static void
builtins_mdFindObjects_Final
(
NSSCKMDFindObjects *mdFindObjects,
NSSCKFWFindObjects *fwFindObjects,
NSSCKMDSession *mdSession,
NSSCKFWSession *fwSession,
NSSCKMDToken *mdToken,
NSSCKFWToken *fwToken,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance
)
{
struct builtinsFOStr *fo = (struct builtinsFOStr *)mdFindObjects->etc;
NSSArena *arena = fo->arena;
nss_ZFreeIf(fo->objs);
nss_ZFreeIf(fo);
nss_ZFreeIf(mdFindObjects);
if ((NSSArena *)NULL != arena) {
NSSArena_Destroy(arena);
}
return;
}
static void
ckmk_mdFindObjects_Final
(
NSSCKMDFindObjects *mdFindObjects,
NSSCKFWFindObjects *fwFindObjects,
NSSCKMDSession *mdSession,
NSSCKFWSession *fwSession,
NSSCKMDToken *mdToken,
NSSCKFWToken *fwToken,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance
)
{
struct ckmkFOStr *fo = (struct ckmkFOStr *)mdFindObjects->etc;
NSSArena *arena = fo->arena;
PRUint32 i;
/* walk down an free the unused 'objs' */
for (i=fo->i; i < fo->n ; i++) {
nss_ckmk_DestroyInternalObject(fo->objs[i]);
}
nss_ZFreeIf(fo->objs);
nss_ZFreeIf(fo);
nss_ZFreeIf(mdFindObjects);
if ((NSSArena *)NULL != arena) {
NSSArena_Destroy(arena);
}
return;
}
NSS_IMPLEMENT void
nssItem_Destroy(NSSItem *item)
{
nss_ClearErrorStack();
nss_ZFreeIf(item->data);
nss_ZFreeIf(item);
}
NSS_IMPLEMENT void
nssCryptokiObject_Destroy(
nssCryptokiObject *object)
{
if (object) {
nssToken_Destroy(object->token);
nss_ZFreeIf(object->label);
nss_ZFreeIf(object);
}
}
/*
* nssCKFWHash_Create
*
*/
NSS_IMPLEMENT nssCKFWHash *
nssCKFWHash_Create
(
NSSCKFWInstance *fwInstance,
NSSArena *arena,
CK_RV *pError
)
{
nssCKFWHash *rv;
#ifdef NSSDEBUG
if (!pError) {
return (nssCKFWHash *)NULL;
}
if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
*pError = CKR_ARGUMENTS_BAD;
return (nssCKFWHash *)NULL;
}
#endif /* NSSDEBUG */
rv = nss_ZNEW(arena, nssCKFWHash);
if (!rv) {
*pError = CKR_HOST_MEMORY;
return (nssCKFWHash *)NULL;
}
rv->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError);
if (!rv->mutex) {
if( CKR_OK == *pError ) {
(void)nss_ZFreeIf(rv);
*pError = CKR_GENERAL_ERROR;
}
return (nssCKFWHash *)NULL;
}
rv->plHashTable = PL_NewHashTable(0, nss_ckfw_identity_hash,
PL_CompareValues, PL_CompareValues, &nssArenaHashAllocOps, arena);
if (!rv->plHashTable) {
(void)nssCKFWMutex_Destroy(rv->mutex);
(void)nss_ZFreeIf(rv);
*pError = CKR_HOST_MEMORY;
return (nssCKFWHash *)NULL;
}
rv->count = 0;
return rv;
}
/* # 509 "arena.c" */
PRStatus
nssArena_Destroy
(
NSSArena *arena
)
{
PRLock *lock;
if( (PRLock *)((void *)0) == arena->lock ) {
nss_SetError(NSS_ERROR_INVALID_ARENA);
return PR_FAILURE;
}
PR_Lock(arena->lock);
/* # 542 "arena.c" */
PL_FinishArenaPool(&arena->pool);
lock = arena->lock;
arena->lock = (PRLock *)((void *)0);
PR_Unlock(lock);
PR_DestroyLock(lock);
(void)nss_ZFreeIf(arena);
return PR_SUCCESS;
}
NSS_IMPLEMENT PRStatus
nssDecodedPKIXCertificate_Destroy (
nssDecodedCert *dc
)
{
CERTCertificate *cert = (CERTCertificate *)dc->data;
/* The decoder may only be half initialized (the case where we find we
* could not decode the certificate). In this case, there is not cert to
* free, just free the dc structure. */
if (cert) {
PRBool freeSlot = cert->ownSlot;
PK11SlotInfo *slot = cert->slot;
PRArenaPool *arena = cert->arena;
