From a0e34baf270da321752250d31f88dc79931ce75d Mon Sep 17 00:00:00 2001 From: David Keeler Date: Tue, 23 Jan 2018 12:22:56 -0800 Subject: [PATCH] bug 1421084 - part 2/4 - remove nsNSSShutDownObject::isAlreadyShutDown() r=mt,ttaubert MozReview-Commit-ID: DlS16pHE0Ik --HG-- extra : rebase_source : d7596a3571478adefae4ffa5d446ff5234ba9ed7 --- dom/crypto/CryptoKey.cpp | 19 +-- dom/crypto/WebCryptoTask.cpp | 14 +- dom/media/webrtc/RTCCertificate.cpp | 11 +- dom/webauthn/U2FSoftTokenManager.cpp | 21 --- netwerk/base/BackgroundFileSaver.cpp | 42 ++---- .../manager/ssl/ContentSignatureVerifier.cpp | 15 -- security/manager/ssl/CryptoTask.cpp | 10 +- security/manager/ssl/PKCS11ModuleDB.cpp | 31 ----- .../manager/ssl/SSLServerCertVerification.cpp | 112 ++++++++------- security/manager/ssl/SecretDecoderRing.cpp | 50 ++----- .../manager/ssl/TransportSecurityInfo.cpp | 7 - security/manager/ssl/nsCryptoHash.cpp | 42 ------ .../manager/ssl/nsDataSignatureVerifier.cpp | 8 -- security/manager/ssl/nsKeyModule.cpp | 18 --- security/manager/ssl/nsKeygenHandler.cpp | 12 -- security/manager/ssl/nsNSSCallbacks.cpp | 14 -- security/manager/ssl/nsNSSCertHelper.cpp | 6 - security/manager/ssl/nsNSSCertValidity.cpp | 8 -- security/manager/ssl/nsNSSCertificate.cpp | 129 ------------------ security/manager/ssl/nsNSSCertificateDB.cpp | 78 ----------- security/manager/ssl/nsNSSComponent.cpp | 12 -- security/manager/ssl/nsNSSIOLayer.cpp | 17 --- security/manager/ssl/nsNSSShutDown.h | 2 - security/manager/ssl/nsPK11TokenDB.cpp | 64 --------- security/manager/ssl/nsPKCS11Slot.cpp | 44 ------ security/manager/ssl/nsPKCS12Blob.cpp | 4 - security/manager/ssl/nsRandomGenerator.cpp | 7 - security/manager/ssl/nsSSLStatus.cpp | 7 - .../component/IdentityCryptoService.cpp | 115 +++++++--------- 29 files changed, 131 insertions(+), 788 deletions(-) diff --git a/dom/crypto/CryptoKey.cpp b/dom/crypto/CryptoKey.cpp index 9d4cf51865de..95c0b68d7373 100644 --- a/dom/crypto/CryptoKey.cpp +++ b/dom/crypto/CryptoKey.cpp @@ -162,9 +162,6 @@ CryptoKey::CryptoKey(nsIGlobalObject* aGlobal) CryptoKey::~CryptoKey() { - if (isAlreadyShutDown()) { - return; - } destructorSafeDestroyNSSReference(); shutdown(ShutdownCalledFrom::Object); } @@ -452,7 +449,7 @@ nsresult CryptoKey::SetSymKey(const CryptoBuffer& aSymKey) nsresult CryptoKey::SetPrivateKey(SECKEYPrivateKey* aPrivateKey) { - if (!aPrivateKey || isAlreadyShutDown()) { + if (!aPrivateKey) { mPrivateKey = nullptr; return NS_OK; } @@ -464,7 +461,7 @@ CryptoKey::SetPrivateKey(SECKEYPrivateKey* aPrivateKey) nsresult CryptoKey::SetPublicKey(SECKEYPublicKey* aPublicKey) { - if (!aPublicKey || isAlreadyShutDown()) { + if (!aPublicKey) { mPublicKey = nullptr; return NS_OK; } @@ -482,7 +479,7 @@ CryptoKey::GetSymKey() const UniqueSECKEYPrivateKey CryptoKey::GetPrivateKey() const { - if (!mPrivateKey || isAlreadyShutDown()) { + if (!mPrivateKey) { return nullptr; } return UniqueSECKEYPrivateKey(SECKEY_CopyPrivateKey(mPrivateKey.get())); @@ -491,7 +488,7 @@ CryptoKey::GetPrivateKey() const UniqueSECKEYPublicKey CryptoKey::GetPublicKey() const { - if (!mPublicKey || isAlreadyShutDown()) { + if (!mPublicKey) { return nullptr; } return UniqueSECKEYPublicKey(SECKEY_CopyPublicKey(mPublicKey.get())); @@ -1234,10 +1231,6 @@ CryptoKey::PublicKeyValid(SECKEYPublicKey* aPubKey) bool CryptoKey::WriteStructuredClone(JSStructuredCloneWriter* aWriter) const { - if (isAlreadyShutDown()) { - return false; - } - // Write in five pieces // 1. Attributes // 