mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Fix several memory leaks. 

Adjust the default hash sizes down for mozilla client.
Merge the NSS 3.3 key check and signature check stuff.
This commit is contained in:
relyea%netscape.com 2001-11-30 23:24:35 +00:00
Родитель 4bf178bdc6
Коммит 4716955bf3
10 изменённых файлов: 230 добавлений и 147 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

5
security/nss/lib/softoken/config.mk
Просмотреть файл

@ -41,6 +41,11 @@
#IMPORT_LIBRARY =
#PROGRAM =
ifdef MOZILLA_CLIENT
DEFINES += -DMOZ_CLIENT
endif
# can't do this in manifest.mn because OS_ARCH isn't defined there.
ifeq ($(OS_ARCH), WINNT)

26
security/nss/lib/softoken/dbinit.c
Просмотреть файл

@ -32,7 +32,7 @@
* may use your version of this file under either the MPL or the
* GPL.
*
# $Id: dbinit.c,v 1.6 2001/11/15 23:04:39 relyea%netscape.com Exp $
# $Id: dbinit.c,v 1.7 2001/11/30 23:24:29 relyea%netscape.com Exp $
*/
#include <ctype.h>
@ -209,24 +209,18 @@ loser:
}
#ifdef notdef
void
pk11_Shutdown(void)
pk11_DBShutdown(NSSLOWCERTCertDBHandle *certHandle,
NSSLOWKEYDBHandle *keyHandle)
{
NSSLOWCERTCertDBHandle *certHandle;
NSSLOWKEYDBHandle *keyHandle;
PR_FREEIF(secmodname);
certHandle = nsslowcert_GetDefaultCertDB();
if (certHandle)
if (certHandle) {
nsslowcert_ClosePermCertDB(certHandle);
nsslowcert_SetDefaultCertDB(NULL);
PORT_Free(certHandle);
certHandle= NULL;
}
keyHandle = nsslowkey_GetDefaultKeyDB();
if (keyHandle)
if (keyHandle) {
nsslowkey_CloseKeyDB(keyHandle);
nsslowkey_SetDefaultKeyDB(NULL);
isInitialized = PR_FALSE;
keyHandle= NULL;
}
}
#endif

28
security/nss/lib/softoken/keydb.c
Просмотреть файл

@ -32,7 +32,7 @@
*
* Private Key Database code
*
* $Id: keydb.c,v 1.10 2001/11/15 23:04:39 relyea%netscape.com Exp $
* $Id: keydb.c,v 1.11 2001/11/30 23:24:29 relyea%netscape.com Exp $
*/
#include "lowkeyi.h"
@ -1093,13 +1093,14 @@ void
nsslowkey_CloseKeyDB(NSSLOWKEYDBHandle *handle)
{
if (handle != NULL) {
if (handle == nsslowkey_GetDefaultKeyDB()) {
nsslowkey_SetDefaultKeyDB(NULL);
}
if (handle->db != NULL) {
(* handle->db->close)(handle->db);
}
if (handle->dbname) PORT_Free(handle->dbname);
if (handle->global_salt) {
SECITEM_FreeItem(handle->global_salt,PR_TRUE);
}
PORT_Free(handle);
}
}
@ -1113,25 +1114,6 @@ nsslowkey_GetKeyDBVersion(NSSLOWKEYDBHandle *handle)
return handle->version;
}
/*
* Allow use of default key database, so that apps (such as mozilla) do
* not have to pass the handle all over the place.
*/
static NSSLOWKEYDBHandle *sec_default_key_db = NULL;
void
nsslowkey_SetDefaultKeyDB(NSSLOWKEYDBHandle *handle)
{
sec_default_key_db = handle;
}
NSSLOWKEYDBHandle *
nsslowkey_GetDefaultKeyDB(void)
{
return sec_default_key_db;
}
/*
* Delete a private key that was stored in the database
*/

