Fix for 249488 - root cert module requires locking functions in CK_C_INITIALIZE_ARGS . r=ian, sr=relyea

security/nss/lib/ckfw/ckfw.h

@@ -38,7 +38,7 @@
 #define CKFW_H
 
 #ifdef DEBUG
-static const char CKFW_CVS_ID[] = "@(#) $RCSfile: ckfw.h,v $ $Revision: 1.4 $ $Date: 2004/04/25 15:03:04 $ $Name:  $";
+static const char CKFW_CVS_ID[] = "@(#) $RCSfile: ckfw.h,v $ $Revision: 1.5 $ $Date: 2004/07/29 22:51:00 $ $Name:  $";
 #endif /* DEBUG */
 
 /*
@@ -110,6 +110,7 @@ NSS_EXTERN NSSCKFWInstance *
 nssCKFWInstance_Create
 (
   CK_C_INITIALIZE_ARGS_PTR pInitArgs,
+  CryptokiLockingState LockingState,
   NSSCKMDInstance *mdInstance,
   CK_RV *pError
 );
@@ -1824,6 +1825,7 @@ NSS_EXTERN NSSCKFWMutex *
 nssCKFWMutex_Create
 (
   CK_C_INITIALIZE_ARGS_PTR pInitArgs,
+  CryptokiLockingState LockingState,
   NSSArena *arena,
   CK_RV *pError
 );

security/nss/lib/ckfw/ckfwm.h

@@ -38,7 +38,7 @@
 #define CKFWM_H
 
 #ifdef DEBUG
-static const char CKFWM_CVS_ID[] = "@(#) $RCSfile: ckfwm.h,v $ $Revision: 1.3 $ $Date: 2004/04/25 15:03:04 $ $Name:  $";
+static const char CKFWM_CVS_ID[] = "@(#) $RCSfile: ckfwm.h,v $ $Revision: 1.4 $ $Date: 2004/07/29 22:51:00 $ $Name:  $";
 #endif /* DEBUG */
 
 /*
@@ -161,9 +161,10 @@ nssCKFWHash_Iterate
   void *closure
 );
 
-NSS_EXTERN void
+NSS_EXTERN CK_RV
 nssSetLockArgs(
-   CK_C_INITIALIZE_ARGS_PTR pInitArgs
+   CK_C_INITIALIZE_ARGS_PTR pInitArgs,
+   CryptokiLockingState* returned
 );
 
 

security/nss/lib/ckfw/instance.c

@@ -35,7 +35,7 @@
  * ***** END LICENSE BLOCK ***** */
 
 #ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile: instance.c,v $ $Revision: 1.8 $ $Date: 2004/04/25 15:03:04 $ $Name:  $";
+static const char CVS_ID[] = "@(#) $RCSfile: instance.c,v $ $Revision: 1.9 $ $Date: 2004/07/29 22:51:00 $ $Name:  $";
 #endif /* DEBUG */
 
 /*
@@ -100,6 +100,8 @@ struct NSSCKFWInstanceStr {
   NSSArena *arena;
   NSSCKMDInstance *mdInstance;
   CK_C_INITIALIZE_ARGS_PTR pInitArgs;
+  CK_C_INITIALIZE_ARGS initArgs;
+  CryptokiLockingState LockingState;
   CK_BBOOL mayCreatePthreads;
   NSSUTF8 *configurationData;
   CK_ULONG nSlots;
@@ -191,6 +193,7 @@ NSS_IMPLEMENT NSSCKFWInstance *
 nssCKFWInstance_Create
 (
   CK_C_INITIALIZE_ARGS_PTR pInitArgs,
+  CryptokiLockingState LockingState,
   NSSCKMDInstance *mdInstance,
   CK_RV *pError
 )
@@ -224,9 +227,11 @@ nssCKFWInstance_Create
 
   fwInstance->arena = arena;
   fwInstance->mdInstance = mdInstance;
-  fwInstance->pInitArgs = pInitArgs;
 
+  fwInstance->LockingState = LockingState;
   if( (CK_C_INITIALIZE_ARGS_PTR)NULL != pInitArgs ) {
+    fwInstance->initArgs = *pInitArgs;
+    fwInstance->pInitArgs = &fwInstance->initArgs;
     if( pInitArgs->flags & CKF_LIBRARY_CANT_CREATE_OS_THREADS ) {
       fwInstance->mayCreatePthreads = CK_FALSE;
     } else {
@@ -237,7 +242,8 @@ nssCKFWInstance_Create
     fwInstance->mayCreatePthreads = CK_TRUE;
   }
 
