Yes, NSS passes the address of this const struct: http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/pk11wrap/pk11load.c&rev=1.25&mark=83-88#83 to C_Initialize: http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/pk11wrap/pk11load.c&rev=1.25&mark=140,146#137 > I took a quick look at the most current spec and haven't seen anything > specifying access to this struct in C_Initialize (although I admit that > actively trying to change these flags on the Cryptoki side is probably a bad > idea). > > Is this something that should be explicitly covered by the spec or something > that should just be 'common sense'? The lack of 'const' pointers in the PKCS #11 API (specifically, the "pkcs11t.h" header) means all pointers are non-const even though some of them are actually meant to be const. It would be nice if we document the pointers that should be treated as const pointers by Cryptoki libraries. Wan-Teh ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Opencryptoki-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech
