summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/dev/devtoken.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/lib/dev/devtoken.c')
-rw-r--r--security/nss/lib/dev/devtoken.c93
1 files changed, 49 insertions, 44 deletions
diff --git a/security/nss/lib/dev/devtoken.c b/security/nss/lib/dev/devtoken.c
index 0adbca8bc..0d4c3b5a7 100644
--- a/security/nss/lib/dev/devtoken.c
+++ b/security/nss/lib/dev/devtoken.c
@@ -29,11 +29,16 @@ nssToken_Destroy(
{
if (tok) {
if (PR_ATOMIC_DECREMENT(&tok->base.refCount) == 0) {
+ PK11_FreeSlot(tok->pk11slot);
PZ_DestroyLock(tok->base.lock);
nssTokenObjectCache_Destroy(tok->cache);
- /* The token holds the first/last reference to the slot.
- * When the token is actually destroyed, that ref must go too.
- */
+
+ /* We're going away, let the nssSlot know in case it's held
+ * alive by someone else. Usually we should hold the last ref. */
+ nssSlot_EnterMonitor(tok->slot);
+ tok->slot->token = NULL;
+ nssSlot_ExitMonitor(tok->slot);
+
(void)nssSlot_Destroy(tok->slot);
return nssArena_Destroy(tok->base.arena);
}
@@ -368,8 +373,8 @@ loser:
return (nssCryptokiObject **)NULL;
}
-static nssCryptokiObject **
-find_objects_by_template(
+NSS_IMPLEMENT nssCryptokiObject **
+nssToken_FindObjectsByTemplate(
NSSToken *token,
nssSession *sessionOpt,
CK_ATTRIBUTE_PTR obj_template,
@@ -581,9 +586,9 @@ nssToken_FindObjects(
obj_template, obj_size,
maximumOpt, statusOpt);
} else {
- objects = find_objects_by_template(token, sessionOpt,
- obj_template, obj_size,
- maximumOpt, statusOpt);
+ objects = nssToken_FindObjectsByTemplate(token, sessionOpt,
+ obj_template, obj_size,
+ maximumOpt, statusOpt);
}
return objects;
}
@@ -612,9 +617,9 @@ nssToken_FindCertificatesBySubject(
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject);
NSS_CK_TEMPLATE_FINISH(subj_template, attr, stsize);
/* now locate the token certs matching this template */
- objects = find_objects_by_template(token, sessionOpt,
- subj_template, stsize,
- maximumOpt, statusOpt);
+ objects = nssToken_FindObjectsByTemplate(token, sessionOpt,
+ subj_template, stsize,
+ maximumOpt, statusOpt);
return objects;
}
@@ -642,9 +647,9 @@ nssToken_FindCertificatesByNickname(
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
NSS_CK_TEMPLATE_FINISH(nick_template, attr, ntsize);
/* now locate the token certs matching this template */
- objects = find_objects_by_template(token, sessionOpt,
- nick_template, ntsize,
- maximumOpt, statusOpt);
+ objects = nssToken_FindObjectsByTemplate(token, sessionOpt,
+ nick_template, ntsize,
+ maximumOpt, statusOpt);
if (!objects) {
/* This is to workaround the fact that PKCS#11 doesn't specify
* whether the '\0' should be included. XXX Is that still true?
@@ -653,9 +658,9 @@ nssToken_FindCertificatesByNickname(
* well, its needed by the builtin token...
