diff options
author | julien.pierre.boogz%sun.com <devnull@localhost> | 2008-02-05 05:33:37 +0000 |
---|---|---|
committer | julien.pierre.boogz%sun.com <devnull@localhost> | 2008-02-05 05:33:37 +0000 |
commit | f6541bf4ab6e689a13326b9565f6374b7dd0fdfb (patch) | |
tree | 8d2d0cfcf33d92a9c749659e5d116d596fce29b6 /security/nss/lib/softoken/pkcs11.c | |
parent | 45250ec7c7e5cd56d96db330a33726151aa248b6 (diff) | |
download | nss-hg-f6541bf4ab6e689a13326b9565f6374b7dd0fdfb.tar.gz |
Fix for bug 331096 . NSS softoken must detect forks on all unix-ish platforms. r=nelson
Diffstat (limited to 'security/nss/lib/softoken/pkcs11.c')
-rw-r--r-- | security/nss/lib/softoken/pkcs11.c | 94 |
1 files changed, 87 insertions, 7 deletions
diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index 3c48a4506..c8d469792 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -460,6 +460,23 @@ static const struct mechanismList mechanisms[] = { }; static const CK_ULONG mechanismCount = sizeof(mechanisms)/sizeof(mechanisms[0]); +static PRBool nsc_init = PR_FALSE; + +#if defined(XP_UNIX) && !defined(NO_PTHREADS) + +#include <pthread.h> + +PRBool forked = PR_FALSE; + +void ForkedChild(void) +{ + if (nsc_init || nsf_init) { + forked = PR_TRUE; + } +} + +#endif + static char * sftk_setStringName(const char *inString, char *buffer, int buffer_length) { @@ -1821,6 +1838,8 @@ sftk_IsWeakKey(unsigned char *key,CK_KEY_TYPE key_type) /* return the function list */ CK_RV NSC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList) { + CHECK_FORK(); + *pFunctionList = (CK_FUNCTION_LIST_PTR) &sftk_funcList; return CKR_OK; } @@ -1828,6 +1847,8 @@ CK_RV NSC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList) /* return the function list */ CK_RV C_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList) { + CHECK_FORK(); + return NSC_GetFunctionList(pFunctionList); } @@ -2333,6 +2354,10 @@ NSC_ModuleDBFunc(unsigned long function,char *parameters, void *args) static char *success="Success"; char **rvstr = NULL; +#if defined(XP_UNIX) && !defined(NO_PTHREADS) + if (forked) return NULL; +#endif + secmod = sftk_getSecmodName(parameters, &dbType, &appName,&filename, &rw); switch (function) { @@ -2412,7 +2437,6 @@ sftk_closePeer(PRBool isFIPS) return; } -static PRBool nsc_init = PR_FALSE; extern SECStatus secoid_Init(void); /* NSC_Initialize initializes the Cryptoki library. */ @@ -2424,7 +2448,6 @@ CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS) int i; int moduleIndex = isFIPS? NSC_FIPS_MODULE : NSC_NON_FIPS_MODULE; - if (isFIPS) { loginWaitTime = PR_SecondsToInterval(1); } @@ -2511,12 +2534,20 @@ loser: sftk_InitFreeLists(); } +#if defined(XP_UNIX) && !defined(NO_PTHREADS) + if (CKR_OK == crv) { + pthread_atfork(NULL, NULL, ForkedChild); + } +#endif return crv; } CK_RV NSC_Initialize(CK_VOID_PTR pReserved) { CK_RV crv; + + CHECK_FORK(); + if (nsc_init) { return CKR_CRYPTOKI_ALREADY_INITIALIZED; } @@ -2531,8 +2562,6 @@ extern SECStatus SECOID_Shutdown(void); * Cryptoki library.