2. Symmetric key as raw (if present) @@ -1268,10 +1261,6 @@ CryptoKey::WriteStructuredClone(JSStructuredCloneWriter* aWriter) const bool CryptoKey::ReadStructuredClone(JSStructuredCloneReader* aReader) { - if (isAlreadyShutDown()) { - return false; - } - // Ensure that NSS is initialized. if (!EnsureNSSInitializedChromeOrContent()) { return false; diff --git a/dom/crypto/WebCryptoTask.cpp b/dom/crypto/WebCryptoTask.cpp index 77afb1ff1d9e..60c34b7af1b1 100644 --- a/dom/crypto/WebCryptoTask.cpp +++ b/dom/crypto/WebCryptoTask.cpp @@ -405,11 +405,7 @@ WebCryptoTask::Run() { // Run heavy crypto operations on the thread pool, off the original thread. if (!IsOnOriginalThread()) { - if (isAlreadyShutDown()) { - mRv = NS_ERROR_NOT_AVAILABLE; - } else { - mRv = CalculateResult(); - } + mRv = CalculateResult(); // Back to the original thread, i.e. continue below. mOriginalEventTarget->Dispatch(this, NS_DISPATCH_NORMAL); @@ -460,10 +456,6 @@ WebCryptoTask::CalculateResult() { MOZ_ASSERT(!IsOnOriginalThread()); - if (isAlreadyShutDown()) { - return NS_ERROR_DOM_UNKNOWN_ERR; - } - return DoCrypto(); } @@ -3726,9 +3718,7 @@ WebCryptoTask::~WebCryptoTask() { MOZ_ASSERT(mReleasedNSSResources); - if (!isAlreadyShutDown()) { - shutdown(ShutdownCalledFrom::Object); - } + shutdown(ShutdownCalledFrom::Object); if (mWorkerHolder) { NS_ProxyRelease( diff --git a/dom/media/webrtc/RTCCertificate.cpp b/dom/media/webrtc/RTCCertificate.cpp index 02f009084612..59e7c64afad8 100644 --- a/dom/media/webrtc/RTCCertificate.cpp +++ b/dom/media/webrtc/RTCCertificate.cpp @@ -308,9 +308,6 @@ RTCCertificate::RTCCertificate(nsIGlobalObject* aGlobal, RTCCertificate::~RTCCertificate() { - if (isAlreadyShutDown()) { - return; - } destructorSafeDestroyNSSReference(); shutdown(ShutdownCalledFrom::Object); } @@ -329,7 +326,7 @@ RTCCertificate::~RTCCertificate() RefPtr RTCCertificate::CreateDtlsIdentity() const { - if (isAlreadyShutDown() || !mPrivateKey || !mCertificate) { + if (!mPrivateKey || !mCertificate) { return nullptr; } UniqueSECKEYPrivateKey key(SECKEY_CopyPrivateKey(mPrivateKey.get())); @@ -388,7 +385,7 @@ RTCCertificate::WriteCertificate(JSStructuredCloneWriter* aWriter) const bool RTCCertificate::WriteStructuredClone(JSStructuredCloneWriter* aWriter) const { - if (isAlreadyShutDown() || !mPrivateKey || !mCertificate) { + if (!mPrivateKey || !mCertificate) { return false; } @@ -432,10 +429,6 @@ RTCCertificate::ReadCertificate(JSStructuredCloneReader* aReader) bool RTCCertificate::ReadStructuredClone(JSStructuredCloneReader* aReader) { - if (isAlreadyShutDown()) { - return false; - } - uint32_t version, authType; if (!JS_ReadUint32Pair(aReader, &version, &authType) || version != RTCCERTIFICATE_SC_VERSION) { diff --git a/dom/webauthn/U2FSoftTokenManager.cpp b/dom/webauthn/U2FSoftTokenManager.cpp index 6a0e9bb91148..7444486a9783 100644 --- a/dom/webauthn/U2FSoftTokenManager.cpp +++ b/dom/webauthn/U2FSoftTokenManager.cpp @@ -70,11 +70,6 @@ U2FSoftTokenManager::U2FSoftTokenManager(uint32_t aCounter) U2FSoftTokenManager::~U2FSoftTokenManager() { - - if (isAlreadyShutDown()) { - return; - } - destructorSafeDestroyNSSReference(); shutdown(ShutdownCalledFrom::Object); } @@ -366,10 +361,6 @@ U2FSoftTokenManager::Init() return NS_OK; } - if (NS_WARN_IF(isAlreadyShutDown())) { - return NS_ERROR_NOT_AVAILABLE; - } - UniquePK11SlotInfo slot(PK11_GetInternalKeySlot()); MOZ_ASSERT(slot.get()); @@ -570,10 +561,6 @@ U2FSoftTokenManager::IsRegistered(const nsTArray& aKeyHandle, const