/usr/share/gtk-doc/html/p11-kit/sharing.html is in libp11-kit-dev 0.12-2ubuntu1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Sharing PKCS#11 modules</title>
<meta name="generator" content="DocBook XSL Stylesheets V1.76.1">
<link rel="home" href="index.html" title="p11-kit">
<link rel="up" href="index.html" title="p11-kit">
<link rel="prev" href="config-locations.html" title="Configuration Files">
<link rel="next" href="sharing-initialize.html" title="Solution: p11-kit">
<meta name="generator" content="GTK-Doc V1.18 (XML mode)">
<link rel="stylesheet" href="style.css" type="text/css">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
<td><a accesskey="p" href="config-locations.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
<td> </td>
<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
<th width="100%" align="center">p11-kit</th>
<td><a accesskey="n" href="sharing-initialize.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
</tr></table>
<div class="chapter">
<div class="titlepage"><div><div><h2 class="title">
<a name="sharing"></a>Sharing PKCS#11 modules</h2></div></div></div>
<div class="toc"><dl>
<dt><span class="section"><a href="sharing.html#sharing-problem">Multiple consumers of PKCS#11 in a process</a></span></dt>
<dt><span class="section"><a href="sharing-initialize.html">Solution: p11-kit</a></span></dt>
<dt><span class="section"><a href="sharing-module.html">Solution: proxy module</a></span></dt>
</dl></div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="sharing-problem"></a>Multiple consumers of PKCS#11 in a process</h2></div></div></div>
<p>As more and more applications and libraries use PKCS#11 we run
into a very basic problem. The PKCS#11 modules cannot be initialized and
finalized properly without coordination between the various consumers.
</p>
<p>An example: An application might use GnuTLS for
TLS connections, and use libgcr for display of certificates. Both of
these want to load (and initialze) the same PKCS#11 modules. There are
many places where this situation occurs, including large applications
like Evolution which due to their dependencies end up using both NSS and
GnuTLS.</p>
<p>Consumer A loads a PKCS#11 module and uses the module's
C_Initialize function to initialize it, which works as expected.
When consumer B initializes the module (also using C_Initialize),
the error code <code class="literal">CKR_CRYPTOKI_ALREADY_INITIALIZED</code>
is correctly returned. This is normal PKCS#11 specification
defined behavior for when a module is initalized twice in the
same process. If consumer B is aware of this situation they may
choose to ignore this error code.</p>
<p>However when the consumer A is done with its use of the
PKCS#11 module it finalizes the module using the module's
C_Finalize function. This is expected of a well behaved PKCS#11
consumer. This then causes errors and/or crashes for consumer B,
which cannot know that the module has now been finalized out
from underneath it.</p>
<p>It is necessary for the two consumers to coordinate their
initialization and finalization in some fashion. In
<code class="literal">p11-kit</code> we provide this coordination in a
loosely coupled, backwards compatible, and flexible way.</p>
</div>
</div>
<div class="footer">
<hr>
Generated by GTK-Doc V1.18</div>
</body>
</html>
|