Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(31)

Side by Side Diff: nss/lib/pki/tdcache.c

Issue 1017413002: Uprev NSS to 3.18 RTM (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/nss.git@nspr_uprev
Patch Set: Rebased Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « nss/lib/pki/pkistore.c ('k') | nss/lib/pki/trustdomain.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* This Source Code Form is subject to the terms of the Mozilla Public 1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this 2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 4
5 #ifndef PKIM_H 5 #ifndef PKIM_H
6 #include "pkim.h" 6 #include "pkim.h"
7 #endif /* PKIM_H */ 7 #endif /* PKIM_H */
8 8
9 #ifndef PKIT_H 9 #ifndef PKIT_H
10 #include "pkit.h" 10 #include "pkit.h"
(...skipping 373 matching lines...) Expand 10 before | Expand all | Expand 10 after
384 PRUint32 numCerts, arrSize; 384 PRUint32 numCerts, arrSize;
385 }; 385 };
386 386
387 static void 387 static void
388 remove_token_certs(const void *k, void *v, void *a) 388 remove_token_certs(const void *k, void *v, void *a)
389 { 389 {
390 NSSCertificate *c = (NSSCertificate *)k; 390 NSSCertificate *c = (NSSCertificate *)k;
391 nssPKIObject *object = &c->object; 391 nssPKIObject *object = &c->object;
392 struct token_cert_dtor *dtor = a; 392 struct token_cert_dtor *dtor = a;
393 PRUint32 i; 393 PRUint32 i;
394 nssPKIObject_AddRef(object);
394 nssPKIObject_Lock(object); 395 nssPKIObject_Lock(object);
395 for (i=0; i<object->numInstances; i++) { 396 for (i=0; i<object->numInstances; i++) {
396 if (object->instances[i]->token == dtor->token) { 397 if (object->instances[i]->token == dtor->token) {
397 nssCryptokiObject_Destroy(object->instances[i]); 398 nssCryptokiObject_Destroy(object->instances[i]);
398 object->instances[i] = object->instances[object->numInstances-1]; 399 object->instances[i] = object->instances[object->numInstances-1];
399 object->instances[object->numInstances-1] = NULL; 400 object->instances[object->numInstances-1] = NULL;
400 object->numInstances--; 401 object->numInstances--;
401 dtor->certs[dtor->numCerts++] = c; 402 dtor->certs[dtor->numCerts++] = c;
402 if (dtor->numCerts == dtor->arrSize) { 403 if (dtor->numCerts == dtor->arrSize) {
403 dtor->arrSize *= 2; 404 dtor->arrSize *= 2;
404 dtor->certs = nss_ZREALLOCARRAY(dtor->certs, 405 dtor->certs = nss_ZREALLOCARRAY(dtor->certs,
405 NSSCertificate *, 406 NSSCertificate *,
406 dtor->arrSize); 407 dtor->arrSize);
407 } 408 }
408 break; 409 break;
409 } 410 }
410 } 411 }
411 nssPKIObject_Unlock(object); 412 nssPKIObject_Unlock(object);
413 nssPKIObject_Destroy(object);
412 return; 414 return;
413 } 415 }
414 416
415 /* 417 /*
416 * Remove all certs for the given token from the cache. This is 418 * Remove all certs for the given token from the cache. This is
417 * needed if the token is removed. 419 * needed if the token is removed.