-  fwInstance->mutex = nssCKFWMutex_Create(pInitArgs, arena, pError);
+  fwInstance->mutex = nssCKFWMutex_Create(pInitArgs, LockingState, arena,
+                                          pError);
   if( (NSSCKFWMutex *)NULL == fwInstance->mutex ) {
     if( CKR_OK == *pError ) {
       *pError = CKR_GENERAL_ERROR;
@@ -361,7 +367,9 @@ nssCKFWInstance_Create
     }
   }
 
-  (void)NSSArena_Destroy(arena);
+  if (arena) {
+    (void)NSSArena_Destroy(arena);
+  }
   return (NSSCKFWInstance *)NULL;
 }
 
@@ -502,7 +510,8 @@ nssCKFWInstance_CreateMutex
   }
 #endif /* NSSDEBUG */
 
-  mutex = nssCKFWMutex_Create(fwInstance->pInitArgs, arena, pError);
+  mutex = nssCKFWMutex_Create(fwInstance->pInitArgs, fwInstance->LockingState,
+                              arena, pError);
   if( (NSSCKFWMutex *)NULL == mutex ) {
     if( CKR_OK == *pError ) {
       *pError = CKR_GENERAL_ERROR;

security/nss/lib/ckfw/mutex.c

@@ -35,7 +35,7 @@
  * ***** END LICENSE BLOCK ***** */
 
 #ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile: mutex.c,v $ $Revision: 1.3 $ $Date: 2004/04/25 15:03:04 $ $Name:  $";
+static const char CVS_ID[] = "@(#) $RCSfile: mutex.c,v $ $Revision: 1.4 $ $Date: 2004/07/29 22:51:00 $ $Name:  $";
 #endif /* DEBUG */
 
 /*
@@ -132,79 +132,39 @@ NSS_EXTERN NSSCKFWMutex *
 nssCKFWMutex_Create
 (
   CK_C_INITIALIZE_ARGS_PTR pInitArgs,
+  CryptokiLockingState LockingState,
   NSSArena *arena,
   CK_RV *pError
 )
 {
   NSSCKFWMutex *mutex;
-  CK_ULONG count = (CK_ULONG)0;
+  
-  CK_BBOOL os_ok = CK_FALSE;
-
-  if( (CK_C_INITIALIZE_ARGS_PTR)NULL != pInitArgs ) {
-    if( (CK_CREATEMUTEX )NULL != pInitArgs->CreateMutex  ) count++;
-    if( (CK_DESTROYMUTEX)NULL != pInitArgs->DestroyMutex ) count++;
-    if( (CK_LOCKMUTEX   )NULL != pInitArgs->LockMutex    ) count++;
-    if( (CK_UNLOCKMUTEX )NULL != pInitArgs->UnlockMutex  ) count++;
-    os_ok = (pInitArgs->flags & CKF_OS_LOCKING_OK) ? CK_TRUE : CK_FALSE;
-
-    if( (0 != count) && (4 != count) ) {
-      *pError = CKR_ARGUMENTS_BAD;
-      return (NSSCKFWMutex *)NULL;
-    }
-  }
-
-  if( (0 == count) && (CK_TRUE == os_ok) ) {
-    /*
-     * This is case #2 in the description of C_Initialize:
-     * The library will be called in a multithreaded way, but
-     * no routines were specified: os locking calls should be
-     * used.  Unfortunately, this can be hard.. like, I think
-     * I may have to dynamically look up the entry points in
-     * the instance of NSPR already going in the application.
-     *
-     * I know that *we* always specify routines, so this only
-     * comes up if someone is using NSS to create their own
-     * PCKS#11 modules for other products.  Oh, heck, I'll 
-     * worry about this then.
-     */
-    *pError = CKR_CANT_LOCK;
-    return (NSSCKFWMutex *)NULL;
-  }
-
   mutex = nss_ZNEW(arena, NSSCKFWMutex);
   if( (NSSCKFWMutex *)NULL == mutex ) {
     *pError = CKR_HOST_MEMORY;
     return (NSSCKFWMutex *)NULL;
   }
 
-  if( 0 == count ) {
+  switch (LockingState)
-    /*
+  {
-     * With the above test out of the way, we know this is case
+      default:
-     * #1 in the description of C_Initialize: this library will
+      case SingleThreaded:
-     * not be called in a multithreaded way.  I'll just return
+          mutex->Destroy = (CK_DESTROYMUTEX)mutex_noop;
-     * an object with noop calls.
+          mutex->Lock    = (CK_LOCKMUTEX   )mutex_noop;
-     */
+          mutex->Unlock  = (CK_UNLOCKMUTEX )mutex_noop;
+          break;
 