57
security/nss/lib/softoken/lowcert.c
Просмотреть файл

@ -34,7 +34,7 @@
/*
* Certificate handling code
*
* $Id: lowcert.c,v 1.2 2001/11/08 00:15:34 relyea%netscape.com Exp $
* $Id: lowcert.c,v 1.3 2001/11/30 23:24:30 relyea%netscape.com Exp $
*/
#include "seccomon.h"
@ -118,44 +118,6 @@ const SEC_ASN1Template nsslowcert_DHPublicKeyTemplate[] = {
};
static PZLock *pcertRefCountLock = NULL;
/*
* Acquire the cert reference count lock
* There is currently one global lock for all certs, but I'm putting a cert
* arg here so that it will be easy to make it per-cert in the future if
* that turns out to be necessary.
*/
void
nsslowcert_LockCertRefCount(NSSLOWCERTCertificate *cert)
{
if ( pcertRefCountLock == NULL ) {
nss_InitLock(&pcertRefCountLock, nssILockRefLock);
PORT_Assert(pcertRefCountLock != NULL);
}
PZ_Lock(pcertRefCountLock);
return;
}
/*
* Free the cert reference count lock
*/
void
nsslowcert_UnlockCertRefCount(NSSLOWCERTCertificate *cert)
{
PRStatus prstat;
PORT_Assert(pcertRefCountLock != NULL);
prstat = PZ_Unlock(pcertRefCountLock);
PORT_Assert(prstat == PR_SUCCESS);
return;
}
NSSLOWCERTCertificate *
nsslowcert_DupCertificate(NSSLOWCERTCertificate *c)
{
@ -319,23 +281,6 @@ nsslowcert_DecodeDERCertificate(SECItem *derSignedCert, PRBool copyDER,
cert->dbEntry = NULL;
cert ->trust = NULL;
#ifdef notdef
/* these fields are used by client GUI code to keep track of ssl sockets
* that are blocked waiting on GUI feedback related to this cert.
* XXX - these should be moved into some sort of application specific
* data structure. They are only used by the browser right now.
*/
struct SECSocketNode *socketlist;
int socketcount;
struct SECSocketNode *authsocketlist;
int authsocketcount;
/* This is PKCS #11 stuff. */
PK11SlotInfo *slot; /*if this cert came of a token, which is it*/
CK_OBJECT_HANDLE pkcs11ID; /*and which object on that token is it */
PRBool ownSlot; /*true if the cert owns the slot reference */
#endif
/* generate and save the database key for the cert */
rv = nsslowcert_KeyFromDERCert(arena, &cert->derCert, &cert->certKey);
if ( rv ) {

37
security/nss/lib/softoken/pcertdb.c
Просмотреть файл

@ -34,7 +34,7 @@
/*
* Permanent Certificate database handling code
*
* $Id: pcertdb.c,v 1.3 2001/11/15 23:04:40 relyea%netscape.com Exp $
* $Id: pcertdb.c,v 1.4 2001/11/30 23:24:30 relyea%netscape.com Exp $
*/
#include "prtime.h"
@ -117,7 +117,7 @@ static PZLock *certRefCountLock = NULL;
* arg here so that it will be easy to make it per-cert in the future if
* that turns out to be necessary.
*/
static void
void
nsslowcert_LockCertRefCount(NSSLOWCERTCertificate *cert)
{
if ( certRefCountLock == NULL ) {
@ -132,7 +132,7 @@ nsslowcert_LockCertRefCount(NSSLOWCERTCertificate *cert)
/*
* Free the cert reference count lock
*/
static void
void
nsslowcert_UnlockCertRefCount(NSSLOWCERTCertificate *cert)
{
PRStatus prstat;
@ -3898,23 +3898,21 @@ nsslowcert_TraversePermCerts(NSSLOWCERTCertDBHandle *handle,
* Close the database
*/
void
__nsslowcert_ClosePermCertDB(NSSLOWCERTCertDBHandle *handle)
nsslowcert_ClosePermCertDB(NSSLOWCERTCertDBHandle *handle)
{
if ( handle ) {
if ( handle->permCertDB ) {
certdb_Close( handle->permCertDB );
handle->permCertDB = 0;
handle->permCertDB = NULL;
}
if (handle->dbMon) {
PZ_DestroyMonitor(handle->dbMon);
handle->dbMon = NULL;
}
}
return;
}
void
nsslowcert_ClosePermCertDB(NSSLOWCERTCertDBHandle *handle)
{
__nsslowcert_ClosePermCertDB(handle);
}
/*
* Get the trust attributes from a certificate
*/
@ -4455,3 +4453,20 @@ loser:
}
return(rv);
}
void
nsslowcert_DestroyGlobalLocks()
{
if (dbLock) {
PZ_DestroyLock(dbLock);
dbLock = NULL;
}
if (certRefCountLock) {
PZ_DestroyLock(certRefCountLock);
certRefCountLock = NULL;
}
if (certTrustLock) {
PZ_DestroyLock(certTrustLock);
certTrustLock = NULL;
}
}

