[xmlsec] Re: get PKCS11 slot

[Andrew Fan]

Aleksey Sanin wrote:

> Andrew,
>
> First of all, please use xmlsec mailing list for any questions 
> regarding xmlsec.
> Otherwise, you messages have a very good chance to go to my trash (sorry,
> I recieve too many spam).
>
> Probably the simplest solution to your problem would be to have a special
> NSS specific function "SetSlot" that will set slot in 
> xmlSecNssEvpBlockCipherCtx
> structure. Later on, xmlSecNssEvpBlockCipherCtxInit() would use either 
> this
> slot or call GetBestSlot(). This would change an internal xmlsec-nss 
> structure
> not visible to user and I don't see any backward compatibility problems. 

Because the KeyData( Transform ) is intialized from an global list(  
xmlSecAllKeyDataIds/xmlSecAllTransformIds ), I can not forecast when and 
how the intiailization taken place,  so I can not directly set slot 
in xmlSecNssEvpBlockCipherCtx  in my application, some internal 
functions maybe swallow or ignore my settings in 
xmlSecNssEvpBlockCipherCtx .

I think, the way is set something global, such as the global PK11Slot, 
the function "SetSlot" and "GetSlot" access the global stuff in order to 
set or get a slot. xmlSecNssEvpBlockCipherCtxInit() , if GetSlot gets 
nothing, would use the GetBestSlot, otherwise, use the slot gotten by 
"GetSlot".

Global variable is not a good choice. Do you have any excellent suggestions?

Regards,
Andrew

>
>
> Aleksey
>
>
>
> Andrew Fan wrote:
>
>> Hi Aleksey,
>>
>> In the crypto engine implementation on NSS, you use the interface: 
>> PK11_GetBestSlot to initialize a slot( in cipher.c ). I think, if  a 
>> Kalss, such as xmlSecNssAes128CbcKlass can accept a parameter( 
>> PK11SlotInfo* ), it'll be better. Because a user maybe want to use a 
>> particular slot instead of the default ones. PK11-GetBestSlot can not 
>> tie to a particular slot, I think.
>>
>> If I correct, how can I feed the parameter( PK11SlotInfo* ) into a 
>> certain Klass?
>>
>> Thanks & Regards,
>> Andrew
>
>
>