diff options
author | John M. Schanck <jschanck@mozilla.com> | 2022-03-23 17:51:52 +0000 |
---|---|---|
committer | John M. Schanck <jschanck@mozilla.com> | 2022-03-23 17:51:52 +0000 |
commit | a804546f6e89dade144ad8946e232a7d3e670200 (patch) | |
tree | a0010c648409f522aa9b6a5c5f87828852e4704c | |
parent | 277f743828853d5d48941769b8f47f2622de2243 (diff) | |
download | nss-hg-a804546f6e89dade144ad8946e232a7d3e670200.tar.gz |
Bug 1756271 - Remove token member from NSSSlot struct. r=rrelyeaNSS_3_68_3_RTM
Differential Revision: https://phabricator.services.mozilla.com/D139547
-rw-r--r-- | lib/dev/dev.h | 5 | ||||
-rw-r--r-- | lib/dev/devslot.c | 73 | ||||
-rw-r--r-- | lib/dev/devt.h | 1 | ||||
-rw-r--r-- | lib/dev/devtoken.c | 7 | ||||
-rw-r--r-- | lib/pk11wrap/dev3hack.c | 19 |
5 files changed, 40 insertions, 65 deletions
diff --git a/lib/dev/dev.h b/lib/dev/dev.h index 26ac8957e..643051144 100644 --- a/lib/dev/dev.h +++ b/lib/dev/dev.h @@ -146,7 +146,6 @@ nssModule_GetCertOrder( * nssSlot_Destroy * nssSlot_AddRef * nssSlot_GetName - * nssSlot_GetTokenName * nssSlot_IsTokenPresent * nssSlot_IsPermanent * nssSlot_IsFriendly @@ -176,10 +175,6 @@ NSS_EXTERN NSSUTF8 * nssSlot_GetName( NSSSlot *slot); -NSS_EXTERN NSSUTF8 * -nssSlot_GetTokenName( - NSSSlot *slot); - NSS_EXTERN NSSModule * nssSlot_GetModule( NSSSlot *slot); diff --git a/lib/dev/devslot.c b/lib/dev/devslot.c index 5021408bf..ccd90ac97 100644 --- a/lib/dev/devslot.c +++ b/lib/dev/devslot.c @@ -12,7 +12,9 @@ #include "ckhelper.h" #endif /* CKHELPER_H */ -#include "pk11pub.h" +#include "pkim.h" +#include "dev3hack.h" +#include "pk11func.h" /* measured in seconds */ #define NSSSLOT_TOKEN_DELAY_TIME 1 @@ -79,13 +81,6 @@ nssSlot_GetName( return slot->base.name; } -NSS_IMPLEMENT NSSUTF8 * -nssSlot_GetTokenName( - NSSSlot *slot) -{ - return nssToken_GetName(slot->token); -} - NSS_IMPLEMENT void nssSlot_ResetDelay( NSSSlot *slot) @@ -123,11 +118,13 @@ nssSlot_IsTokenPresent( { CK_RV ckrv; PRStatus nssrv; + NSSToken *nssToken = NULL; /* XXX */ nssSession *session; CK_SLOT_INFO slotInfo; void *epv; PRBool isPresent = PR_FALSE; + PRBool doUpdateCachedCerts = PR_FALSE; /* permanent slots are always present unless they're disabled */ if (nssSlot_IsPermanent(slot)) { @@ -169,23 +166,24 @@ nssSlot_IsTokenPresent( PZ_Unlock(slot->isPresentLock); + nssToken = PK11Slot_GetNSSToken(slot->pk11slot); + if (!nssToken) { + isPresent = PR_FALSE; + goto done; + } + nssSlot_EnterMonitor(slot); ckrv = CKAPI(epv)->C_GetSlotInfo(slot->slotID, &slotInfo); nssSlot_ExitMonitor(slot); if (ckrv != CKR_OK) { - slot->token->base.name[0] = 0; /* XXX */ + nssToken->base.name[0] = 0; /* XXX */ isPresent = PR_FALSE; goto done; } slot->ckFlags = slotInfo.flags; /* check for the presence of the token */ if ((slot->ckFlags & CKF_TOKEN_PRESENT) == 0) { - if (!slot->token) { - /* token was never present */ - isPresent = PR_FALSE; - goto done; - } - session = nssToken_GetDefaultSession(slot->token); + session = nssToken_GetDefaultSession(nssToken); if (session) { nssSession_EnterMonitor(session); /* token is not present */ @@ -197,21 +195,21 @@ nssSlot_IsTokenPresent( } nssSession_ExitMonitor(session); } - if (slot->token->base.name[0] != 0) { + if (nssToken->base.name[0] != 0) { /* notify the high-level cache that the token is removed */ - slot->token->base.name[0] = 0; /* XXX */ - nssToken_NotifyCertsNotVisible(slot->token); + nssToken->base.name[0] = 0; /* XXX */ + nssToken_NotifyCertsNotVisible(nssToken); } - slot->token->base.name[0] = 0; /* XXX */ + nssToken->base.name[0] = 0; /* XXX */ /* clear the token cache */ - nssToken_Remove(slot->token); + nssToken_Remove(nssToken); isPresent = PR_FALSE; goto done; } /* token is present, use the session info to determine if the card * has been removed