nsTArray& aAppParam, bool& aResult) { - if (NS_WARN_IF(isAlreadyShutDown())) { - return NS_ERROR_FAILURE; - } - if (!mInitialized) { nsresult rv = Init(); if (NS_WARN_IF(NS_FAILED(rv))) { @@ -620,10 +607,6 @@ U2FSoftTokenManager::Register(const nsTArray& aCredent const nsTArray& aChallenge, uint32_t aTimeoutMS) { - if (NS_WARN_IF(isAlreadyShutDown())) { - return U2FRegisterPromise::CreateAndReject(NS_ERROR_NOT_AVAILABLE, __func__); - } - if (!mInitialized) { nsresult rv = Init(); if (NS_WARN_IF(NS_FAILED(rv))) { @@ -751,10 +734,6 @@ U2FSoftTokenManager::Sign(const nsTArray& aCredentials bool aRequireUserVerification, uint32_t aTimeoutMS) { - if (NS_WARN_IF(isAlreadyShutDown())) { - return U2FSignPromise::CreateAndReject(NS_ERROR_NOT_AVAILABLE, __func__); - } - // The U2F softtoken doesn't support user verification. if (aRequireUserVerification) { return U2FSignPromise::CreateAndReject(NS_ERROR_DOM_NOT_ALLOWED_ERR, __func__); diff --git a/netwerk/base/BackgroundFileSaver.cpp b/netwerk/base/BackgroundFileSaver.cpp index c1f02365fde2..4369d7e89254 100644 --- a/netwerk/base/BackgroundFileSaver.cpp +++ b/netwerk/base/BackgroundFileSaver.cpp @@ -118,9 +118,6 @@ BackgroundFileSaver::BackgroundFileSaver() BackgroundFileSaver::~BackgroundFileSaver() { LOG(("Destroying BackgroundFileSaver [this = %p]", this)); - if (isAlreadyShutDown()) { - return; - } destructorSafeDestroyNSSReference(); shutdown(ShutdownCalledFrom::Object); } @@ -552,11 +549,9 @@ BackgroundFileSaver::ProcessStateChange() // Create the digest context if requested and NSS hasn't been shut down. if (sha256Enabled && !mDigestContext) { - if (!isAlreadyShutDown()) { - mDigestContext = UniquePK11Context( - PK11_CreateDigestContext(SEC_OID_SHA256)); - NS_ENSURE_TRUE(mDigestContext, NS_ERROR_OUT_OF_MEMORY); - } + mDigestContext = UniquePK11Context( + PK11_CreateDigestContext(SEC_OID_SHA256)); + NS_ENSURE_TRUE(mDigestContext, NS_ERROR_OUT_OF_MEMORY); } // When we are requested to append to an existing file, we should read the @@ -580,10 +575,6 @@ BackgroundFileSaver::ProcessStateChange() break; } - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - nsresult rv = MapSECStatus( PK11_DigestOp(mDigestContext.get(), BitwiseCast(buffer), @@ -719,15 +710,13 @@ BackgroundFileSaver::CheckCompletion() // Finish computing the hash if (!failed && mDigestContext) { - if (!isAlreadyShutDown()) { - Digest d; - rv = d.End(SEC_OID_SHA256, mDigestContext); - if (NS_SUCCEEDED(rv)) { - MutexAutoLock lock(mLock); - mSha256 = - nsDependentCSubstring(BitwiseCast(d.get().data), - d.get().len); - } + Digest d; + rv = d.End(SEC_OID_SHA256, mDigestContext); + if (NS_SUCCEEDED(rv)) { + MutexAutoLock lock(mLock); + mSha256 = + nsDependentCSubstring(BitwiseCast(d.get().data), + d.get().len); } } @@ -810,10 +799,6 @@ nsresult BackgroundFileSaver::ExtractSignatureInfo(const nsAString& filePath) { MOZ_ASSERT(!NS_IsMainThread(), "Cannot extract signature on main thread"); - - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } { MutexAutoLock lock(mLock); if (!mSignatureInfoEnabled) { @@ -1212,9 +1197,6 @@ DigestOutputStream::DigestOutputStream(nsIOutputStream* aStream, DigestOutputStream::~DigestOutputStream() { - if (isAlreadyShutDown()) { - return; - } shutdown(ShutdownCalledFrom::Object); } @@ -1233,10 +1215,6 @@ DigestOutputStream::Flush() NS_IMETHODIMP DigestOutputStream::Write(const char* aBuf, uint32_t aCount, uint32_t* retval) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - nsresult rv = MapSECStatus( PK11_DigestOp(mDigestContext, BitwiseCast(aBuf), diff --git a/security/manager/ssl/ContentSignatureVerifier.cpp b/security/manager/ssl/ContentSignatureVerifier.cpp index b9631b70ee6b..6cd31726a1c7 100644 --- a/security/manager/ssl/ContentSignatureVerifier.cpp +++ b/security/manager/ssl/ContentSignatureVerifier.cpp @@ -44,9 +44,6 @@ const nsLiteralCString kPREFIX = NS_LITERAL_CSTRING("Content-Signature:\x00"); ContentSignatureVerifier::~ContentSignatureVerifier() { - if (isAlreadyShutDown()) { - return; - } destructorSafeDestroyNSSReference(); shutdown(ShutdownCalledFrom::Object); } @@ -146,10 +143,6 @@ ContentSignatureVerifier::CreateContextInternal(const nsACString& aData, const nsACString& aName) { MOZ_ASSERT(NS_IsMainThread()); - if (isAlreadyShutDown()) { - CSVerifier_LOG(("CSVerifier: nss is already shutdown\n")); - return NS_ERROR_FAILURE; - } UniqueCERTCertList certCertList(CERT_NewCertList()); if (!certCertList) { @@ -406,10 +399,6 @@ NS_IMETHODIMP ContentSignatureVerifier::Update(const nsACString& aData) { MOZ_ASSERT(NS_IsMainThread()); - if (isAlreadyShutDown()) { - CSVerifier_LOG(("CSVerifier: nss is already shutdown\n")); - return NS_ERROR_FAILURE; - } // If we didn't create the context yet, bail! if (!mHasCertChain) { @@ -430,10 +419,6 @@ ContentSignatureVerifier::End(bool* _retval) { NS_ENSURE_ARG(_retval); MOZ_ASSERT(NS_IsMainThread()); - if (isAlreadyShutDown()) { - CSVerifier_LOG(("CSVerifier: nss is already shutdown\n")); - return NS_ERROR_FAILURE; - } // If we didn't create the context yet, bail! if (!mHasCertChain) { diff --git a/security/manager/ssl/CryptoTask.cpp b/security/manager/ssl/CryptoTask.cpp index 1f5af71bdd53..18aa4011534b 100644 --- a/security/manager/ssl/CryptoTask.cpp +++ b/security/manager/ssl/CryptoTask.cpp @@ -13,9 +13,7 @@ CryptoTask::~CryptoTask() { MOZ_ASSERT(mReleasedNSSResources); - if (!isAlreadyShutDown()) { - shutdown(ShutdownCalledFrom::Object); - } + shutdown(ShutdownCalledFrom::Object); } nsresult @@ -45,11 +43,7 @@ NS_IMETHODIMP CryptoTask::Run() { if (!NS_IsMainThread()) { - if (isAlreadyShutDown()) { - mRv = NS_ERROR_NOT_AVAILABLE; - } else { - mRv = CalculateResult(); - } + mRv = CalculateResult(); NS_DispatchToMainThread(this); } else { // back on the main thread diff --git a/security/manager/ssl/PKCS11ModuleDB.cpp b/security/manager/ssl/PKCS11ModuleDB.cpp index 544d2ec24824..0b7606052179 100644 --- a/security/manager/ssl/PKCS11ModuleDB.cpp +++ b/security/manager/ssl/PKCS11ModuleDB.cpp @@ -25,9 +25,6 @@ PKCS11ModuleDB::PKCS11ModuleDB() PKCS11ModuleDB::~PKCS11ModuleDB() { - if (isAlreadyShutDown()) { - return; - } shutdown(ShutdownCalledFrom::Object); } @@ -35,10 +32,6 @@ PKCS11ModuleDB::~PKCS11ModuleDB() NS_IMETHODIMP PKCS11ModuleDB::DeleteModule(const nsAString& aModuleName) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - if (aModuleName.IsEmpty()) { return NS_ERROR_INVALID_ARG; } @@ -89,10 +82,6 @@ PKCS11ModuleDB::AddModule(const nsAString& aModuleName, int32_t aCryptoMechanismFlags, int32_t aCipherFlags) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - if (aModuleName.IsEmpty()) { return NS_ERROR_INVALID_ARG; } @@ -152,10 +141,6 @@ PKCS11ModuleDB::FindModuleByName(const nsACString& name, { NS_ENSURE_ARG_POINTER(_retval); - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - nsresult rv = BlockUntilLoadableRootsLoaded(); if (NS_FAILED(rv)) { return rv; @@ -176,10 +161,6 @@ PKCS11ModuleDB::ListModules(nsISimpleEnumerator** _retval) { NS_ENSURE_ARG_POINTER(_retval); - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - nsresult rv = BlockUntilLoadableRootsLoaded(); if (NS_FAILED(rv)) { return rv; @@ -219,10 +200,6 @@ PKCS11ModuleDB::GetCanToggleFIPS(bool* aCanToggleFIPS) { NS_ENSURE_ARG_POINTER(aCanToggleFIPS); - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - *aCanToggleFIPS = SECMOD_CanDeleteInternalModule(); return NS_OK; } @@ -231,10 +208,6 @@ PKCS11ModuleDB::GetCanToggleFIPS(bool* aCanToggleFIPS) NS_IMETHODIMP PKCS11ModuleDB::ToggleFIPSMode() { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - // The way to toggle FIPS mode in NSS is extremely obscure. Basically, we // delete the internal module, and it gets replaced with the opposite module // (i.e. if it was FIPS before, then it becomes non-FIPS next). @@ -262,10 +235,6 @@ PKCS11ModuleDB::GetIsFIPSEnabled(bool* aIsFIPSEnabled) { NS_ENSURE_ARG_POINTER(aIsFIPSEnabled); - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - *aIsFIPSEnabled = PK11_IsFIPS(); return NS_OK; } diff --git a/security/manager/ssl/SSLServerCertVerification.cpp b/security/manager/ssl/SSLServerCertVerification.cpp index 084f8aa02355..b75e2be6ba0f 100644 --- a/security/manager/ssl/SSLServerCertVerification.cpp +++ b/security/manager/ssl/SSLServerCertVerification.cpp @@ -1564,71 +1564,67 @@ SSLServerCertVerificationJob::Run() PRErrorCode error; - if (mInfoObject->isAlreadyShutDown()) { - error = SEC_ERROR_USER_CANCELLED; - } else { - Telemetry::HistogramID successTelemetry - = Telemetry::SSL_SUCCESFUL_CERT_VALIDATION_TIME_MOZILLAPKIX; - Telemetry::HistogramID failureTelemetry - = Telemetry::SSL_INITIAL_FAILED_CERT_VALIDATION_TIME_MOZILLAPKIX; + Telemetry::HistogramID successTelemetry + = Telemetry::SSL_SUCCESFUL_CERT_VALIDATION_TIME_MOZILLAPKIX; + Telemetry::HistogramID failureTelemetry + = Telemetry::SSL_INITIAL_FAILED_CERT_VALIDATION_TIME_MOZILLAPKIX; - // Reset the error code here so we can detect if AuthCertificate fails to - // set the error code if/when it fails. - PR_SetError(0, 0); - SECStatus rv = AuthCertificate(*mCertVerifier, mInfoObject, mCert, - mPeerCertChain, mStapledOCSPResponse.get(), - mSCTsFromTLSExtension.get(), - mProviderFlags, mTime); - MOZ_ASSERT(mPeerCertChain || rv != SECSuccess, - "AuthCertificate() should take ownership of chain on failure"); - if (rv == SECSuccess) { - uint32_t interval = (uint32_t) ((TimeStamp::Now() - mJobStartTime).ToMilliseconds()); - RefPtr restart( - new SSLServerCertVerificationResult(mInfoObject, 0, - successTelemetry, interval)); - restart->Dispatch(); - Telemetry::Accumulate(Telemetry::SSL_CERT_ERROR_OVERRIDES, 1); - return NS_OK; - } + // Reset the error code here so we can detect if AuthCertificate fails to + // set the error code if/when it fails. + PR_SetError(0, 0); + SECStatus rv = AuthCertificate(*mCertVerifier, mInfoObject, mCert, + mPeerCertChain, mStapledOCSPResponse.get(), + mSCTsFromTLSExtension.get(), + mProviderFlags, mTime); + MOZ_ASSERT(mPeerCertChain || rv != SECSuccess, + "AuthCertificate() should take ownership of chain on failure"); + if (rv == SECSuccess) { + uint32_t interval = (uint32_t) ((TimeStamp::Now() - mJobStartTime).ToMilliseconds()); + RefPtr restart( + new SSLServerCertVerificationResult(mInfoObject, 0, + successTelemetry, interval)); + restart->Dispatch(); + Telemetry::Accumulate(Telemetry::SSL_CERT_ERROR_OVERRIDES, 1); + return NS_OK; + } - // Note: the interval is not calculated once as PR_GetError MUST be called - // before any other