Backed out changeset aa6f29a76cfc for Certificates test failures

4 files changed, 21 insertions, 41 deletions

diff --git a/lib/certdb/certdb.c b/lib/certdb/certdb.c
index 024bd40ea..0796fe5d7 100644
--- a/lib/certdb/certdb.c
+++ b/lib/certdb/certdb.c
@@ -2908,16 +2908,16 @@ CERT_LockCertTrust(const CERTCertificate *cert)
     PZ_Lock(certTrustLock);
 }
 
-static PZLock *certTempPermCertLock = NULL;
+static PZLock *certTempPermLock = NULL;
 
 /*
- * Acquire the cert temp/perm/nssCert lock
+ * Acquire the cert temp/perm lock
  */
 void
 CERT_LockCertTempPerm(const CERTCertificate *cert)
 {
-    PORT_Assert(certTempPermCertLock != NULL);
-    PZ_Lock(certTempPermCertLock);
+    PORT_Assert(certTempPermLock != NULL);
+    PZ_Lock(certTempPermLock);
 }
 
 SECStatus
@@ -2941,10 +2941,10 @@ cert_InitLocks(void)
         }
     }
 
-    if (certTempPermCertLock == NULL) {
-        certTempPermCertLock = PZ_NewLock(nssILockCertDB);
-        PORT_Assert(certTempPermCertLock != NULL);
-        if (!certTempPermCertLock) {
+    if (certTempPermLock == NULL) {
+        certTempPermLock = PZ_NewLock(nssILockCertDB);
+        PORT_Assert(certTempPermLock != NULL);
+        if (!certTempPermLock) {
             PZ_DestroyLock(certTrustLock);
             PZ_DestroyLock(certRefCountLock);
             certRefCountLock = NULL;
@@ -2977,10 +2977,10 @@ cert_DestroyLocks(void)
         rv = SECFailure;
     }
 
-    PORT_Assert(certTempPermCertLock != NULL);
-    if (certTempPermCertLock) {
-        PZ_DestroyLock(certTempPermCertLock);
-        certTempPermCertLock = NULL;
+    PORT_Assert(certTempPermLock != NULL);
+    if (certTempPermLock) {
+        PZ_DestroyLock(certTempPermLock);
+        certTempPermLock = NULL;
     } else {
         rv = SECFailure;
     }
@@ -2999,13 +2999,13 @@ CERT_UnlockCertTrust(const CERTCertificate *cert)
 }
 
 /*
- * Free the temp/perm/nssCert lock
+ * Free the temp/perm lock
  */
 void
 CERT_UnlockCertTempPerm(const CERTCertificate *cert)
 {
-    PORT_Assert(certTempPermCertLock != NULL);
-    PRStatus prstat = PZ_Unlock(certTempPermCertLock);
+    PORT_Assert(certTempPermLock != NULL);
+    PRStatus prstat = PZ_Unlock(certTempPermLock);
     PORT_AssertArg(prstat == PR_SUCCESS);
 }
 