-    mutex->Destroy = (CK_DESTROYMUTEX)mutex_noop;
+      case MultiThreaded:
-    mutex->Lock    = (CK_LOCKMUTEX   )mutex_noop;
+          *pError = pInitArgs->CreateMutex(&mutex->etc);
-    mutex->Unlock  = (CK_UNLOCKMUTEX )mutex_noop;
+          mutex->Destroy = pInitArgs->DestroyMutex;
-  } else {
+          mutex->Lock    = pInitArgs->LockMutex;
-    /*
+          mutex->Unlock  = pInitArgs->UnlockMutex;
-     * We know that we're in either case #3 or #4 in the description
+          break;
-     * of C_Initialize.  Case #3 says we should use the specified
+  }
-     * functions, case #4 cays we can use either the specified ones
-     * or the OS ones.  I'll use the specified ones.
-     */
-
-    mutex->Destroy = pInitArgs->DestroyMutex;
-    mutex->Lock    = pInitArgs->LockMutex;
-    mutex->Unlock  = pInitArgs->UnlockMutex;
     
-    *pError = pInitArgs->CreateMutex(&mutex->etc);
+  if( CKR_OK != *pError ) {
-    if( CKR_OK != *pError ) {
+    (void)nss_ZFreeIf(mutex);
-      (void)nss_ZFreeIf(mutex);
+    return (NSSCKFWMutex *)NULL;
-      return (NSSCKFWMutex *)NULL;
-    }
   }
 
 #ifdef DEBUG
@@ -346,3 +306,4 @@ NSSCKFWMutex_Unlock
 
   return nssCKFWMutex_Unlock(mutex);
 }
+

security/nss/lib/ckfw/nsprstub.c

@@ -42,7 +42,7 @@
  * SW FORTEZZA to link with some low level security functions without dragging
  * in NSPR.
  *
- * $Id: nsprstub.c,v 1.5 2004/04/25 15:03:04 gerv%gerv.net Exp $
+ * $Id: nsprstub.c,v 1.6 2004/07/29 22:51:00 jpierre%netscape.com Exp $
  */
 
 #include "seccomon.h"
@@ -348,15 +348,76 @@ PR_IMPLEMENT(PRInt32) PR_AtomicSet(PRInt32 *val) { return ++(*val); }
 PR_IMPLEMENT(PRInt32) PR_AtomicIncrement(PRInt32 *val) { return ++(*val); }
 #endif /* ! (WIN32 && GCC) */
 
-CK_C_INITIALIZE_ARGS_PTR nssstub_initArgs = NULL;
+static CK_C_INITIALIZE_ARGS_PTR nssstub_pInitArgs = NULL;
-NSSArena *nssstub_arena = NULL;
+static CK_C_INITIALIZE_ARGS nssstub_initArgs;
-PR_IMPLEMENT(void)
+static NSSArena *nssstub_arena = NULL;
-nssSetLockArgs(CK_C_INITIALIZE_ARGS_PTR pInitArgs)
+static CryptokiLockingState nssstub_LockingState = SingleThreaded;
+
+PR_IMPLEMENT(CK_RV)
+nssSetLockArgs(CK_C_INITIALIZE_ARGS_PTR pInitArgs, CryptokiLockingState* returned)
 {
-    if (nssstub_initArgs == NULL) {
+    CK_ULONG count = (CK_ULONG)0;
-	nssstub_initArgs = pInitArgs;
+    CK_BBOOL os_ok = CK_FALSE;
+    CK_RV rv = CKR_OK;
+    if (nssstub_pInitArgs == NULL) {
+	if (pInitArgs != NULL) {
+	    nssstub_initArgs = *pInitArgs;
+	    nssstub_pInitArgs = &nssstub_initArgs;
+            if( (CK_CREATEMUTEX )NULL != pInitArgs->CreateMutex  ) count++;
+            if( (CK_DESTROYMUTEX)NULL != pInitArgs->DestroyMutex ) count++;
+            if( (CK_LOCKMUTEX   )NULL != pInitArgs->LockMutex    ) count++;
+            if( (CK_UNLOCKMUTEX )NULL != pInitArgs->UnlockMutex  ) count++;
+            os_ok = (pInitArgs->flags & CKF_OS_LOCKING_OK) ? CK_TRUE : CK_FALSE;
+
+            if( (0 != count) && (4 != count) ) {
+                rv = CKR_ARGUMENTS_BAD;
+                goto loser;
+            }
+	} else {
+	    nssstub_pInitArgs = pInitArgs;
+	}
 	/* nssstub_arena = NSSArena_Create(); */
     }
+
+    if( (0 == count) && (CK_TRUE == os_ok) ) {
+      /*
+       * This is case #2 in the description of C_Initialize:
+       * The library will be called in a multithreaded way, but
+       * no routines were specified: os locking calls should be
+       * used.  Unfortunately, this can be hard.. like, I think
+       * I may have to dynamically look up the entry points in
+       * the instance of NSPR already going in the application.
+       *
+       * I know that *we* always specify routines, so this only
+       * comes up if someone is using NSS to create their own
+       * PCKS#11 modules for other products.  Oh, heck, I'll 
+       * worry about this then.
+       */
+      rv = CKR_CANT_LOCK;
+      goto loser;
+    }
+
+    if( 0 == count ) {
+      /*
+       * With the above test out of the way, we know this is case
+       * #1 in the description of C_Initialize: this library will
+       * not be called in a multithreaded way.
+       */
+
+      nssstub_LockingState = SingleThreaded;
+    } else {
+      /*
+       * We know that we're in either case #3 or #4 in the description
+       * of C_Initialize.  Case #3 says we should use the specified
+       * functions, case #4 cays we can use either the specified ones
+       * or the OS ones.  I'll use the specified ones.
+       */
+      nssstub_LockingState = MultiThreaded;
+    }
+
+    loser:
+    *returned = nssstub_LockingState;
+    return rv;
 }
 