function call - error = PR_GetError(); + // Note: the interval is not calculated once as PR_GetError MUST be called + // before any other function call + error = PR_GetError(); - TimeStamp now = TimeStamp::Now(); - Telemetry::AccumulateTimeDelta(failureTelemetry, mJobStartTime, now); + TimeStamp now = TimeStamp::Now(); + Telemetry::AccumulateTimeDelta(failureTelemetry, mJobStartTime, now); - if (error != 0) { - RefPtr runnable( - CreateCertErrorRunnable(*mCertVerifier, error, mInfoObject, mCert, - mFdForLogging, mProviderFlags, mPRTime)); - if (!runnable) { - // CreateCertErrorRunnable set a new error code - error = PR_GetError(); - } else { - // We must block the the socket transport service thread while the - // main thread executes the CertErrorRunnable. The CertErrorRunnable - // will dispatch the result asynchronously, so we don't have to block - // this thread waiting for it. + if (error != 0) { + RefPtr runnable( + CreateCertErrorRunnable(*mCertVerifier, error, mInfoObject, mCert, + mFdForLogging, mProviderFlags, mPRTime)); + if (!runnable) { + // CreateCertErrorRunnable set a new error code + error = PR_GetError(); + } else { + // We must block the the socket transport service thread while the + // main thread executes the CertErrorRunnable. The CertErrorRunnable + // will dispatch the result asynchronously, so we don't have to block + // this thread waiting for it. - MOZ_LOG(gPIPNSSLog, LogLevel::Debug, - ("[%p][%p] Before dispatching CertErrorRunnable\n", - mFdForLogging, runnable.get())); + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("[%p][%p] Before dispatching CertErrorRunnable\n", + mFdForLogging, runnable.get())); - nsresult nrv; - nsCOMPtr stsTarget - = do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID, &nrv); - if (NS_SUCCEEDED(nrv)) { - nrv = stsTarget->Dispatch(new CertErrorRunnableRunnable(runnable), - NS_DISPATCH_NORMAL); - } - if (NS_SUCCEEDED(nrv)) { - return NS_OK; - } - - NS_ERROR("Failed to dispatch CertErrorRunnable"); - error = PR_INVALID_STATE_ERROR; + nsresult nrv; + nsCOMPtr stsTarget + = do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID, &nrv); + if (NS_SUCCEEDED(nrv)) { + nrv = stsTarget->Dispatch(new CertErrorRunnableRunnable(runnable), + NS_DISPATCH_NORMAL); } + if (NS_SUCCEEDED(nrv)) { + return NS_OK; + } + + NS_ERROR("Failed to dispatch CertErrorRunnable"); + error = PR_INVALID_STATE_ERROR; } } diff --git a/security/manager/ssl/SecretDecoderRing.cpp b/security/manager/ssl/SecretDecoderRing.cpp index 26b2c6d3f202..ec78f37bdd3f 100644 --- a/security/manager/ssl/SecretDecoderRing.cpp +++ b/security/manager/ssl/SecretDecoderRing.cpp @@ -66,20 +66,12 @@ SecretDecoderRing::SecretDecoderRing() SecretDecoderRing::~SecretDecoderRing() { - if (isAlreadyShutDown()) { - return; - } - shutdown(ShutdownCalledFrom::Object); } nsresult SecretDecoderRing::Encrypt(const nsACString& data, /*out*/ nsACString& result) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - UniquePK11SlotInfo slot(PK11_GetInternalKeySlot()); if (!slot) { return NS_ERROR_NOT_AVAILABLE; @@ -116,10 +108,6 @@ SecretDecoderRing::Encrypt(const nsACString& data, /*out*/ nsACString& result) nsresult SecretDecoderRing::Decrypt(const nsACString& data, /*out*/ nsACString& result) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - /* Find token with SDR key */ UniquePK11SlotInfo slot(PK11_GetInternalKeySlot()); if (!slot) { @@ -228,10 +216,6 @@ SecretDecoderRing::DecryptString(const nsACString& encryptedBase64Text, NS_IMETHODIMP