diff options
| author | relyea%netscape.com <devnull@localhost> | 2002-10-01 00:23:46 +0000 |
|---|---|---|
| committer | relyea%netscape.com <devnull@localhost> | 2002-10-01 00:23:46 +0000 |
| commit | 7848d077e3a47b900cefc70b015243fe8a28283c (patch) | |
| tree | d31321f4801c6ddbb98146f681c039dd40a2dd59 | |
| parent | 09d05849f0a08beb5fbb3095b8485f389dec5736 (diff) | |
| download | nss-hg-7848d077e3a47b900cefc70b015243fe8a28283c.tar.gz | |
Fix SDR race condition with a coarse lock. Does not address multiaccess DB
races. Bug 169296.
| -rw-r--r-- | security/nss/lib/pk11wrap/pk11init.h | 3 | ||||
| -rw-r--r-- | security/nss/lib/pk11wrap/pk11sdr.c | 25 |
2 files changed, 27 insertions, 1 deletions
diff --git a/security/nss/lib/pk11wrap/pk11init.h b/security/nss/lib/pk11wrap/pk11init.h index b5fa0b4ec..d62ee88e0 100644 --- a/security/nss/lib/pk11wrap/pk11init.h +++ b/security/nss/lib/pk11wrap/pk11init.h @@ -58,6 +58,7 @@ struct PK11PreSlotInfoStr { #define SECMOD_INT_FLAGS SECMOD_MAKE_NSS_FLAGS("",1) #define SECMOD_FIPS_NAME "NSS Internal FIPS PKCS #11 Module" #define SECMOD_FIPS_FLAGS SECMOD_MAKE_NSS_FLAGS(",fips",3) - +extern void PK11SDR_Init(void); +extern void PK11SDR_Shutdown(void); #endif /* _PK11_INIT_H_ 1 */ diff --git a/security/nss/lib/pk11wrap/pk11sdr.c b/security/nss/lib/pk11wrap/pk11sdr.c index 630be0245..faea0d39b 100644 --- a/security/nss/lib/pk11wrap/pk11sdr.c +++ b/security/nss/lib/pk11wrap/pk11sdr.c @@ -41,6 +41,7 @@ #include "pkcs11.h" #include "pk11func.h" #include "pk11sdr.h" +#include "pk11init.h" /* * Data structure and template for encoding the result of an SDR operation @@ -128,6 +129,23 @@ loser: return rv; } +static PRLock *pk11sdrLock = NULL; + +void +pk11sdr_Init (void) +{ + pk11sdrLock = PR_NewLock(); +} + +void +pk11sdr_Shutdown(void) +{ + if (pk11sdrLock) { + PR_DestroyLock(pk11sdrLock); + pk11sdrLock = NULL; + } +} + /* * PK11SDR_Encrypt * Encrypt a block of data using the symmetric key identified. The result @@ -178,11 +196,18 @@ PK11SDR_Encrypt(SECItem *keyid, SECItem *data, SECItem *result, void *cx) if (pKeyID->len == 0) { pKeyID = &keyIDItem; /* Use default value */ + /* put in a course lock to prevent a race between not finding the + * key and creating one. + */ + + if (pk11sdrLock) PR_Lock(pk11sdrLock); + /* Try to find the key */ key = PK11_FindFixedKey(slot, type, pKeyID, cx); /* If the default key doesn't exist yet, try to create it */ if (!key) key = PK11_GenDES3TokenKey(slot, pKeyID, cx); + if (pk11sdrLock) PR_Unlock(pk11sdrLock); } else { key = PK11_FindFixedKey(slot, type, pKeyID, cx); } |