*/ CK_RV nsc_CommonFinalize (CK_VOID_PTR pReserved, PRBool isFIPS) { - - nscFreeAllSlots(isFIPS ? NSC_FIPS_MODULE : NSC_NON_FIPS_MODULE); /* don't muck with the globals is our peer is still initialized */ @@ -2566,6 +2595,8 @@ CK_RV NSC_Finalize (CK_VOID_PTR pReserved) { CK_RV crv; + CHECK_FORK(); + if (!nsc_init) { return CKR_OK; } @@ -2585,6 +2616,8 @@ CK_RV NSC_GetInfo(CK_INFO_PTR pInfo) { volatile char c; /* force a reference that won't get optimized away */ + CHECK_FORK(); + c = __nss_softokn_rcsid[0] + __nss_softokn_sccsid[0]; pInfo->cryptokiVersion.major = 2; pInfo->cryptokiVersion.minor = 20; @@ -2613,6 +2646,7 @@ CK_RV nsc_CommonGetSlotList(CK_BBOOL tokenPresent, CK_RV NSC_GetSlotList(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount) { + CHECK_FORK(); return nsc_CommonGetSlotList(tokenPresent, pSlotList, pulCount, NSC_NON_FIPS_MODULE); } @@ -2621,6 +2655,9 @@ CK_RV NSC_GetSlotList(CK_BBOOL tokenPresent, CK_RV NSC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { SFTKSlot *slot = sftk_SlotFromID(slotID, PR_TRUE); + + CHECK_FORK(); + if (slot == NULL) return CKR_SLOT_ID_INVALID; pInfo->firmwareVersion.major = 0; @@ -2661,6 +2698,8 @@ CK_RV NSC_GetTokenInfo(CK_SLOT_ID slotID,CK_TOKEN_INFO_PTR pInfo) SFTKSlot *slot; SFTKDBHandle *handle; + CHECK_FORK(); + if (!nsc_init && !nsf_init) return CKR_CRYPTOKI_NOT_INITIALIZED; slot = sftk_SlotFromID(slotID, PR_FALSE); if (slot == NULL) return CKR_SLOT_ID_INVALID; @@ -2742,6 +2781,8 @@ CK_RV NSC_GetMechanismList(CK_SLOT_ID slotID, { CK_ULONG i; + CHECK_FORK(); + switch (slotID) { /* default: */ case NETSCAPE_SLOT_ID: @@ -2776,6 +2817,8 @@ CK_RV NSC_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, PRBool isPrivateKey; CK_ULONG i; + CHECK_FORK(); + switch (slotID) { case NETSCAPE_SLOT_ID: isPrivateKey = PR_FALSE; @@ -2833,6 +2876,8 @@ CK_RV NSC_InitToken(CK_SLOT_ID slotID,CK_CHAR_PTR pPin, unsigned int i; SFTKObject *object; + CHECK_FORK(); + if (slot == NULL) return CKR_SLOT_ID_INVALID; /* don't initialize the database if we aren't talking to a token @@ -2897,6 +2942,7 @@ CK_RV NSC_InitPIN(CK_SESSION_HANDLE hSession, SECStatus rv; CK_RV crv = CKR_SESSION_HANDLE_INVALID; + CHECK_FORK(); sp = sftk_SessionFromHandle(hSession); if (sp == NULL) { @@ -2979,6 +3025,7 @@ CK_RV NSC_SetPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pOldPin, SECStatus rv; CK_RV crv = CKR_SESSION_HANDLE_INVALID; + CHECK_FORK(); sp = sftk_SessionFromHandle(hSession); if (sp == NULL) { @@ -3056,6 +3103,8 @@ CK_RV NSC_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags, SFTKSession *session; SFTKSession *sameID; + CHECK_FORK(); + slot = sftk_SlotFromID(slotID, PR_FALSE); if (slot == NULL) return CKR_SLOT_ID_INVALID; @@ -3107,6 +3156,8 @@ CK_RV NSC_CloseSession(CK_SESSION_HANDLE hSession) PRBool sessionFound; PZLock *lock; + CHECK_FORK(); + session = sftk_SessionFromHandle(hSession); if (session == NULL) return CKR_SESSION_HANDLE_INVALID; slot = sftk_SlotFromSession(session); @@ -3152,6 +3203,8 @@ CK_RV NSC_CloseAllSessions (CK_SLOT_ID slotID) { SFTKSlot *slot; + CHECK_FORK(); + slot = sftk_SlotFromID(slotID, PR_FALSE); if (slot == NULL) return CKR_SLOT_ID_INVALID; @@ -3166,6 +3219,8 @@ CK_RV NSC_GetSessionInfo(CK_SESSION_HANDLE hSession, { SFTKSession *session; + CHECK_FORK(); + session = sftk_SessionFromHandle(hSession); if (session == NULL) return CKR_SESSION_HANDLE_INVALID; @@ -3186,6 +3241,7 @@ CK_RV