157
security/nss/lib/softoken/pkcs11.c
Просмотреть файл

@ -70,26 +70,6 @@ static char *manufacturerID = "mozilla.org ";
static char manufacturerID_space[33];
static char *libraryDescription = "NSS Internal Crypto Services ";
static char libraryDescription_space[33];
#ifdef notdef
static char *tokDescription = "NSS Generic Crypto Services ";
static char tokDescription_space[33];
static char *privTokDescription = "NSS Certificate DB ";
static char privTokDescription_space[33];
/* The next two strings must be exactly 64 characters long, with the
first 32 characters meaningful */
static char *slotDescription =
"NSS Internal Cryptographic Services Version 3.2 ";
static char slotDescription_space[65];
static char *privSlotDescription =
"NSS User Private Key and Certificate Services ";
static char privSlotDescription_space[65];
/* The next two strings must be exactly 64 characters long, with the
first 32 characters meaningful */
static char *slotDescription =
"Netscape Internal FIPS-140-1 Cryptographic Services ";
static char *privSlotDescription =
"Netscape FIPS-140-1 User Private Key Services ";
#endif
#define __PASTE(x,y) x##y
@ -178,7 +158,7 @@ static const desKey pk11_desWeakTable[] = {
{ 0x01, 0x1f, 0x01, 0x1f, 0x01, 0x0e, 0x01, 0x0e },
{ 0x1f, 0x01, 0x1f, 0x01, 0x0e, 0x01, 0x0e, 0x01 },
{ 0xe0, 0xfe, 0xe0, 0xfe, 0xf1, 0xfe, 0xf1, 0xfe },
{ 0xe0, 0xfe, 0xe0, 0xfe, 0xf1, 0xfe, 0xf1, 0xfe },
{ 0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf1, 0xfe, 0xf1 }
#endif
};
@ -417,7 +397,7 @@ static const struct mechanismList mechanisms[] = {
static CK_ULONG mechanismCount = sizeof(mechanisms)/sizeof(mechanisms[0]);
static char *
pk11_setStringName(char *inString, char *buffer, int buffer_length) {
pk11_setStringName(const char *inString, char *buffer, int buffer_length) {
int full_length, string_length;
full_length = buffer_length -1;
@ -425,14 +405,14 @@ pk11_setStringName(char *inString, char *buffer, int buffer_length) {
if (string_length > full_length) string_length = full_length;
PORT_Memset(buffer,' ',full_length);
buffer[full_length] = 0;
PORT_Memcpy(buffer,inString,full_length);
PORT_Memcpy(buffer,inString,string_length);
return buffer;
}
/*
* Configuration utils
*/
static CK_RV
pk11_configure(char *man, char *libdes)
pk11_configure(const char *man, const char *libdes)
{
/* make sure the internationalization was done correctly... */
@ -1138,6 +1118,8 @@ pk11_handlePrivateKeyObject(PK11Session *session,PK11Object *object,CK_KEY_TYPE
&ckfalse,sizeof(CK_BBOOL));
if (crv != CKR_OK) return crv;
/* should we check the non-token RSA private keys? */
if (pk11_isTrue(object,CKA_TOKEN)) {
PK11Slot *slot = session->slot;
NSSLOWKEYPrivateKey *privKey;
@ -1165,9 +1147,17 @@ pk11_handlePrivateKeyObject(PK11Session *session,PK11Object *object,CK_KEY_TYPE
PORT_Memcpy(pubKey.data,buf,sizeof(buf));
pubKey.len = sizeof(buf);
}
if (key_type == CKK_RSA) {
rv = RSA_PrivateKeyCheck(&privKey->u.rsa);
if (rv == SECFailure) {
goto fail;
}
}
rv = nsslowkey_StoreKeyByPublicKey(object->slot->keyDB,
privKey, &pubKey, label, object->slot->password);
fail:
if (label) PORT_Free(label);
object->handle = pk11_mkHandle(slot,&pubKey,PK11_TOKEN_TYPE_PRIV);
if (pubKey.data) PORT_Free(pubKey.data);
@ -1863,7 +1853,7 @@ pk11_HashNumber(const void *key)
* just go with the info in the slot. This is one place, however,
* where it might be a little difficult.
*/
char *
const char *
pk11_getDefTokName(CK_SLOT_ID slotID)
{
static char buf[33];
@ -1882,7 +1872,7 @@ pk11_getDefTokName(CK_SLOT_ID slotID)
return buf;
}
char *
const char *
pk11_getDefSlotName(CK_SLOT_ID slotID)
{
static char buf[65];
@ -1916,8 +1906,7 @@ static PLHashTable *nscSlotHashTable = NULL;
PK11Slot *
pk11_SlotFromID(CK_SLOT_ID slotID)
{
return (PK11Slot *)PL_HashTableLookupConst(nscSlotHashTable,
(void *)slotID);