418 */ 420 */
419 NSS_IMPLEMENT PRStatus 421 NSS_IMPLEMENT PRStatus
420 nssTrustDomain_RemoveTokenCertsFromCache ( 422 nssTrustDomain_RemoveTokenCertsFromCache (
421 NSSTrustDomain *td, 423 NSSTrustDomain *td,
422 NSSToken *token 424 NSSToken *token
423 ) 425 )
424 { 426 {
425 NSSCertificate **certs; 427 NSSCertificate **certs;
426 PRUint32 i, arrSize = 10; 428 PRUint32 i, arrSize = 10;
427 struct token_cert_dtor dtor; 429 struct token_cert_dtor dtor;
428 certs = nss_ZNEWARRAY(NULL, NSSCertificate *, arrSize); 430 certs = nss_ZNEWARRAY(NULL, NSSCertificate *, arrSize);
429 if (!certs) { 431 if (!certs) {
430 return PR_FAILURE; 432 return PR_FAILURE;
431 } 433 }
432 dtor.cache = td->cache; 434 dtor.cache = td->cache;
433 dtor.token = token; 435 dtor.token = token;
434 dtor.certs = certs; 436 dtor.certs = certs;
435 dtor.numCerts = 0; 437 dtor.numCerts = 0;
436 dtor.arrSize = arrSize; 438 dtor.arrSize = arrSize;
437 PZ_Lock(td->cache->lock); 439 PZ_Lock(td->cache->lock);
438 nssHash_Iterate(td->cache->issuerAndSN, remove_token_certs, (void *)&dtor); 440 nssHash_Iterate(td->cache->issuerAndSN, remove_token_certs, &dtor);
439 for (i=0; i<dtor.numCerts; i++) { 441 for (i=0; i<dtor.numCerts; i++) {
440 if (dtor.certs[i]->object.numInstances == 0) { 442 if (dtor.certs[i]->object.numInstances == 0) {
441 nssTrustDomain_RemoveCertFromCacheLOCKED(td, dtor.certs[i]); 443 nssTrustDomain_RemoveCertFromCacheLOCKED(td, dtor.certs[i]);
442 dtor.certs[i] = NULL; /* skip this cert in the second for loop */ 444 dtor.certs[i] = NULL; /* skip this cert in the second for loop */
445 } else {
446 /* make sure it doesn't disappear on us before we finish */
447 nssCertificate_AddRef(dtor.certs[i]);
443 } 448 }
444 } 449 }
445 PZ_Unlock(td->cache->lock); 450 PZ_Unlock(td->cache->lock);
446 for (i=0; i<dtor.numCerts; i++) { 451 for (i=0; i<dtor.numCerts; i++) {
447 if (dtor.certs[i]) { 452 if (dtor.certs[i]) {
448 STAN_ForceCERTCertificateUpdate(dtor.certs[i]); 453 STAN_ForceCERTCertificateUpdate(dtor.certs[i]);
454 nssCertificate_Destroy(dtor.certs[i]);
449 } 455 }
450 } 456 }
451 nss_ZFreeIf(dtor.certs); 457 nss_ZFreeIf(dtor.certs);
452 return PR_SUCCESS; 458 return PR_SUCCESS;
453 } 459 }
454 460
455 NSS_IMPLEMENT PRStatus 461 NSS_IMPLEMENT PRStatus
456 nssTrustDomain_UpdateCachedTokenCerts ( 462 nssTrustDomain_UpdateCachedTokenCerts (
457 NSSTrustDomain *td, 463 NSSTrustDomain *td,
458 NSSToken *token 464 NSSToken *token
(...skipping 580 matching lines...) Expand 10 before | Expand all | Expand 10 after
1039 ce->lastHit = PR_Now(); 1045 ce->lastHit = PR_Now();
1040 rvCert = nssCertificate_AddRef(ce->entry.cert); 1046 rvCert = nssCertificate_AddRef(ce->entry.cert);
1041 #ifdef DEBUG_CACHE 1047 #ifdef DEBUG_CACHE
1042 PR_LOG(s_log, PR_LOG_DEBUG, ("... found, %d hits", ce->hits)); 1048 PR_LOG(s_log, PR_LOG_DEBUG, ("... found, %d hits", ce->hits));
1043 #endif 1049 #endif
1044 } 1050 }