/* zero cert before freeing. Any stale references to this cert
* after this point will probably cause an exception. */
PORT_Memset(cert, 0, sizeof *cert);
/* free the arena that contains the cert. */
PORT_FreeArena(arena, PR_FALSE);
if (slot && freeSlot) {
PK11_FreeSlot(slot);
}
}
nss_ZFreeIf(dc);
return PR_SUCCESS;
}
NSS_IMPLEMENT nssCryptokiObject *
nssToken_FindCertificateByEncodedCertificate (
NSSToken *token,
nssSession *sessionOpt,
NSSBER *encodedCertificate,
nssTokenSearchType searchType,
PRStatus *statusOpt
)
{
CK_ATTRIBUTE_PTR attr;
CK_ATTRIBUTE cert_template[3];
CK_ULONG ctsize;
nssCryptokiObject **objects;
nssCryptokiObject *rvObject = NULL;
NSS_CK_TEMPLATE_START(cert_template, attr, ctsize);
/* Set the search to token/session only if provided */
if (searchType == nssTokenSearchType_SessionOnly) {
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
} else if (searchType == nssTokenSearchType_TokenOnly) {
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
}
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_VALUE, encodedCertificate);
NSS_CK_TEMPLATE_FINISH(cert_template, attr, ctsize);
/* get the object handle */
objects = find_objects_by_template(token, sessionOpt,
cert_template, ctsize,
1, statusOpt);
if (objects) {
rvObject = objects[0];
nss_ZFreeIf(objects);
}
return rvObject;
}
/*
* nssCKFWSlot_Destroy
*
*/
NSS_IMPLEMENT CK_RV
nssCKFWSlot_Destroy(
NSSCKFWSlot *fwSlot)
{
CK_RV error = CKR_OK;
#ifdef NSSDEBUG
error = nssCKFWSlot_verifyPointer(fwSlot);
if (CKR_OK != error) {
return error;
}
#endif /* NSSDEBUG */
if (fwSlot->fwToken) {
nssCKFWToken_Destroy(fwSlot->fwToken);
}
(void)nssCKFWMutex_Destroy(fwSlot->mutex);
if (fwSlot->mdSlot->Destroy) {
fwSlot->mdSlot->Destroy(fwSlot->mdSlot, fwSlot,
fwSlot->mdInstance, fwSlot->fwInstance);
}
#ifdef DEBUG
error = slot_remove_pointer(fwSlot);
#endif /* DEBUG */
(void)nss_ZFreeIf(fwSlot);
return error;
}
NSS_IMPLEMENT nssCryptokiObject *
nssCryptokiObject_Create (
NSSToken *t,
nssSession *session,
CK_OBJECT_HANDLE h
)
{
PRStatus status;
NSSSlot *slot;
nssCryptokiObject *object;
CK_BBOOL *isTokenObject;
CK_ATTRIBUTE cert_template[] = {
{ CKA_TOKEN, NULL, 0 },
{ CKA_LABEL, NULL, 0 }
};
slot = nssToken_GetSlot(t);
status = nssCKObject_GetAttributes(h, cert_template, 2,
NULL, session, slot);
nssSlot_Destroy(slot);
if (status != PR_SUCCESS) {
/* a failure here indicates a device error */
return (nssCryptokiObject *)NULL;
}
object = nss_ZNEW(NULL, nssCryptokiObject);
if (!object) {
return (nssCryptokiObject *)NULL;
}
object->handle = h;
object->token = nssToken_AddRef(t);
isTokenObject = (CK_BBOOL *)cert_template[0].pValue;
object->isTokenObject = *isTokenObject;
nss_ZFreeIf(isTokenObject);
NSS_CK_ATTRIBUTE_TO_UTF8(&cert_template[1], object->label);
return object;
}
/* XXX ?there are no session cert objects, so only search token objects */
NSS_IMPLEMENT nssCryptokiObject *
nssToken_FindPublicKeyByID (
NSSToken *token,
nssSession *sessionOpt,
NSSItem *keyID
)
{
CK_ATTRIBUTE_PTR attr;
CK_ATTRIBUTE key_template[3];
CK_ULONG ktsize;
nssCryptokiObject **objects;
nssCryptokiObject *rvKey = NULL;
NSS_CK_TEMPLATE_START(key_template, attr, ktsize);
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_pubkey);