return (PK11Slot *)PL_HashTableLookup(nscSlotHashTable, (void *)slotID);
}
PK11Slot *
@ -2061,6 +2050,54 @@ PK11_SlotInit(char *configdir,pk11_token_parameters *params)
return CKR_OK;
}
static PRIntn
pk11_freeHashItem(PLHashEntry* entry, PRIntn index, void *arg)
{
SECItem *item = (SECItem *)entry->value;
SECITEM_FreeItem(item, PR_TRUE);
return HT_ENUMERATE_NEXT;
}
/*
* initialize one of the slot structures. figure out which by the ID
*/
CK_RV
PK11_DestroySlot(PK11Slot *slot)
{
int i;
#ifdef PKCS11_USE_THREADS
if (slot->sessionLock) {
PZ_DestroyLock(slot->sessionLock);
slot->sessionLock = NULL;
}
if (slot->objectLock) {
PZ_DestroyLock(slot->objectLock);
slot->objectLock = NULL;
}
#endif
PL_HashTableEnumerateEntries(slot->tokenHashTable,pk11_freeHashItem,NULL);
PL_HashTableDestroy(slot->tokenHashTable);
for(i=0; i < TOKEN_OBJECT_HASH_SIZE; i++) {
PK11Object *object = slot->tokObjects[i];
slot->tokObjects[i] = NULL;
pk11_FreeObject(object);
}
for(i=0; i < SESSION_HASH_SIZE; i++) {
PK11Session *session = slot->head[i];
slot->head[i] = NULL;
pk11_FreeSession(session);
}
pk11_DBShutdown(slot->certDB,slot->keyDB);
PORT_Free(slot);
return CKR_OK;
}
/*
* handle the SECMOD.db
*/
@ -2087,16 +2124,16 @@ NSC_ModuleDBFunc(unsigned long function,char *parameters, char *args)
}
static PRBool nsc_init = PR_FALSE;
/* NSC_Initialize initializes the Cryptoki library. */
CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS)
{
static PRBool init = PR_FALSE;
CK_RV crv = CKR_OK;
SECStatus rv;
CK_C_INITIALIZE_ARGS *init_args = (CK_C_INITIALIZE_ARGS *) pReserved;
int i;
if (init) {
if (nsc_init) {
return crv;
}
@ -2122,7 +2159,7 @@ CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS)
pk11_parameters paramStrings;
crv = secmod_parseParameters
((char *)init_args->LibraryParameters,&paramStrings, isFIPS);
((char *)init_args->LibraryParameters, &paramStrings, isFIPS);
if (crv != CKR_OK) {
return crv;
}
@ -2133,13 +2170,13 @@ CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS)
for (i=0; i < paramStrings.token_count; i++) {
crv =
PK11_SlotInit(paramStrings.configdir,&paramStrings.tokens[i]);
PK11_SlotInit(paramStrings.configdir, &paramStrings.tokens[i]);
if (crv != CKR_OK) break;
}
loser:
secmod_freeParams(&paramStrings);
}
init = (PRBool) (crv == CKR_OK);
nsc_init = (PRBool) (crv == CKR_OK);
return crv;
}
@ -2153,6 +2190,60 @@ CK_RV NSC_Initialize(CK_VOID_PTR pReserved)
* Cryptoki library.*/
CK_RV NSC_Finalize (CK_VOID_PTR pReserved)
{
PK11Slot *slot = NULL;
CK_SLOT_ID slotID;
int i;
if (!nsc_init) {
return CKR_OK;
}
/* free all the slots */
if (nscSlotList) {
CK_ULONG tmpSlotCount = nscSlotCount;
CK_ULONG tmpSlotListSize = nscSlotListSize;
CK_SLOT_ID_PTR tmpSlotList = nscSlotList;
PLHashTable *tmpSlotHashTable = nscSlotHashTable;
/* now clear out the statics */
nscSlotList = NULL;
nscSlotCount = 0;
nscSlotHashTable = NULL;
nscSlotListSize = 0;
for (i=0; i < tmpSlotCount; i++) {
slotID = tmpSlotList[i];
slot = (PK11Slot *)
PL_HashTableLookup(tmpSlotHashTable, (void *)slotID);
PORT_Assert(slot);
if (!slot) continue;
PK11_DestroySlot(slot);
PL_HashTableRemove(tmpSlotHashTable, (void *)slotID);
}
PORT_Free(tmpSlotList);
PL_HashTableDestroy(tmpSlotHashTable);
}
nsslowcert_DestroyGlobalLocks();
#ifdef LEAK_TEST
/*
* do we really want to throw away all our hard earned entropy here!!?
* No we don't! Not calling RNG_RNGShutdown only 'leaks' data on the
* initial call to RNG_Init(). So the only reason to call this is to clean
* up leak detection warnings on shutdown. In many cases we *don't* want
* to free up the global RNG context because the application has Finalized
* simply to swap profiles. We don't want to loose the entropy we've
* already collected.
*/
RNG_RNGShutdown();
#endif
pk11_CleanupFreeLists();
/* tell freeBL to clean up after itself */
BL_Cleanup();
nsc_init = PR_FALSE;
return CKR_OK;
}