NSC_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, CK_RV crv; char pinStr[SFTK_MAX_PIN+1]; + CHECK_FORK(); /* get the slot */ slot = sftk_SlotFromSessionHandle(hSession); @@ -3292,6 +3348,8 @@ CK_RV NSC_Logout(CK_SESSION_HANDLE hSession) SFTKSession *session; SFTKDBHandle *handle; + CHECK_FORK(); + if (slot == NULL) { return CKR_SESSION_HANDLE_INVALID; } @@ -3425,6 +3483,8 @@ CK_RV NSC_CreateObject(CK_SESSION_HANDLE hSession, CK_RV crv; int i; + CHECK_FORK(); + *phObject = CK_INVALID_HANDLE; if (slot == NULL) { @@ -3492,6 +3552,8 @@ CK_RV NSC_CopyObject(CK_SESSION_HANDLE hSession, SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession); int i; + CHECK_FORK(); + if (slot == NULL) { return CKR_SESSION_HANDLE_INVALID; } @@ -3570,7 +3632,10 @@ CK_RV NSC_CopyObject(CK_SESSION_HANDLE hSession, /* NSC_GetObjectSize gets the size of an object in bytes. */ CK_RV NSC_GetObjectSize(CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize) { + CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize) +{ + CHECK_FORK(); + *pulSize = 0; return CKR_OK; } @@ -3578,7 +3643,8 @@ CK_RV NSC_GetObjectSize(CK_SESSION_HANDLE hSession, /* NSC_GetAttributeValue obtains the value of one or more object attributes. */ CK_RV NSC_GetAttributeValue(CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount) { + CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount) +{ SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession); SFTKSession *session; SFTKObject *object; @@ -3587,6 +3653,8 @@ CK_RV NSC_GetAttributeValue(CK_SESSION_HANDLE hSession, CK_RV crv; int i; + CHECK_FORK(); + if (slot == NULL) { return CKR_SESSION_HANDLE_INVALID; } @@ -3677,7 +3745,8 @@ CK_RV NSC_GetAttributeValue(CK_SESSION_HANDLE hSession, /* NSC_SetAttributeValue modifies the value of one or more object attributes */ CK_RV NSC_SetAttributeValue (CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount) { + CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount) +{ SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession); SFTKSession *session; SFTKAttribute *attribute; @@ -3687,6 +3756,8 @@ CK_RV NSC_SetAttributeValue (CK_SESSION_HANDLE hSession, CK_BBOOL legal; int i; + CHECK_FORK(); + if (slot == NULL) { return CKR_SESSION_HANDLE_INVALID; } @@ -3933,6 +4004,8 @@ CK_RV NSC_FindObjectsInit(CK_SESSION_HANDLE hSession, PRBool tokenOnly = PR_FALSE; CK_RV crv = CKR_OK; PRBool isLoggedIn; + + CHECK_FORK(); if (slot == NULL) { return CKR_SESSION_HANDLE_INVALID; @@ -4005,6 +4078,8 @@ CK_RV NSC_FindObjects(CK_SESSION_HANDLE hSession, int transfer; int left; + CHECK_FORK(); + *pulObjectCount = 0; session = sftk_SessionFromHandle(hSession); if (session == NULL) return CKR_SESSION_HANDLE_INVALID; @@ -4038,6 +4113,8 @@ CK_RV NSC_FindObjectsFinal(CK_SESSION_HANDLE hSession) SFTKSession *session; SFTKSearchResults *search; + CHECK_FORK(); + session = sftk_SessionFromHandle(hSession); if (session == NULL) return CKR_SESSION_HANDLE_INVALID; search = session->search; @@ -4054,5 +4131,8 @@ CK_RV NSC_FindObjectsFinal(CK_SESSION_HANDLE hSession) CK_RV NSC_WaitForSlotEvent(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot, CK_VOID_PTR pReserved) { + CHECK_FORK(); + return CKR_FUNCTION_NOT_SUPPORTED; } + |