/* * must be called holding the ModuleListLock (either read or write). */ NSS_IMPLEMENT SECStatus STAN_RemoveModuleFromDefaultTrustDomain( SECMODModule *module) { NSSToken *token; NSSTrustDomain *td; int i; td = STAN_GetDefaultTrustDomain(); for (i = 0; i < module->slotCount; i++) { token = PK11Slot_GetNSSToken(module->slots[i]); if (token) { nssToken_NotifyCertsNotVisible(token); NSSRWLock_LockWrite(td->tokensLock); nssList_Remove(td->tokenList, token); NSSRWLock_UnlockWrite(td->tokensLock); PK11Slot_SetNSSToken(module->slots[i], NULL); nssToken_Destroy(token); } } NSSRWLock_LockWrite(td->tokensLock); nssListIterator_Destroy(td->tokens); td->tokens = nssList_CreateIterator(td->tokenList); NSSRWLock_UnlockWrite(td->tokensLock); return SECSuccess; }
void ssl3_SetSIDSessionTicket(sslSessionID *sid, /*in/out*/ NewSessionTicket *newSessionTicket) { PORT_Assert(sid); PORT_Assert(newSessionTicket); PORT_Assert(newSessionTicket->ticket.data); PORT_Assert(newSessionTicket->ticket.len != 0); /* if sid->u.ssl3.lock, we are updating an existing entry that is already * cached or was once cached, so we need to acquire and release the write * lock. Otherwise, this is a new session that isn't shared with anything * yet, so no locking is needed. */ if (sid->u.ssl3.lock) { NSSRWLock_LockWrite(sid->u.ssl3.lock); if (sid->u.ssl3.locked.sessionTicket.ticket.data) { SECITEM_FreeItem(&sid->u.ssl3.locked.sessionTicket.ticket, PR_FALSE); } } PORT_Assert(!sid->u.ssl3.locked.sessionTicket.ticket.data); /* Do a shallow copy, moving the ticket data. */ sid->u.ssl3.locked.sessionTicket = *newSessionTicket; newSessionTicket->ticket.data = NULL; newSessionTicket->ticket.len = 0; if (sid->u.ssl3.lock) { NSSRWLock_UnlockWrite(sid->u.ssl3.lock); } }
NSS_IMPLEMENT PRStatus STAN_ResetTokenInterator(NSSTrustDomain *td) { if (!td) { td = g_default_trust_domain; } NSSRWLock_LockWrite(td->tokensLock); nssListIterator_Destroy(td->tokens); td->tokens = nssList_CreateIterator(td->tokenList); NSSRWLock_UnlockWrite(td->tokensLock); return PR_SUCCESS; }
NSS_IMPLEMENT PRStatus STAN_LoadDefaultNSS3TrustDomain ( void ) { NSSTrustDomain *td; SECMODModuleList *mlp; SECMODListLock *moduleLock = SECMOD_GetDefaultModuleListLock(); int i; if (g_default_trust_domain || g_default_crypto_context) { /* Stan is already initialized or a previous shutdown failed. */ nss_SetError(NSS_ERROR_ALREADY_INITIALIZED); return PR_FAILURE; } td = NSSTrustDomain_Create(NULL, NULL, NULL, NULL); if (!td) { return PR_FAILURE; } /* * Deadlock warning: we should never acquire the moduleLock while * we hold the tokensLock. We can use the NSSRWLock Rank feature to * guarrentee this. tokensLock have a higher rank than module lock. */ td->tokenList = nssList_Create(td->arena, PR_TRUE); if (!td->tokenList) { goto loser; } SECMOD_GetReadLock(moduleLock); NSSRWLock_LockWrite(td->tokensLock); for (mlp = SECMOD_GetDefaultModuleList(); mlp != NULL; mlp=mlp->next) { for (i=0; i < mlp->module->slotCount; i++) { STAN_InitTokenForSlotInfo(td, mlp->module->slots[i]); } } td->tokens = nssList_CreateIterator(td->tokenList); NSSRWLock_UnlockWrite(td->tokensLock); SECMOD_ReleaseReadLock(moduleLock); if (!td->tokens) { goto loser; } g_default_crypto_context = NSSTrustDomain_CreateCryptoContext(td, NULL); if (!g_default_crypto_context) { goto loser; } g_default_trust_domain = td; return PR_SUCCESS; loser: NSSTrustDomain_Destroy(td); return PR_FAILURE; }
NSS_IMPLEMENT PRStatus STAN_ResetTokenInterator(NSSTrustDomain *td) { if (!td) { td = g_default_trust_domain; if (!td) { /* we're called while still initting. slot will get added * appropriately through normal init processes */ return PR_SUCCESS; } } NSSRWLock_LockWrite(td->tokensLock); nssListIterator_Destroy(td->tokens); td->tokens = nssList_CreateIterator(td->tokenList); NSSRWLock_UnlockWrite(td->tokensLock); return PR_SUCCESS; }
NSS_IMPLEMENT PRStatus STAN_InitTokenForSlotInfo(NSSTrustDomain *td, PK11SlotInfo *slot) { NSSToken *token; if (!td) { td = g_default_trust_domain; } token = nssToken_CreateFromPK11SlotInfo(td, slot); PK11Slot_SetNSSToken(slot, token); /* Don't add non-existent token to TD's token list */ if (token) { NSSRWLock_LockWrite(td->tokensLock); nssList_Add(td->tokenList, token); NSSRWLock_UnlockWrite(td->tokensLock); } return PR_SUCCESS; }
NSS_IMPLEMENT PRStatus STAN_InitTokenForSlotInfo(NSSTrustDomain *td, PK11SlotInfo *slot) { NSSToken *token; if (!td) { td = g_default_trust_domain; if (!td) { /* we're called while still initting. slot will get added * appropriately through normal init processes */ return PR_SUCCESS; } } token = nssToken_CreateFromPK11SlotInfo(td, slot); PK11Slot_SetNSSToken(slot, token); /* Don't add nonexistent token to TD's token list */ if (token) { NSSRWLock_LockWrite(td->tokensLock); nssList_Add(td->tokenList, token); NSSRWLock_UnlockWrite(td->tokensLock); } return PR_SUCCESS; }