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, keyID);
NSS_CK_TEMPLATE_FINISH(key_template, attr, ktsize);
objects = find_objects_by_template(token, sessionOpt,
key_template, ktsize,
1, NULL);
if (objects) {
rvKey = objects[0];
nss_ZFreeIf(objects);
}
return rvKey;
}
/* # 404 "arena.c" */
NSSArena *
nssArena_Create
(
void
)
{
NSSArena *rv = (NSSArena *)((void *)0);
rv = ((NSSArena *)nss_ZAlloc(((NSSArena *)((void *)0)), sizeof(NSSArena)));
if( (NSSArena *)((void *)0) == rv ) {
nss_SetError(NSS_ERROR_NO_MEMORY);
return (NSSArena *)((void *)0);
}
rv->lock = PR_NewLock();
if( (PRLock *)((void *)0) == rv->lock ) {
(void)nss_ZFreeIf(rv);
nss_SetError(NSS_ERROR_NO_MEMORY);
return (NSSArena *)((void *)0);
}
/* # 442 "arena.c" */
PL_InitArenaPool(&rv->pool, "NSS", 2048, sizeof(double));
/* # 457 "arena.c" */
return rv;
}
static void PR_CALLBACK
nss_arena_hash_free_table
(
void *pool,
void *item
)
{
(void)nss_ZFreeIf(item);
}
NSS_IMPLEMENT NSSItem *
nssToken_FinishDigest (
NSSToken *tok,
nssSession *sessionOpt,
NSSItem *rvOpt,
NSSArena *arenaOpt
)
{
CK_RV ckrv;
CK_ULONG digestLen;
CK_BYTE_PTR digest;
NSSItem *rvItem = NULL;
void *epv = nssToken_GetCryptokiEPV(tok);
nssSession *session = (sessionOpt) ? sessionOpt : tok->defaultSession;
/* Don't ask the module to use an invalid session handle. */
if (!session || session->handle == CK_INVALID_SESSION) {
PORT_SetError(SEC_ERROR_NO_TOKEN);
return NULL;
}
nssSession_EnterMonitor(session);
ckrv = CKAPI(epv)->C_DigestFinal(session->handle, NULL, &digestLen);
if (ckrv != CKR_OK || digestLen == 0) {
nssSession_ExitMonitor(session);
return NULL;
}
digest = NULL;
if (rvOpt) {
if (rvOpt->size > 0 && rvOpt->size < digestLen) {
nssSession_ExitMonitor(session);
/* the error should be bad args */
return NULL;
}
if (rvOpt->data) {
digest = rvOpt->data;
}
digestLen = rvOpt->size;
}
if (!digest) {
digest = (CK_BYTE_PTR)nss_ZAlloc(arenaOpt, digestLen);
if (!digest) {
nssSession_ExitMonitor(session);
return NULL;
}
}
ckrv = CKAPI(epv)->C_DigestFinal(session->handle, digest, &digestLen);
nssSession_ExitMonitor(session);
if (ckrv != CKR_OK) {
nss_ZFreeIf(digest);
return NULL;
}
if (!rvOpt) {
rvItem = nssItem_Create(arenaOpt, NULL, digestLen, (void *)digest);
}
return rvItem;
}
static CK_RV
nss_ckmdSessionObject_Destroy
(
NSSCKMDObject *mdObject,
NSSCKFWObject *fwObject,
NSSCKMDSession *mdSession,
NSSCKFWSession *fwSession,
NSSCKMDToken *mdToken,
NSSCKFWToken *fwToken,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance
)
{
#ifdef NSSDEBUG
CK_RV error = CKR_OK;
#endif /* NSSDEBUG */
nssCKMDSessionObject *mdso;
CK_ULONG i;
#ifdef NSSDEBUG
error = nss_ckmdSessionObject_verifyPointer(mdObject);
if( CKR_OK != error ) {
return error;
}
#endif /* NSSDEBUG */
mdso = (nssCKMDSessionObject *)mdObject->etc;
nssCKFWHash_Remove(mdso->hash, mdObject);
for( i = 0; i < mdso->n; i++ ) {
nss_ZFreeIf(mdso->attributes[i].data);
}
nss_ZFreeIf(mdso->attributes);
nss_ZFreeIf(mdso->types);
nss_ZFreeIf(mdso);
nss_ZFreeIf(mdObject);
#ifdef DEBUG
(void)nss_ckmdSessionObject_remove_pointer(mdObject);
#endif /* DEBUG */
return CKR_OK;
}
/* find all the certs that represent the appropriate object (cert, priv key, or
* pub key) in the cert store.
