From 3da76654479f4a595d05e54d896d733a37715d12 Mon Sep 17 00:00:00 2001
From: David Keeler <dkeeler@mozilla.com>
Date: Thu, 3 Dec 2015 16:22:34 -0800
Subject: [PATCH] bug 1230377 - part 1/2: ensure nsKeyObject releases NSS
 resources on shutdown r=jcj

--HG--
extra : rebase_source : 869dfb9450224677a05ac8566056872e8ff82c82
---
 security/manager/ssl/nsKeyModule.cpp | 32 +++++++++++++++++++++++++---
 security/manager/ssl/nsKeyModule.h   | 15 +++++++++----
 2 files changed, 40 insertions(+), 7 deletions(-)

diff --git a/security/manager/ssl/nsKeyModule.cpp b/security/manager/ssl/nsKeyModule.cpp
index 40cb36005ebe..9e02fbc41877 100644
--- a/security/manager/ssl/nsKeyModule.cpp
+++ b/security/manager/ssl/nsKeyModule.cpp
@@ -21,11 +21,22 @@ nsKeyObject::nsKeyObject()
 
 nsKeyObject::~nsKeyObject()
 {
-  CleanUp();
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+  destructorSafeDestroyNSSReference();
+  shutdown(calledFromObject);
 }
 
 void
-nsKeyObject::CleanUp()
+nsKeyObject::virtualDestroyNSSReference()
+{
+  destructorSafeDestroyNSSReference();
+}
+
+void
+nsKeyObject::destructorSafeDestroyNSSReference()
 {
   switch (mKeyType) {
     case nsIKeyObject::SYM_KEY:
@@ -53,8 +64,13 @@ nsKeyObject::CleanUp()
 NS_IMETHODIMP
 nsKeyObject::InitKey(int16_t aAlgorithm, void * aKey)
 {
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
   // Clear previous key data if it exists
-  CleanUp();
+  destructorSafeDestroyNSSReference();
 
   switch (aAlgorithm) {
     case nsIKeyObject::RC4:
@@ -85,6 +101,11 @@ nsKeyObject::InitKey(int16_t aAlgorithm, void * aKey)
 NS_IMETHODIMP
 nsKeyObject::GetKeyObj(void * *_retval)
 {
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
   if (mKeyType == 0)
     return NS_ERROR_NOT_INITIALIZED;
 
@@ -145,6 +166,11 @@ NS_IMETHODIMP
 nsKeyObjectFactory::KeyFromString(int16_t aAlgorithm, const nsACString & aKey,
                                   nsIKeyObject **_retval)
 {
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
   CK_MECHANISM_TYPE cipherMech;
   CK_ATTRIBUTE_TYPE cipherOperation;
   switch (aAlgorithm)
diff --git a/security/manager/ssl/nsKeyModule.h b/security/manager/ssl/nsKeyModule.h
index b1e6c2d38aa8..2ca23b1d678d 100644
--- a/security/manager/ssl/nsKeyModule.h
+++ b/security/manager/ssl/nsKeyModule.h
@@ -5,9 +5,10 @@
 #ifndef _NS_KEYMODULE_H_
 #define _NS_KEYMODULE_H_
 
-#include "nsIKeyModule.h"
-#include "pk11pub.h"
 #include "mozilla/Attributes.h"
+#include "nsIKeyModule.h"
+#include "nsNSSShutDown.h"
+#include "pk11pub.h"
 
 /* eae599aa-ecef-49c6-a8af-6ddcc6feb484 */
 #define NS_KEYMODULEOBJECT_CID   \
@@ -21,6 +22,7 @@
 "@mozilla.org/security/keyobjectfactory;1"
 
 class nsKeyObject final : public nsIKeyObject
+                        , public nsNSSShutDownObject
 {
 public:
   nsKeyObject();
@@ -42,12 +44,14 @@ private:
   SECKEYPrivateKey* mPrivateKey;
   SECKEYPublicKey* mPublicKey;
 
-  // Helper method to free memory used by keys.
-  void CleanUp();
+
+  virtual void virtualDestroyNSSReference() override;
+  void destructorSafeDestroyNSSReference();
 };
 
 
 class nsKeyObjectFactory final : public nsIKeyObjectFactory
+                               , public nsNSSShutDownObject
 {
 public:
   nsKeyObjectFactory();
@@ -60,6 +64,9 @@ private:
 
   // Disallow copy constructor
   nsKeyObjectFactory(nsKeyObjectFactory&);
+
+  // No NSS resources to release.
+  virtual void virtualDestroyNSSReference() override {}
 };
 
 #endif // _NS_KEYMODULE_H_