SecretDecoderRing::ChangePassword() { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - UniquePK11SlotInfo slot(PK11_GetInternalKeySlot()); if (!slot) { return NS_ERROR_NOT_AVAILABLE; @@ -255,22 +239,8 @@ SecretDecoderRing::ChangePassword() NS_IMETHODIMP SecretDecoderRing::Logout() { - static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID); - - nsresult rv; - nsCOMPtr nssComponent(do_GetService(kNSSComponentCID, &rv)); - if (NS_FAILED(rv)) - return rv; - - { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - - PK11_LogoutAll(); - SSL_ClearSessionCache(); - } - + PK11_LogoutAll(); + SSL_ClearSessionCache(); return NS_OK; } @@ -279,18 +249,13 @@ SecretDecoderRing::LogoutAndTeardown() { static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID); + PK11_LogoutAll(); + SSL_ClearSessionCache(); + nsresult rv; nsCOMPtr nssComponent(do_GetService(kNSSComponentCID, &rv)); - if (NS_FAILED(rv)) + if (NS_FAILED(rv)) { return rv; - - { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - - PK11_LogoutAll(); - SSL_ClearSessionCache(); } rv = nssComponent->LogoutAuthenticatedPK11(); @@ -299,8 +264,9 @@ SecretDecoderRing::LogoutAndTeardown() // sure that all connections that should be stopped, are stopped. See // bug 517584. nsCOMPtr os = mozilla::services::GetObserverService(); - if (os) + if (os) { os->NotifyObservers(nullptr, "net:prune-dead-connections", nullptr); + } return rv; } diff --git a/security/manager/ssl/TransportSecurityInfo.cpp b/security/manager/ssl/TransportSecurityInfo.cpp index c1d31e93aeb4..353938d7b427 100644 --- a/security/manager/ssl/TransportSecurityInfo.cpp +++ b/security/manager/ssl/TransportSecurityInfo.cpp @@ -50,9 +50,6 @@ TransportSecurityInfo::TransportSecurityInfo() TransportSecurityInfo::~TransportSecurityInfo() { - if (isAlreadyShutDown()) - return; - shutdown(ShutdownCalledFrom::Object); } @@ -1040,10 +1037,6 @@ TransportSecurityInfo::GetFailedCertChain(nsIX509CertList** _result) nsresult TransportSecurityInfo::SetFailedCertChain(UniqueCERTCertList certList) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - // nsNSSCertList takes ownership of certList mFailedCertChain = new nsNSSCertList(Move(certList)); diff --git a/security/manager/ssl/nsCryptoHash.cpp b/security/manager/ssl/nsCryptoHash.cpp index c97c985b6b00..2113281623bf 100644 --- a/security/manager/ssl/nsCryptoHash.cpp +++ b/security/manager/ssl/nsCryptoHash.cpp @@ -38,9 +38,6 @@ nsCryptoHash::nsCryptoHash() nsCryptoHash::~nsCryptoHash() { - if (isAlreadyShutDown()) { - return; - } destructorSafeDestroyNSSReference(); shutdown(ShutdownCalledFrom::Object); } @@ -62,10 +59,6 @@ NS_IMPL_ISUPPORTS(nsCryptoHash, nsICryptoHash) NS_IMETHODIMP nsCryptoHash::Init(uint32_t algorithm) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - HASH_HashType hashType; switch (algorithm) { case nsICryptoHash::MD2: @@ -134,10 +127,6 @@ nsCryptoHash::InitWithString(const nsACString & aAlgorithm) NS_IMETHODIMP nsCryptoHash::Update(const uint8_t *data, uint32_t len) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - if (!mInitialized) { return NS_ERROR_NOT_INITIALIZED; } @@ -149,10 +138,6 @@ nsCryptoHash::Update(const uint8_t *data, uint32_t len) NS_IMETHODIMP nsCryptoHash::UpdateFromStream(nsIInputStream *data, uint32_t aLen) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - if (!mInitialized) return NS_ERROR_NOT_INITIALIZED; @@ -205,10 +190,6 @@ nsCryptoHash::UpdateFromStream(nsIInputStream *data, uint32_t aLen) NS_IMETHODIMP