*/
static PRUint32
collect_class(
CK_OBJECT_CLASS objClass,
SecItemClass itemClass,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
ckmkInternalObject ***listp,
PRUint32 *sizep,
PRUint32 count,
CK_RV *pError
)
{
ckmkInternalObject *next = NULL;
SecKeychainSearchRef searchRef = 0;
SecKeychainItemRef itemRef = 0;
OSStatus error;
/* future, build the attribute list based on the template
* so we can refine the search */
error = SecKeychainSearchCreateFromAttributes(
NULL, itemClass, NULL, &searchRef);
while (noErr == SecKeychainSearchCopyNext(searchRef, &itemRef)) {
/* if we don't have an internal object structure, get one */
if ((ckmkInternalObject *)NULL == next) {
next = nss_ZNEW(NULL, ckmkInternalObject);
if ((ckmkInternalObject *)NULL == next) {
*pError = CKR_HOST_MEMORY;
goto loser;
}
}
/* fill in the relevant object data */
next->type = ckmkItem;
next->objClass = objClass;
next->u.item.itemRef = itemRef;
next->u.item.itemClass = itemClass;
/* see if this is one of the objects we are looking for */
if( CK_TRUE == ckmk_match(pTemplate, ulAttributeCount, next) ) {
/* yes, put it on the list */
PUT_OBJECT(next, *pError, *sizep, count, *listp);
next = NULL; /* this one is on the list, need to allocate a new one now */
} else {
/* no , release the current item and clear out the structure for reuse */
CFRelease(itemRef);
/* don't cache the values we just loaded */
nsslibc_memset(next, 0, sizeof(*next));
}
}
loser:
if (searchRef) {
CFRelease(searchRef);
}
nss_ZFreeIf(next);
return count;
}
/*
* nssHash_create
*
*/
NSS_IMPLEMENT nssHash *
nssHash_Create
(
NSSArena *arenaOpt,
PRUint32 numBuckets,
PLHashFunction keyHash,
PLHashComparator keyCompare,
PLHashComparator valueCompare
)
{
nssHash *rv;
NSSArena *arena;
PRBool i_alloced;
#ifdef NSSDEBUG
if( arenaOpt && PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
nss_SetError(NSS_ERROR_INVALID_POINTER);
return (nssHash *)NULL;
}
#endif /* NSSDEBUG */
if (arenaOpt) {
arena = arenaOpt;
i_alloced = PR_FALSE;
} else {
arena = nssArena_Create();
i_alloced = PR_TRUE;
}
rv = nss_ZNEW(arena, nssHash);
if( (nssHash *)NULL == rv ) {
goto loser;
}
rv->mutex = PZ_NewLock(nssILockOther);
if( (PZLock *)NULL == rv->mutex ) {
goto loser;
}
rv->plHashTable = PL_NewHashTable(numBuckets,
keyHash, keyCompare, valueCompare,
&nssArenaHashAllocOps, arena);
if( (PLHashTable *)NULL == rv->plHashTable ) {
(void)PZ_DestroyLock(rv->mutex);
goto loser;
}
rv->count = 0;
rv->arena = arena;
rv->i_alloced_arena = i_alloced;
return rv;
loser:
(void)nss_ZFreeIf(rv);
return (nssHash *)NULL;
}
/*
* nssCKFWHash_Destroy
*
*/
NSS_IMPLEMENT void
nssCKFWHash_Destroy
(
nssCKFWHash *hash
)
{
(void)nssCKFWMutex_Destroy(hash->mutex);
PL_HashTableDestroy(hash->plHashTable);
(void)nss_ZFreeIf(hash);
}
static void
md5_hash(NSSItem *input, NSSItem *output)
{
NSSAlgorithmAndParameters *ap;
PK11SlotInfo *internal = PK11_GetInternalSlot();
NSSToken *token = PK11Slot_GetNSSToken(internal);