diff --git a/lib/certdb/stanpcertdb.c b/lib/certdb/stanpcertdb.c
index 1aeddebe3..e2a668bb1 100644
--- a/lib/certdb/stanpcertdb.c
+++ b/lib/certdb/stanpcertdb.c
@@ -311,9 +311,7 @@ __CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname,
     nssPKIObject_AddInstance(&c->object, permInstance);
     nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1);
     /* reset the CERTCertificate fields */
-    CERT_LockCertTempPerm(cert);
     cert->nssCertificate = NULL;
-    CERT_UnlockCertTempPerm(cert);
     cert = STAN_GetCERTCertificateOrRelease(c); /* should return same pointer */
     if (!cert) {
         CERT_MapStanError();
@@ -810,17 +808,9 @@ CERT_DestroyCertificate(CERTCertificate *cert)
         /* don't use STAN_GetNSSCertificate because we don't want to
          * go to the trouble of translating the CERTCertificate into
          * an NSSCertificate just to destroy it.  If it hasn't been done
-         * yet, don't do it at all
-         *
-         * cert->nssCertificate contains its own locks and refcount, but as it
-         * may be NULL, the pointer itself must be guarded by some other lock.
-         * Rather than creating a new global lock for only this purpose, share
-         * an existing global lock that happens to be taken near the write in
-         * fill_CERTCertificateFields(). The longer-term goal is to refactor
-         * all these global locks to be certificate-scoped. */
-        CERT_LockCertTempPerm(cert);
+         * yet, don't do it at all.
+         */
         NSSCertificate *tmp = cert->nssCertificate;
-        CERT_UnlockCertTempPerm(cert);
         if (tmp) {
             /* delete the NSSCertificate */
             NSSCertificate_Destroy(tmp);
diff --git a/lib/pk11wrap/pk11cert.c b/lib/pk11wrap/pk11cert.c
index 9c745d7b8..659f3a8f6 100644
--- a/lib/pk11wrap/pk11cert.c
+++ b/lib/pk11wrap/pk11cert.c
@@ -1148,11 +1148,8 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert,
     }
 
     /* need to get the cert as a stan cert */
-    CERT_LockCertTempPerm(cert);
-    NSSCertificate *nssCert = cert->nssCertificate;
-    CERT_UnlockCertTempPerm(cert);
-    if (nssCert) {
-        c = nssCert;
+    if (cert->nssCertificate) {
+        c = cert->nssCertificate;
     } else {
         c = STAN_GetNSSCertificate(cert);
         if (c == NULL) {
diff --git a/lib/pki/pki3hack.c b/lib/pki/pki3hack.c
index 7fe9113e4..eac4a5705 100644
--- a/lib/pki/pki3hack.c
+++ b/lib/pki/pki3hack.c
@@ -866,9 +866,9 @@ fill_CERTCertificateFields(NSSCertificate *c, CERTCertificate *cc, PRBool forced
     CERT_LockCertTempPerm(cc);
     cc->istemp = PR_FALSE; /* CERT_NewTemp will override this */
     cc->isperm = PR_TRUE;  /* by default */
+    CERT_UnlockCertTempPerm(cc);
     /* pointer back */
     cc->nssCertificate = c;
-    CERT_UnlockCertTempPerm(cc);
     if (trust) {
         /* force the cert type to be recomputed to include trust info */
         PRUint32 nsCertType = cert_ComputeCertType(cc);
@@ -919,10 +919,7 @@ stan_GetCERTCertificate(NSSCertificate *c, PRBool forceUpdate)
         nss_SetError(NSS_ERROR_INTERNAL_ERROR);
         goto loser;
     }
-    CERT_LockCertTempPerm(cc);
-    NSSCertificate *nssCert = cc->nssCertificate;
-    CERT_UnlockCertTempPerm(cc);
-    if (!nssCert || forceUpdate) {
+    if (!cc->nssCertificate || forceUpdate) {
         fill_CERTCertificateFields(c, cc, forceUpdate);
     } else if (CERT_GetCertTrust(cc, &certTrust) != SECSuccess) {
         CERTCertTrust *trust;
@@ -1021,9 +1018,7 @@ STAN_GetNSSCertificate(CERTCertificate *cc)
     nssCryptokiInstance *instance;
     nssPKIObject *pkiob;
     NSSArena *arena;
-    CERT_LockCertTempPerm(cc);
     c = cc->nssCertificate;
-    CERT_UnlockCertTempPerm(cc);
     if (c) {
         return c;
     }
@@ -1088,9 +1083,7 @@ STAN_GetNSSCertificate(CERTCertificate *cc)
         nssPKIObject_AddInstance(&c->object, instance);
     }
     c->decoding = create_decoded_pkix_cert_from_nss3cert(NULL, cc);
-    CERT_LockCertTempPerm(cc);
     cc->nssCertificate = c;
-    CERT_UnlockCertTempPerm(cc);
     return c;
 }