Skip to content

Commit

Permalink
Backed out changeset aa6f29a76cfc for Certificates test failures
Browse files Browse the repository at this point in the history 
--HG--
extra : amend_source : dd9bf1b5e2a15da17e19348e88ae01d537118005
extra : histedit_source : ecab16af650d496988d70fc21fe45a2a06173218
  • Loading branch information
@jcjones
jcjones committed Nov 9, 2020
1 parent 171f897 commit 6a2908b
Show file tree
Hide file tree
Showing 4 changed files with 21 additions and 41 deletions.
30 changes: 15 additions & 15 deletions lib/certdb/certdb.c
View file
Expand Up @@ -2908,16 +2908,16 @@ CERT_LockCertTrust(const CERTCertificate *cert)
PZ_Lock(certTrustLock);
}

static PZLock *certTempPermCertLock = NULL;
static PZLock *certTempPermLock = NULL;

/*
* Acquire the cert temp/perm/nssCert lock
* Acquire the cert temp/perm lock
*/
void
CERT_LockCertTempPerm(const CERTCertificate *cert)
{
PORT_Assert(certTempPermCertLock != NULL);
PZ_Lock(certTempPermCertLock);
PORT_Assert(certTempPermLock != NULL);
PZ_Lock(certTempPermLock);
}

SECStatus
Expand All @@ -2941,10 +2941,10 @@ cert_InitLocks(void)
}
}

if (certTempPermCertLock == NULL) {
certTempPermCertLock = PZ_NewLock(nssILockCertDB);
PORT_Assert(certTempPermCertLock != NULL);
if (!certTempPermCertLock) {
if (certTempPermLock == NULL) {
certTempPermLock = PZ_NewLock(nssILockCertDB);
PORT_Assert(certTempPermLock != NULL);
if (!certTempPermLock) {
PZ_DestroyLock(certTrustLock);
PZ_DestroyLock(certRefCountLock);
certRefCountLock = NULL;
Expand Down Expand Up @@ -2977,10 +2977,10 @@ cert_DestroyLocks(void)
rv = SECFailure;
}

PORT_Assert(certTempPermCertLock != NULL);
if (certTempPermCertLock) {
PZ_DestroyLock(certTempPermCertLock);
certTempPermCertLock = NULL;
PORT_Assert(certTempPermLock != NULL);
if (certTempPermLock) {
PZ_DestroyLock(certTempPermLock);
certTempPermLock = NULL;
} else {
rv = SECFailure;
}
Expand All @@ -2999,13 +2999,13 @@ CERT_UnlockCertTrust(const CERTCertificate *cert)
}

/*
* Free the temp/perm/nssCert lock
* Free the temp/perm lock
*/
void
CERT_UnlockCertTempPerm(const CERTCertificate *cert)
{
PORT_Assert(certTempPermCertLock != NULL);
PRStatus prstat = PZ_Unlock(certTempPermCertLock);
PORT_Assert(certTempPermLock != NULL);
PRStatus prstat = PZ_Unlock(certTempPermLock);
PORT_AssertArg(prstat == PR_SUCCESS);
}

Expand Down
14 changes: 2 additions & 12 deletions lib/certdb/stanpcertdb.c
View file
Expand Up @@ -311,9 +311,7 @@ __CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname,
nssPKIObject_AddInstance(&c->object, permInstance);
nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1);
/* reset the CERTCertificate fields */
CERT_LockCertTempPerm(cert);
cert->nssCertificate = NULL;
CERT_UnlockCertTempPerm(cert);
cert = STAN_GetCERTCertificateOrRelease(c); /* should return same pointer */
if (!cert) {
CERT_MapStanError();
Expand Down Expand Up @@ -810,17 +808,9 @@ CERT_DestroyCertificate(CERTCertificate *cert)
/* don't use STAN_GetNSSCertificate because we don't want to
* go to the trouble of translating the CERTCertificate into
* an NSSCertificate just to destroy it. If it hasn't been done
* yet, don't do it at all
*
* cert->nssCertificate contains its own locks and refcount, but as it
* may be NULL, the pointer itself must be guarded by some other lock.
* Rather than creating a new global lock for only this purpose, share
* an existing global lock that happens to be taken near the write in
* fill_CERTCertificateFields(). The longer-term goal is to refactor
* all these global locks to be certificate-scoped. */
CERT_LockCertTempPerm(cert);
* yet, don't do it at all.
*/
NSSCertificate *tmp = cert->nssCertificate;
CERT_UnlockCertTempPerm(cert);
if (tmp) {
/* delete the NSSCertificate */
NSSCertificate_Destroy(tmp);
Expand Down
7 changes: 2 additions & 5 deletions lib/pk11wrap/pk11cert.c
View file
Expand Up @@ -1148,11 +1148,8 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert,
}

/* need to get the cert as a stan cert */
CERT_LockCertTempPerm(cert);
NSSCertificate *nssCert = cert->nssCertificate;
CERT_UnlockCertTempPerm(cert);
if (nssCert) {
c = nssCert;
if (cert->nssCertificate) {
c = cert->nssCertificate;
} else {
c = STAN_GetNSSCertificate(cert);
if (c == NULL) {
Expand Down
11 changes: 2 additions & 9 deletions lib/pki/pki3hack.c
View file
Expand Up @@ -866,9 +866,9 @@ fill_CERTCertificateFields(NSSCertificate *c, CERTCertificate *cc, PRBool forced
CERT_LockCertTempPerm(cc);
cc->istemp = PR_FALSE; /* CERT_NewTemp will override this */
cc->isperm = PR_TRUE; /* by default */
CERT_UnlockCertTempPerm(cc);
/* pointer back */
cc->nssCertificate = c;
CERT_UnlockCertTempPerm(cc);
if (trust) {
/* force the cert type to be recomputed to include trust info */
PRUint32 nsCertType = cert_ComputeCertType(cc);
Expand Down Expand Up @@ -919,10 +919,7 @@ stan_GetCERTCertificate(NSSCertificate *c, PRBool forceUpdate)
nss_SetError(NSS_ERROR_INTERNAL_ERROR);
goto loser;
}
CERT_LockCertTempPerm(cc);
NSSCertificate *nssCert = cc->nssCertificate;
CERT_UnlockCertTempPerm(cc);
if (!nssCert || forceUpdate) {
if (!cc->nssCertificate || forceUpdate) {
fill_CERTCertificateFields(c, cc, forceUpdate);
} else if (CERT_GetCertTrust(cc, &certTrust) != SECSuccess) {
CERTCertTrust *trust;
Expand Down Expand Up @@ -1021,9 +1018,7 @@ STAN_GetNSSCertificate(CERTCertificate *cc)
nssCryptokiInstance *instance;
nssPKIObject *pkiob;
NSSArena *arena;
CERT_LockCertTempPerm(cc);
c = cc->nssCertificate;
CERT_UnlockCertTempPerm(cc);
if (c) {
return c;
}
Expand Down Expand Up @@ -1088,9 +1083,7 @@ STAN_GetNSSCertificate(CERTCertificate *cc)
nssPKIObject_AddInstance(&c->object, instance);
}
c->decoding = create_decoded_pkix_cert_from_nss3cert(NULL, cc);
CERT_LockCertTempPerm(cc);
cc->nssCertificate = c;
CERT_UnlockCertTempPerm(cc);
return c;
}

Expand Down

0 comments on commit 6a2908b

Please sign in to comment.