ap = NSSAlgorithmAndParameters_CreateMD5Digest(NULL);
(void)nssToken_Digest(token, NULL, ap, input, output, NULL);
PK11_FreeSlot(token->pk11slot);
nss_ZFreeIf(ap);
}
NSS_IMPLEMENT NSSItem *
nssItem_Create
(
NSSArena *arenaOpt,
NSSItem *rvOpt,
PRUint32 length,
const void *data
)
{
NSSItem *rv = (NSSItem *)NULL;
#ifdef DEBUG
if( (NSSArena *)NULL != arenaOpt ) {
if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
return (NSSItem *)NULL;
}
}
if( (const void *)NULL == data ) {
if( length > 0 ) {
nss_SetError(NSS_ERROR_INVALID_POINTER);
return (NSSItem *)NULL;
}
}
#endif /* DEBUG */
if( (NSSItem *)NULL == rvOpt ) {
rv = (NSSItem *)nss_ZNEW(arenaOpt, NSSItem);
if( (NSSItem *)NULL == rv ) {
goto loser;
}
} else {
rv = rvOpt;
}
rv->size = length;
rv->data = nss_ZAlloc(arenaOpt, length);
if( (void *)NULL == rv->data ) {
goto loser;
}
if( length > 0 ) {
(void)nsslibc_memcpy(rv->data, data, length);
}
return rv;
loser:
if( rv != rvOpt ) {
nss_ZFreeIf(rv);
}
return (NSSItem *)NULL;
}
NSS_IMPLEMENT PRStatus
nssSession_Destroy(nssSession *s)
{
PRStatus rv = PR_SUCCESS;
if (s) {
if (s->isRW) {
PK11_RestoreROSession(s->slot->pk11slot, s->handle);
}
rv = nss_ZFreeIf(s);
}
return rv;
}
static void PR_CALLBACK
nss_arena_hash_free_entry
(
void *pool,
PLHashEntry *he,
PRUintn flag
)
{
if( HT_FREE_ENTRY == flag ) {
(void)nss_ZFreeIf(he);
}
}
/*
* nssHash_Destroy
*
*/
NSS_IMPLEMENT void
nssHash_Destroy
(
nssHash *hash
)
{
(void)PZ_DestroyLock(hash->mutex);
PL_HashTableDestroy(hash->plHashTable);
if (hash->i_alloced_arena) {
nssArena_Destroy(hash->arena);
} else {
nss_ZFreeIf(hash);
}
}
NSS_IMPLEMENT PRStatus
nssSession_Destroy
(
nssSession *s
)
{
CK_RV ckrv = CKR_OK;
if (s) {
if (s->isRW) {
PK11_RestoreROSession(s->slot->pk11slot, s->handle);
}
nss_ZFreeIf(s);
}
return (ckrv == CKR_OK) ? PR_SUCCESS : PR_FAILURE;
}
static void match_nickname(const void *k, void *v, void *a)
{
PRStatus nssrv;
NSSCertificate *c;
NSSUTF8 *nickname;
nssList *subjectList = (nssList *)v;
struct nickname_template_str *nt = (struct nickname_template_str *)a;
nssrv = nssList_GetArray(subjectList, (void **)&c, 1);
nickname = nssCertificate_GetNickname(c, NULL);
if (nssrv == PR_SUCCESS && nickname &&
nssUTF8_Equal(nickname, nt->nickname, &nssrv))
{
nt->subjectList = subjectList;
}
nss_ZFreeIf(nickname);
}
NSS_IMPLEMENT void
nss_dbm_db_close
(
nss_dbm_db_t *db
)
{
if( (NSSCKFWMutex *)NULL != db->crustylock ) {
(void)NSSCKFWMutex_Destroy(db->crustylock);
}
if( (DB *)NULL != db->db ) {
(void)db->db->close(db->db);
}
nss_ZFreeIf(db);
}
/*
* nssCKFWCryptoOperation_Destroy
*/
NSS_EXTERN void
nssCKFWCryptoOperation_Destroy
(
NSSCKFWCryptoOperation *fwOperation
)
{
if ((NSSCKMDCryptoOperation *) NULL != fwOperation->mdOperation) {
if ((void *) NULL != (void *)fwOperation->mdOperation->Destroy) {
fwOperation->mdOperation->Destroy(
fwOperation->mdOperation,
fwOperation,
fwOperation->mdInstance,
fwOperation->fwInstance);
}
}
nss_ZFreeIf(fwOperation);