 /*
@@ -372,7 +433,7 @@ PR_NewLock(void) {
 	NSSCKFWMutex *mlock = NULL;
 	CK_RV error;
 
-	mlock = nssCKFWMutex_Create(nssstub_initArgs,nssstub_arena,&error);
+	mlock = nssCKFWMutex_Create(nssstub_pInitArgs,nssstub_LockingState,nssstub_arena,&error);
 	lock = (PRLock *)mlock;
 
 	/* if we don't have a lock, nssCKFWMutex can deal with things */

security/nss/lib/ckfw/nssckfwt.h

@@ -38,7 +38,7 @@
 #define NSSCKFWT_H
 
 #ifdef DEBUG
-static const char NSSCKFWT_CVS_ID[] = "@(#) $RCSfile: nssckfwt.h,v $ $Revision: 1.2 $ $Date: 2004/04/25 15:03:04 $ $Name:  $";
+static const char NSSCKFWT_CVS_ID[] = "@(#) $RCSfile: nssckfwt.h,v $ $Revision: 1.3 $ $Date: 2004/07/29 22:51:00 $ $Name:  $";
 #endif /* DEBUG */
 
 /*
@@ -111,4 +111,9 @@ typedef struct NSSCKFWFindObjectsStr NSSCKFWFindObjects;
 struct NSSCKFWMutexStr;
 typedef struct NSSCKFWMutexStr NSSCKFWMutex;
 
+typedef enum {
+    SingleThreaded,
+    MultiThreaded
+} CryptokiLockingState ;
+
 #endif /* NSSCKFWT_H */

security/nss/lib/ckfw/wrap.c

@@ -35,7 +35,7 @@
  * ***** END LICENSE BLOCK ***** */
 
 #ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile: wrap.c,v $ $Revision: 1.10 $ $Date: 2004/04/25 15:03:04 $ $Name:  $";
+static const char CVS_ID[] = "@(#) $RCSfile: wrap.c,v $ $Revision: 1.11 $ $Date: 2004/07/29 22:51:00 $ $Name:  $";
 #endif /* DEBUG */
 
 /*
@@ -138,6 +138,7 @@ NSSCKFWC_Initialize
 )
 {
   CK_RV error = CKR_OK;
+  CryptokiLockingState locking_state;
 
   if( (NSSCKFWInstance **)NULL == pFwInstance ) {
     error = CKR_GENERAL_ERROR;
@@ -157,9 +158,12 @@ NSSCKFWC_Initialize
   /* remember the locking args for those times we need to get a lock in code
    * outside the framework.
    */
-  nssSetLockArgs(pInitArgs);
+  error = nssSetLockArgs(pInitArgs, &locking_state);
+  if (CKR_OK != error) {
+      goto loser;
+  }
 
-  *pFwInstance = nssCKFWInstance_Create(pInitArgs, mdInstance, &error);
+  *pFwInstance = nssCKFWInstance_Create(pInitArgs, locking_state, mdInstance, &error);
   if( (NSSCKFWInstance *)NULL == *pFwInstance ) {
     goto loser;
   }