*/
nick_template[0].ulValueLen++;
- objects = find_objects_by_template(token, sessionOpt,
- nick_template, ntsize,
- maximumOpt, statusOpt);
+ objects = nssToken_FindObjectsByTemplate(token, sessionOpt,
+ nick_template, ntsize,
+ maximumOpt, statusOpt);
}
return objects;
}
@@ -732,9 +737,9 @@ nssToken_FindCertificatesByID(
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
NSS_CK_TEMPLATE_FINISH(id_template, attr, idtsize);
/* now locate the token certs matching this template */
- objects = find_objects_by_template(token, sessionOpt,
- id_template, idtsize,
- maximumOpt, statusOpt);
+ objects = nssToken_FindObjectsByTemplate(token, sessionOpt,
+ id_template, idtsize,
+ maximumOpt, statusOpt);
return objects;
}
@@ -822,9 +827,9 @@ nssToken_FindCertificateByIssuerAndSerialNumber(
cert_template, ctsize,
1, statusOpt);
} else {
- objects = find_objects_by_template(token, sessionOpt,
- cert_template, ctsize,
- 1, statusOpt);
+ objects = nssToken_FindObjectsByTemplate(token, sessionOpt,
+ cert_template, ctsize,
+ 1, statusOpt);
}
if (objects) {
rvObject = objects[0];
@@ -849,9 +854,9 @@ nssToken_FindCertificateByIssuerAndSerialNumber(
cert_template, ctsize,
1, statusOpt);
} else {
- objects = find_objects_by_template(token, sessionOpt,
- cert_template, ctsize,
- 1, statusOpt);
+ objects = nssToken_FindObjectsByTemplate(token, sessionOpt,
+ cert_template, ctsize,
+ 1, statusOpt);
}
if (objects) {
rvObject = objects[0];
@@ -885,9 +890,9 @@ nssToken_FindCertificateByEncodedCertificate(
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_VALUE, encodedCertificate);
NSS_CK_TEMPLATE_FINISH(cert_template, attr, ctsize);
/* get the object handle */
- objects = find_objects_by_template(token, sessionOpt,
- cert_template, ctsize,
- 1, statusOpt);
+ objects = nssToken_FindObjectsByTemplate(token, sessionOpt,
+ cert_template, ctsize,
+ 1, statusOpt);
if (objects) {
rvObject = objects[0];
nss_ZFreeIf(objects);
@@ -917,9 +922,9 @@ nssToken_FindPrivateKeys(
}
NSS_CK_TEMPLATE_FINISH(key_template, attr, ktsize);
- objects = find_objects_by_template(token, sessionOpt,
- key_template, ktsize,
- maximumOpt, statusOpt);
+ objects = nssToken_FindObjectsByTemplate(token, sessionOpt,
+ key_template, ktsize,
+ maximumOpt, statusOpt);
return objects;
}
@@ -942,9 +947,9 @@ nssToken_FindPrivateKeyByID(
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, keyID);
NSS_CK_TEMPLATE_FINISH(key_template, attr, ktsize);
- objects = find_objects_by_template(token, sessionOpt,
- key_template, ktsize,
- 1, NULL);
+ objects = nssToken_FindObjectsByTemplate(token, sessionOpt,
+ key_template, ktsize,
+ 1, NULL);
if (objects) {
rvKey = objects[0];
nss_ZFreeIf(objects);
@@ -971,9 +976,9 @@ nssToken_FindPublicKeyByID(
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, keyID);
NSS_CK_TEMPLATE_FINISH(key_template, attr, ktsize);
- objects = find_objects_by_template(token, sessionOpt,
- key_template, ktsize,
- 1, NULL);
+ objects = nssToken_FindObjectsByTemplate(token, sessionOpt,
+ key_template, ktsize,
+ 1, NULL);
if (objects) {
rvKey = objects[0];
nss_ZFreeIf(objects);
@@ -1130,9 +1135,9 @@ nssToken_FindTrustForCertificate(
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, certIssuer);
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, certSerial);
NSS_CK_TEMPLATE_FINISH(tobj_template, attr, tobj_size);
- objects = find_objects_by_template(token, session,
- tobj_template, tobj_size,
- 1, NULL);
+ objects = nssToken_FindObjectsByTemplate(token, session,
+ tobj_template, tobj_size,
+ 1, NULL);
if (objects) {
object = objects[0];
nss_ZFreeIf(objects);
@@ -1215,9 +1220,9 @@ nssToken_FindCRLsBySubject(
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject);
NSS_CK_TEMPLATE_FINISH(crlobj_template, attr, crlobj_size);
- objects = find_objects_by_template(token, session,
- crlobj_template, crlobj_size,
- maximumOpt, statusOpt);
+ objects = nssToken_FindObjectsByTemplate(token, session,
+ crlobj_template, crlobj_size,
+ maximumOpt, statusOpt);
return objects;
}