11
security/nss/lib/softoken/pkcs11c.c
Просмотреть файл

@ -923,8 +923,11 @@ CK_RV NSC_DecryptFinal(CK_SESSION_HANDLE hSession,
if (rv == SECSuccess) {
unsigned int padSize =
(unsigned int) pLastPart[context->blockSize-1];
*pulLastPartLen = outlen - padSize;
if ((padSize > context->blockSize) || (padSize == 0)) {
rv = SECFailure;
} else {
*pulLastPartLen = outlen - padSize;
}
}
}
}
@ -3881,7 +3884,7 @@ pk11_DeriveSensitiveCheck(PK11Object *baseKey,PK11Object *destKey) {
hasSensitive = PR_FALSE;
att = pk11_FindAttribute(destKey,CKA_SENSITIVE);
if (att) {
hasSensitive = PR_FALSE;
hasSensitive = PR_TRUE;
sensitive = (PRBool) *(CK_BBOOL *)att->attrib.pValue;
pk11_FreeAttribute(att);
}
@ -3889,7 +3892,7 @@ pk11_DeriveSensitiveCheck(PK11Object *baseKey,PK11Object *destKey) {
hasExtractable = PR_FALSE;
att = pk11_FindAttribute(destKey,CKA_EXTRACTABLE);
if (att) {
hasExtractable = PR_FALSE;
hasExtractable = PR_TRUE;
extractable = (PRBool) *(CK_BBOOL *)att->attrib.pValue;
pk11_FreeAttribute(att);
}

