On Tue, Jul 8, 2008 at 7:14 AM, Andrei Korostelev <[EMAIL PROTECTED]> wrote: > Hi all, > > PK11_SetPasswordFunc (http://www.mozilla.org/projects/security/pki/nss/ > nss-3.4/nss-3.4-functions.html) callback is used to access the > password-protected slots. The problem is that PK11_SetPasswordFunc is > too global: when called from Firefox address space it sets the same > password callback to access _all_ slots. This way we fall into > problems if, say, we have several PKCS#11 slots (e.g. one internal > built-in and one external) each having its own password callback. > > I wonder what was the idea behind using PK11_SetPasswordFunc globally > and not per slot?
PKCS #11 slots don't have password callbacks. The application has a password callback. This is why the password callback is global in the process address space. For example, Firefox uses a UI dialog to ask the user to enter a password. The same password dialog can obtain the password for any PKCS #11 slot. Wan-Teh _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security