1045 PZ_Unlock(td->cache->lock); 1051 PZ_Unlock(td->cache->lock);
1046 return rvCert; 1052 return rvCert;
1047 } 1053 }
1048 1054
1049 static PRStatus
1050 issuer_and_serial_from_encoding (
1051 NSSBER *encoding,
1052 NSSDER *issuer,
1053 NSSDER *serial
1054 )
1055 {
1056 SECItem derCert, derIssuer, derSerial;
1057 SECStatus secrv;
1058 derCert.data = (unsigned char *)encoding->data;
1059 derCert.len = encoding->size;
1060 secrv = CERT_IssuerNameFromDERCert(&derCert, &derIssuer);
1061 if (secrv != SECSuccess) {
1062 return PR_FAILURE;
1063 }
1064 secrv = CERT_SerialNumberFromDERCert(&derCert, &derSerial);
1065 if (secrv != SECSuccess) {
1066 return PR_FAILURE;
1067 }
1068 issuer->data = derIssuer.data;
1069 issuer->size = derIssuer.len;
1070 serial->data = derSerial.data;
1071 serial->size = derSerial.len;
1072 return PR_SUCCESS;
1073 }
1074
1075 /* 1055 /*
1076 * Look for a specific cert in the cache 1056 * Look for a specific cert in the cache
1077 */ 1057 */
1078 NSS_IMPLEMENT NSSCertificate * 1058 NSS_IMPLEMENT NSSCertificate *
1079 nssTrustDomain_GetCertByDERFromCache ( 1059 nssTrustDomain_GetCertByDERFromCache (
1080 NSSTrustDomain *td, 1060 NSSTrustDomain *td,
1081 NSSDER *der 1061 NSSDER *der
1082 ) 1062 )
1083 { 1063 {
1084 PRStatus nssrv = PR_FAILURE; 1064 PRStatus nssrv = PR_FAILURE;
1085 NSSDER issuer, serial; 1065 NSSDER issuer, serial;
1086 NSSCertificate *rvCert; 1066 NSSCertificate *rvCert;
1087 nssrv = issuer_and_serial_from_encoding(der, &issuer, &serial); 1067 nssrv = nssPKIX509_GetIssuerAndSerialFromDER(der, &issuer, &serial);
1088 if (nssrv != PR_SUCCESS) { 1068 if (nssrv != PR_SUCCESS) {
1089 return NULL; 1069 return NULL;
1090 } 1070 }
1091 #ifdef DEBUG_CACHE 1071 #ifdef DEBUG_CACHE
1092 log_item_dump("looking for cert by DER", der); 1072 log_item_dump("looking for cert by DER", der);
1093 #endif 1073 #endif
1094 rvCert = nssTrustDomain_GetCertForIssuerAndSNFromCache(td, 1074 rvCert = nssTrustDomain_GetCertForIssuerAndSNFromCache(td,
1095 &issuer, &serial); 1075 &issuer, &serial);
1096 PORT_Free(issuer.data); 1076 PORT_Free(issuer.data);
1097 PORT_Free(serial.data); 1077 PORT_Free(serial.data);
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after
1138 nssTrustDomain_DumpCacheInfo ( 1118 nssTrustDomain_DumpCacheInfo (
1139 NSSTrustDomain *td, 1119 NSSTrustDomain *td,
1140 void (* cert_dump_iter)(const void *, void *, void *), 1120 void (* cert_dump_iter)(const void *, void *, void *),
1141 void *arg 1121 void *arg
1142 ) 1122 )
1143 { 1123 {
1144 PZ_Lock(td->cache->lock); 1124 PZ_Lock(td->cache->lock);
1145 nssHash_Iterate(td->cache->issuerAndSN, cert_dump_iter, arg); 1125 nssHash_Iterate(td->cache->issuerAndSN, cert_dump_iter, arg);
1146 PZ_Unlock(td->cache->lock); 1126 PZ_Unlock(td->cache->lock);
1147 } 1127 }
OLDNEW
« no previous file with comments | « nss/lib/pki/pkistore.c ('k') | nss/lib/pki/trustdomain.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698