}
/*
** Delete trust objects matching the given slot.
** Returns error if a device fails to delete.
**
** This function has the side effect of moving the
** surviving entries to the front of the object list
** and nullifying the rest.
*/
static PRStatus
DeleteCertTrustMatchingSlot(PK11SlotInfo *pk11slot, nssPKIObject *tObject)
{
int numNotDestroyed = 0; /* the ones skipped plus the failures */
int failureCount = 0; /* actual deletion failures by devices */
unsigned int index;
nssPKIObject_AddRef(tObject);
nssPKIObject_Lock(tObject);
/* Keep going even if a module fails to delete. */
for (index = 0; index < tObject->numInstances; index++) {
nssCryptokiObject *instance = tObject->instances[index];
if (!instance) {
continue;
}
/* ReadOnly and not matched treated the same */
if (PK11_IsReadOnly(instance->token->pk11slot) ||
pk11slot != instance->token->pk11slot) {
tObject->instances[numNotDestroyed++] = instance;
continue;
}
/* Here we have found a matching one */
tObject->instances[index] = NULL;
if (nssToken_DeleteStoredObject(instance) == PR_SUCCESS) {
nssCryptokiObject_Destroy(instance);
} else {
tObject->instances[numNotDestroyed++] = instance;
failureCount++;
}
}
if (numNotDestroyed == 0) {
nss_ZFreeIf(tObject->instances);
tObject->numInstances = 0;
} else {
tObject->numInstances = numNotDestroyed;
}
nssPKIObject_Unlock(tObject);
nssPKIObject_Destroy(tObject);
return failureCount == 0 ? PR_SUCCESS : PR_FAILURE;
}
NSS_IMPLEMENT nssSession *
nssSlot_CreateSession
(
NSSSlot *slot,
NSSArena *arenaOpt,
PRBool readWrite
)
{
nssSession *rvSession;
if (!readWrite) {
/* nss3hack version only returns rw swssions */
return NULL;
}
rvSession = nss_ZNEW(arenaOpt, nssSession);
if (!rvSession) {
return (nssSession *)NULL;
}
rvSession->handle = PK11_GetRWSession(slot->pk11slot);
if (rvSession->handle == CK_INVALID_HANDLE) {
nss_ZFreeIf(rvSession);
return NULL;
}
rvSession->isRW = PR_TRUE;
rvSession->slot = slot;
/*
* The session doesn't need its own lock. Here's why.
* 1. If we are reusing the default RW session of the slot,
* the slot lock is already locked to protect the session.
* 2. If the module is not thread safe, the slot (or rather
* module) lock is already locked.
* 3. If the module is thread safe and we are using a new
* session, no higher-level lock has been locked and we
* would need a lock for the new session. However, the
* current usage of the session is that it is always
* used and destroyed within the same function and never
* shared with another thread.
* So the session is either already protected by another
* lock or only used by one thread.
*/
rvSession->lock = NULL;
rvSession->ownLock = PR_FALSE;
return rvSession;
}
static PRStatus
add_certificate_entry (
nssCertificateStore *store,
NSSCertificate *cert
)
{
PRStatus nssrv;
certificate_hash_entry *entry;
entry = nss_ZNEW(cert->object.arena, certificate_hash_entry);
if (!entry) {
return PR_FAILURE;
}
entry->cert = cert;
nssrv = nssHash_Add(store->issuer_and_serial, cert, entry);
if (nssrv != PR_SUCCESS) {
nss_ZFreeIf(entry);
}
return nssrv;
}