13
security/nss/lib/softoken/pkcs11i.h
Просмотреть файл

@ -92,12 +92,25 @@
/* these are data base storage hashes, not cryptographic hashes.. The define
* the effective size of the various object hash tables */
#ifdef MOZ_CLIENT
/* clients care more about memory usage than lookup performance on
* cyrptographic objects. Clients also have less objects around to play with */
*
* we eventually should make this configurable at runtime! Especially now that
* NSS is a shared library.
*/
#define ATTRIBUTE_HASH_SIZE 32
#define SESSION_OBJECT_HASH_SIZE 16
#define TOKEN_OBJECT_HASH_SIZE 32
#define SESSION_HASH_SIZE 32
#else
#define ATTRIBUTE_HASH_SIZE 32
#define SESSION_OBJECT_HASH_SIZE 32
#define TOKEN_OBJECT_HASH_SIZE 1024
#define SESSION_HASH_SIZE 512
#define MAX_OBJECT_LIST_SIZE 800 /* how many objects to keep on the free list
* before we start freeing them */
#endif
#define MAX_KEY_LEN 256

39
security/nss/lib/softoken/pkcs11u.c
Просмотреть файл

@ -1662,8 +1662,7 @@ pk11_deleteTokenKeyByHandle(PK11Slot *slot, CK_OBJECT_HANDLE handle)
SECItem *item;
PRBool rem;
item = (SECItem *)PL_HashTableLookupConst(slot->tokenHashTable,
(void *)handle);
item = (SECItem *)PL_HashTableLookup(slot->tokenHashTable, (void *)handle);
if (item) {
SECITEM_FreeItem(item,PR_TRUE);
}
@ -1692,8 +1691,7 @@ pk11_addTokenKeyByHandle(PK11Slot *slot, CK_OBJECT_HANDLE handle, SECItem *key)
static SECItem *
pk11_lookupTokenKeyByHandle(PK11Slot *slot, CK_OBJECT_HANDLE handle)
{
return (SECItem *)PL_HashTableLookupConst(slot->tokenHashTable,
(void *)handle);
return (SECItem *)PL_HashTableLookup(slot->tokenHashTable, (void *)handle);
}
/*
@ -1764,6 +1762,39 @@ pk11_PutObjectToList(PK11SessionObject *object) {
PORT_Free(object);
}
static PK11Object *
pk11_freeObjectData(PK11Object *object) {
PK11Object *next = object->next;
PORT_Free(object);
return next;
}
void
pk11_CleanupFreeLists()
{
#ifdef MAX_OBJECT_LIST_SIZE
PK11Object *object;
if (!objectLock) {
return;
}
PK11_USE_THREADS(PZ_Lock(objectLock));
for (object= objectFreeList; object != NULL;
object = pk11_freeObjectData(object)) {
#ifdef PKCS11_USE_THREADS
PZ_DestroyLock(object->refLock);
PZ_DestroyLock(((PK11SessionObject *)object)->attributeLock);
#endif
}
object_count = 0;
objectFreeList = NULL;
PK11_USE_THREADS(PZ_Unlock(objectLock));
PZ_DestroyLock(objectLock);
objectLock = NULL;
#endif
}
/*
* Create a new object

4
security/nss/lib/softoken/softokn.rc
Просмотреть файл

@ -35,7 +35,11 @@
#include <winver.h>
#define MY_LIBNAME "softoken"
#ifdef MOZ_CLIENT
#define MY_FILEDESCRIPTION "NSS Builtin Crypto PKCS #11 Library for Clients"
#else
#define MY_FILEDESCRIPTION "NSS Builtin Crypto PKCS #11 Library"
#endif
#define STRINGIZE(x) #x
#define STRINGIZE2(x) STRINGIZE(x)