and reinserted. */ - session = nssToken_GetDefaultSession(slot->token); + session = nssToken_GetDefaultSession(nssToken); if (session) { PRBool tokenRemoved; nssSession_EnterMonitor(session); @@ -237,17 +235,31 @@ nssSlot_IsTokenPresent( * a token it doesn't recognize. invalidate all the old * information we had on this token, if we can't refresh, clear * the present flag */ - nssToken_NotifyCertsNotVisible(slot->token); - nssToken_Remove(slot->token); - /* token has been removed, need to refresh with new session */ - nssrv = nssSlot_Refresh(slot); - isPresent = PR_TRUE; + nssToken_NotifyCertsNotVisible(nssToken); + nssToken_Remove(nssToken); + if (nssToken->base.name[0] == 0) { + doUpdateCachedCerts = PR_TRUE; + } + if (PK11_InitToken(slot->pk11slot, PR_FALSE) != SECSuccess) { + isPresent = PR_FALSE; + goto done; + } + if (doUpdateCachedCerts) { + nssTrustDomain_UpdateCachedTokenCerts(nssToken->trustDomain, + nssToken); + } + nssrv = nssToken_Refresh(nssToken); if (nssrv != PR_SUCCESS) { - slot->token->base.name[0] = 0; /* XXX */ + nssToken->base.name[0] = 0; /* XXX */ slot->ckFlags &= ~CKF_TOKEN_PRESENT; isPresent = PR_FALSE; + goto done; } + isPresent = PR_TRUE; done: + if (nssToken) { + (void)nssToken_Destroy(nssToken); + } /* Once we've set up the condition variable, * Before returning, it's necessary to: * 1) Set the lastTokenPingTime so that any other threads waiting on this @@ -283,12 +295,7 @@ nssSlot_GetToken( NSSToken *rvToken = NULL; if (nssSlot_IsTokenPresent(slot)) { - /* Even if a token should be present, check `slot->token` too as it - * might be gone already. This would happen mostly on shutdown. */ - nssSlot_EnterMonitor(slot); - if (slot->token) - rvToken = nssToken_AddRef(slot->token); - nssSlot_ExitMonitor(slot); + rvToken = PK11Slot_GetNSSToken(slot->pk11slot); } return rvToken; diff --git a/lib/dev/devt.h b/lib/dev/devt.h index 06a57ad05..19af26f08 100644 --- a/lib/dev/devt.h +++ b/lib/dev/devt.h @@ -81,7 +81,6 @@ typedef enum { struct NSSSlotStr { struct nssDeviceBaseStr base; NSSModule *module; /* Parent */ - NSSToken *token; /* Peer */ CK_SLOT_ID slotID; CK_FLAGS ckFlags; /* from CK_SLOT_INFO.flags */ struct nssSlotAuthInfoStr authInfo; diff --git a/lib/dev/devtoken.c b/lib/dev/devtoken.c index a7dbffc1a..5e65dfdb1 100644 --- a/lib/dev/devtoken.c +++ b/lib/dev/devtoken.c @@ -32,13 +32,6 @@ nssToken_Destroy( PK11_FreeSlot(tok->pk11slot); PZ_DestroyLock(tok->base.lock); nssTokenObjectCache_Destroy(tok->cache); - - /* We're going away, let the nssSlot know in case it's held - * alive by someone else. Usually we should hold the last ref. */ - nssSlot_EnterMonitor(tok->slot); - tok->slot->token = NULL; - nssSlot_ExitMonitor(tok->slot); - (void)nssSlot_Destroy(tok->slot); return nssArena_Destroy(tok->base.arena); } diff --git a/lib/pk11wrap/dev3hack.c b/lib/pk11wrap/dev3hack.c index 4877f9450..2d41a34d8 100644 --- a/lib/pk11wrap/dev3hack.c +++ b/lib/pk11wrap/dev3hack.c @@ -179,7 +179,6 @@ nssToken_CreateFromPK11SlotInfo(NSSTrustDomain *td, PK11SlotInfo *nss3slot) if (!rvToken->slot) { goto loser; } - rvToken->slot->token = rvToken; if (rvToken->defaultSession) rvToken->defaultSession->slot = rvToken->slot; return rvToken; @@ -228,24 +227,6 @@ nssToken_Refresh(NSSToken *token) } NSS_IMPLEMENT PRStatus -nssSlot_Refresh(NSSSlot *slot) -{ - PK11SlotInfo *nss3slot = slot->pk11slot; - PRBool doit = PR_FALSE; - if (slot->token && slot->token->base.name[0] == 0) { - doit = PR_TRUE; - } - if (PK11_InitToken(nss3slot, PR_FALSE) != SECSuccess) { - return PR_FAILURE; - } - if (doit) { - nssTrustDomain_UpdateCachedTokenCerts(slot->token->trustDomain, - slot->token); - } - return nssToken_Refresh(slot->token); -} - -NSS_IMPLEMENT PRStatus nssToken_GetTrustOrder(NSSToken *tok) { PK11SlotInfo *slot; |