diff options
author | J.C. Jones <jjones@mozilla.com> | 2020-11-09 11:26:00 -0700 |
---|---|---|
committer | J.C. Jones <jjones@mozilla.com> | 2020-11-09 11:26:00 -0700 |
commit | 48ad3d3033f214fc3629f99f556516d95564fdd7 (patch) | |
tree | 063e6ecb8ab7093814dfc1991bb687430249019c | |
parent | 38e4fcd01600c115a7501dad6f6f97cc66524add (diff) | |
download | nss-hg-48ad3d3033f214fc3629f99f556516d95564fdd7.tar.gz |
Backed out changeset aa6f29a76cfc for Certificates test failures
-rw-r--r-- | lib/certdb/certdb.c | 30 | ||||
-rw-r--r-- | lib/certdb/stanpcertdb.c | 14 | ||||
-rw-r--r-- | lib/pk11wrap/pk11cert.c | 7 | ||||
-rw-r--r-- | lib/pki/pki3hack.c | 11 |
4 files changed, 21 insertions, 41 deletions
diff --git a/lib/certdb/certdb.c b/lib/certdb/certdb.c index 024bd40ea..0796fe5d7 100644 --- a/lib/certdb/certdb.c +++ b/lib/certdb/certdb.c @@ -2908,16 +2908,16 @@ CERT_LockCertTrust(const CERTCertificate *cert) PZ_Lock(certTrustLock); } -static PZLock *certTempPermCertLock = NULL; +static PZLock *certTempPermLock = NULL; /* - * Acquire the cert temp/perm/nssCert lock + * Acquire the cert temp/perm lock */ void CERT_LockCertTempPerm(const CERTCertificate *cert) { - PORT_Assert(certTempPermCertLock != NULL); - PZ_Lock(certTempPermCertLock); + PORT_Assert(certTempPermLock != NULL); + PZ_Lock(certTempPermLock); } SECStatus @@ -2941,10 +2941,10 @@ cert_InitLocks(void) } } - if (certTempPermCertLock == NULL) { - certTempPermCertLock = PZ_NewLock(nssILockCertDB); - PORT_Assert(certTempPermCertLock != NULL); - if (!certTempPermCertLock) { + if (certTempPermLock == NULL) { + certTempPermLock = PZ_NewLock(nssILockCertDB); + PORT_Assert(certTempPermLock != NULL); + if (!certTempPermLock) { PZ_DestroyLock(certTrustLock); PZ_DestroyLock(certRefCountLock); certRefCountLock = NULL; @@ -2977,10 +2977,10 @@ cert_DestroyLocks(void) rv = SECFailure; } - PORT_Assert(certTempPermCertLock != NULL); - if (certTempPermCertLock) { - PZ_DestroyLock(certTempPermCertLock); - certTempPermCertLock = NULL; + PORT_Assert(certTempPermLock != NULL); + if (certTempPermLock) { + PZ_DestroyLock(certTempPermLock); + certTempPermLock = NULL; } else { rv = SECFailure; } @@ -2999,13 +2999,13 @@ CERT_UnlockCertTrust(const CERTCertificate *cert) } /* - * Free the temp/perm/nssCert lock + * Free the temp/perm lock */ void CERT_UnlockCertTempPerm(const CERTCertificate *cert) { - PORT_Assert(certTempPermCertLock != NULL); - PRStatus prstat = PZ_Unlock(certTempPermCertLock); + PORT_Assert(certTempPermLock != NULL); + PRStatus prstat = PZ_Unlock(certTempPermLock); PORT_AssertArg(prstat == PR_SUCCESS); } diff --git a/lib/certdb/stanpcertdb.c b/lib/certdb/stanpcertdb.c index 1aeddebe3..e2a668bb1 100644 --- a/lib/certdb/stanpcertdb.c +++ b/lib/certdb/stanpcertdb.c @@ -311,9 +311,7 @@ __CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname, nssPKIObject_AddInstance(&c->object, permInstance); nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1); /* reset the CERTCertificate fields */ - CERT_LockCertTempPerm(cert); cert->nssCertificate = NULL; - CERT_UnlockCertTempPerm(cert); cert = STAN_GetCERTCertificateOrRelease(c); /* should return same pointer */ if (!cert) { CERT_MapStanError(); @@ -810,17 +808,9 @@ CERT_DestroyCertificate(CERTCertificate *cert) /* don't use STAN_GetNSSCertificate because we don't want to * go to the trouble of translating the CERTCertificate into * an NSSCertificate just to destroy it. If it hasn't been done - * yet, don't do it at all - * - * cert->nssCertificate contains its own locks and refcount, but as it - * may be NULL, the pointer itself must be guarded by some other lock. - * Rather than creating a new global lock for only this purpose, share - * an existing global lock that happens to be taken near the write in - * fill_CERTCertificateFields(). The longer-term goal is to refactor - * all these global locks to be certificate-scoped. */ - CERT_LockCertTempPerm(cert); + * yet, don't do it at all. + */ NSSCertificate *tmp = cert->nssCertificate; - CERT_UnlockCertTempPerm(cert); if (tmp) { /* delete the NSSCertificate */ NSSCertificate_Destroy(tmp); diff --git a/lib/pk11wrap/pk11cert.c b/lib/pk11wrap/pk11cert.c index 9c745d7b8..659f3a8f6 100644 --- a/lib/pk11wrap/pk11cert.c +++ b/lib/pk11wrap/pk11cert.c @@ -1148,11 +1148,8 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert, } /* need to get the cert as a stan cert */ - CERT_LockCertTempPerm(cert); - NSSCertificate *nssCert = cert->nssCertificate; - CERT_UnlockCertTempPerm(cert); - if (nssCert) { - c = nssCert; + if (cert->nssCertificate) { + c = cert->nssCertificate; } else { c = STAN_GetNSSCertificate(cert); if (c == NULL) { diff --git a/lib/pki/pki3hack.c b/lib/pki/pki3hack.c index 7fe9113e4..eac4a5705 100644 --- a/lib/pki/pki3hack.c +++ b/lib/pki/pki3hack.c @@ -866,9 +866,9 @@ fill_CERTCertificateFields(NSSCertificate *c, CERTCertificate *cc, PRBool forced CERT_LockCertTempPerm(cc); cc->istemp = PR_FALSE; /* CERT_NewTemp will override this */ cc->isperm = PR_TRUE; /* by default */ + CERT_UnlockCertTempPerm(cc); /* pointer back */ cc->nssCertificate = c; - CERT_UnlockCertTempPerm(cc); if (trust) { /* force the cert type to be recomputed to include trust info */ PRUint32 nsCertType = cert_ComputeCertType(cc); @@ -919,10 +919,7 @@ stan_GetCERTCertificate(NSSCertificate *c, PRBool forceUpdate) nss_SetError(NSS_ERROR_INTERNAL_ERROR); goto loser; } - CERT_LockCertTempPerm(cc); - NSSCertificate *nssCert = cc->nssCertificate; - CERT_UnlockCertTempPerm(cc); - if (!nssCert || forceUpdate) { + if (!cc->nssCertificate || forceUpdate) { fill_CERTCertificateFields(c, cc, forceUpdate); } else if (CERT_GetCertTrust(cc, &certTrust) != SECSuccess) { CERTCertTrust *trust; @@ -1021,9 +1018,7 @@ STAN_GetNSSCertificate(CERTCertificate *cc) nssCryptokiInstance *instance; nssPKIObject *pkiob; NSSArena *arena; - CERT_LockCertTempPerm(cc); c = cc->nssCertificate; - CERT_UnlockCertTempPerm(cc); if (c) { return c; } @@ -1088,9 +1083,7 @@ STAN_GetNSSCertificate(CERTCertificate *cc) nssPKIObject_AddInstance(&c->object, instance); } c->decoding = create_decoded_pkix_cert_from_nss3cert(NULL, cc); - CERT_LockCertTempPerm(cc); cc->nssCertificate = c; - CERT_UnlockCertTempPerm(cc); return c; } |