diff options
Diffstat (limited to 'security/nss/lib/dev/devtoken.c')
-rw-r--r-- | security/nss/lib/dev/devtoken.c | 93 |
1 files changed, 49 insertions, 44 deletions
diff --git a/security/nss/lib/dev/devtoken.c b/security/nss/lib/dev/devtoken.c index 0adbca8bc..0d4c3b5a7 100644 --- a/security/nss/lib/dev/devtoken.c +++ b/security/nss/lib/dev/devtoken.c @@ -29,11 +29,16 @@ nssToken_Destroy( { if (tok) { if (PR_ATOMIC_DECREMENT(&tok->base.refCount) == 0) { + PK11_FreeSlot(tok->pk11slot); PZ_DestroyLock(tok->base.lock); nssTokenObjectCache_Destroy(tok->cache); - /* The token holds the first/last reference to the slot. - * When the token is actually destroyed, that ref must go too. - */ + + /* We're going away, let the nssSlot know in case it's held + * alive by someone else. Usually we should hold the last ref. */ + nssSlot_EnterMonitor(tok->slot); + tok->slot->token = NULL; + nssSlot_ExitMonitor(tok->slot); + (void)nssSlot_Destroy(tok->slot); return nssArena_Destroy(tok->base.arena); } @@ -368,8 +373,8 @@ loser: return (nssCryptokiObject **)NULL; } -static nssCryptokiObject ** -find_objects_by_template( +NSS_IMPLEMENT nssCryptokiObject ** +nssToken_FindObjectsByTemplate( NSSToken *token, nssSession *sessionOpt, CK_ATTRIBUTE_PTR obj_template, @@ -581,9 +586,9 @@ nssToken_FindObjects( obj_template, obj_size, maximumOpt, statusOpt); } else { - objects = find_objects_by_template(token, sessionOpt, - obj_template, obj_size, - maximumOpt, statusOpt); + objects = nssToken_FindObjectsByTemplate(token, sessionOpt, + obj_template, obj_size, + maximumOpt, statusOpt); } return objects; } @@ -612,9 +617,9 @@ nssToken_FindCertificatesBySubject( NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject); NSS_CK_TEMPLATE_FINISH(subj_template, attr, stsize); /* now locate the token certs matching this template */ - objects = find_objects_by_template(token, sessionOpt, - subj_template, stsize, - maximumOpt, statusOpt); + objects = nssToken_FindObjectsByTemplate(token, sessionOpt, + subj_template, stsize, + maximumOpt, statusOpt); return objects; } @@ -642,9 +647,9 @@ nssToken_FindCertificatesByNickname( NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); NSS_CK_TEMPLATE_FINISH(nick_template, attr, ntsize); /* now locate the token certs matching this template */ - objects = find_objects_by_template(token, sessionOpt, - nick_template, ntsize, - maximumOpt, statusOpt); + objects = nssToken_FindObjectsByTemplate(token, sessionOpt, + nick_template, ntsize, + maximumOpt, statusOpt); if (!objects) { /* This is to workaround the fact that PKCS#11 doesn't specify * whether the '\0' should be included. XXX Is that still true? @@ -653,9 +658,9 @@ nssToken_FindCertificatesByNickname( * well, its needed by the builtin token... */ nick_template[0].ulValueLen++; - objects = find_objects_by_template(token, sessionOpt, - nick_template, ntsize, - maximumOpt, statusOpt); + objects = nssToken_FindObjectsByTemplate(token, sessionOpt, + nick_template, ntsize, + maximumOpt, statusOpt); } return objects; } @@ -732,9 +737,9 @@ nssToken_FindCertificatesByID( NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); NSS_CK_TEMPLATE_FINISH(id_template, attr, idtsize); /* now locate the token certs matching this template */ - objects = find_objects_by_template(token, sessionOpt, - id_template, idtsize, - maximumOpt, statusOpt); + objects = nssToken_FindObjectsByTemplate(token, sessionOpt, + id_template, idtsize, + maximumOpt, statusOpt); return objects; } @@ -822,9 +827,9 @@ nssToken_FindCertificateByIssuerAndSerialNumber( cert_template, ctsize, 1, statusOpt); } else { - objects = find_objects_by_template(token, sessionOpt, - cert_template, ctsize, - 1, statusOpt); + objects = nssToken_FindObjectsByTemplate(token, sessionOpt, + cert_template, ctsize, + 1, statusOpt); } if (objects) { rvObject = objects[0]; @@ -849,9 +854,9 @@ nssToken_FindCertificateByIssuerAndSerialNumber( cert_template, ctsize, 1, statusOpt); } else { - objects = find_objects_by_template(token, sessionOpt, - cert_template, ctsize, - 1, statusOpt); + objects = nssToken_FindObjectsByTemplate(token, sessionOpt, + cert_template, ctsize, + 1, statusOpt); } if (objects) { rvObject = objects[0]; @@ -885,9 +890,9 @@ nssToken_FindCertificateByEncodedCertificate( NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_VALUE, encodedCertificate); NSS_CK_TEMPLATE_FINISH(cert_template, attr, ctsize); /* get the object handle */ - objects = find_objects_by_template(token, sessionOpt, - cert_template, ctsize, - 1, statusOpt); + objects = nssToken_FindObjectsByTemplate(token, sessionOpt, + cert_template, ctsize, + 1, statusOpt); if (objects) { rvObject = objects[0]; nss_ZFreeIf(objects); @@ -917,9 +922,9 @@ nssToken_FindPrivateKeys( } NSS_CK_TEMPLATE_FINISH(key_template, attr, ktsize); - objects = find_objects_by_template(token, sessionOpt, - key_template, ktsize, - maximumOpt, statusOpt); + objects = nssToken_FindObjectsByTemplate(token, sessionOpt, + key_template, ktsize, + maximumOpt, statusOpt); return objects; } @@ -942,9 +947,9 @@ nssToken_FindPrivateKeyByID( NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, keyID); NSS_CK_TEMPLATE_FINISH(key_template, attr, ktsize); - objects = find_objects_by_template(token, sessionOpt, - key_template, ktsize, - 1, NULL); + objects = nssToken_FindObjectsByTemplate(token, sessionOpt, + key_template, ktsize, + 1, NULL); if (objects) { rvKey = objects[0]; nss_ZFreeIf(objects); @@ -971,9 +976,9 @@ nssToken_FindPublicKeyByID( NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, keyID); NSS_CK_TEMPLATE_FINISH(key_template, attr, ktsize); - objects = find_objects_by_template(token, sessionOpt, - key_template, ktsize, - 1, NULL); + objects = nssToken_FindObjectsByTemplate(token, sessionOpt, + key_template, ktsize, + 1, NULL); if (objects) { rvKey = objects[0]; nss_ZFreeIf(objects); @@ -1130,9 +1135,9 @@ nssToken_FindTrustForCertificate( NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, certIssuer); NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, certSerial); NSS_CK_TEMPLATE_FINISH(tobj_template, attr, tobj_size); - objects = find_objects_by_template(token, session, - tobj_template, tobj_size, - 1, NULL); + objects = nssToken_FindObjectsByTemplate(token, session, + tobj_template, tobj_size, + 1, NULL); if (objects) { object = objects[0]; nss_ZFreeIf(objects); @@ -1215,9 +1220,9 @@ nssToken_FindCRLsBySubject( NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject); NSS_CK_TEMPLATE_FINISH(crlobj_template, attr, crlobj_size); - objects = find_objects_by_template(token, session, - crlobj_template, crlobj_size, - maximumOpt, statusOpt); + objects = nssToken_FindObjectsByTemplate(token, session, + crlobj_template, crlobj_size, + maximumOpt, statusOpt); return objects; } |