nsCryptoHash::Finish(bool ascii, nsACString & _retval) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - if (!mInitialized) { return NS_ERROR_NOT_INITIALIZED; } @@ -241,9 +222,6 @@ nsCryptoHMAC::nsCryptoHMAC() nsCryptoHMAC::~nsCryptoHMAC() { - if (isAlreadyShutDown()) { - return; - } destructorSafeDestroyNSSReference(); shutdown(ShutdownCalledFrom::Object); } @@ -263,10 +241,6 @@ nsCryptoHMAC::destructorSafeDestroyNSSReference() NS_IMETHODIMP nsCryptoHMAC::Init(uint32_t aAlgorithm, nsIKeyObject *aKeyObject) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - if (mHMACContext) { mHMACContext = nullptr; } @@ -319,10 +293,6 @@ nsCryptoHMAC::Init(uint32_t aAlgorithm, nsIKeyObject *aKeyObject) NS_IMETHODIMP nsCryptoHMAC::Update(const uint8_t *aData, uint32_t aLen) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - if (!mHMACContext) return NS_ERROR_NOT_INITIALIZED; @@ -339,10 +309,6 @@ nsCryptoHMAC::Update(const uint8_t *aData, uint32_t aLen) NS_IMETHODIMP nsCryptoHMAC::UpdateFromStream(nsIInputStream *aStream, uint32_t aLen) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - if (!mHMACContext) return NS_ERROR_NOT_INITIALIZED; @@ -398,10 +364,6 @@ nsCryptoHMAC::UpdateFromStream(nsIInputStream *aStream, uint32_t aLen) NS_IMETHODIMP nsCryptoHMAC::Finish(bool aASCII, nsACString & _retval) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - if (!mHMACContext) return NS_ERROR_NOT_INITIALIZED; @@ -425,10 +387,6 @@ nsCryptoHMAC::Finish(bool aASCII, nsACString & _retval) NS_IMETHODIMP nsCryptoHMAC::Reset() { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - if (PK11_DigestBegin(mHMACContext.get()) != SECSuccess) { return NS_ERROR_FAILURE; } diff --git a/security/manager/ssl/nsDataSignatureVerifier.cpp b/security/manager/ssl/nsDataSignatureVerifier.cpp index 2ac8c4eb72d3..92a358cc6de6 100644 --- a/security/manager/ssl/nsDataSignatureVerifier.cpp +++ b/security/manager/ssl/nsDataSignatureVerifier.cpp @@ -31,10 +31,6 @@ const SEC_ASN1Template CERT_SignatureDataTemplate[] = nsDataSignatureVerifier::~nsDataSignatureVerifier() { - if (isAlreadyShutDown()) { - return; - } - shutdown(ShutdownCalledFrom::Object); } @@ -46,10 +42,6 @@ nsDataSignatureVerifier::VerifyData(const nsACString& aData, { NS_ENSURE_ARG_POINTER(_retval); - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - // Allocate an arena to handle the majority of the allocations UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); if (!arena) { diff --git a/security/manager/ssl/nsKeyModule.cpp b/security/manager/ssl/nsKeyModule.cpp index 0944c96f5487..412bffc8d779 100644 --- a/security/manager/ssl/nsKeyModule.cpp +++ b/security/manager/ssl/nsKeyModule.cpp @@ -19,9 +19,6 @@ nsKeyObject::nsKeyObject() nsKeyObject::~nsKeyObject() { - if (isAlreadyShutDown()) { - return; - } destructorSafeDestroyNSSReference(); shutdown(ShutdownCalledFrom::Object); } @@ -48,10 +45,6 @@ nsKeyObject::InitKey(int16_t aAlgorithm, PK11SymKey* aKey) return NS_ERROR_INVALID_ARG; } - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - mSymKey.reset(aKey); return NS_OK; } @@ -65,10 +58,6 @@ nsKeyObject::GetKeyObj(PK11SymKey** _retval) *_retval = nullptr; - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - if (!mSymKey) { return NS_ERROR_NOT_INITIALIZED; } @@ -98,9 +87,6 @@ nsKeyObjectFactory::nsKeyObjectFactory() nsKeyObjectFactory::~nsKeyObjectFactory() { - if (isAlreadyShutDown()) { - return; - } shutdown(ShutdownCalledFrom::Object); } @@ -112,10 +98,6 @@ nsKeyObjectFactory::KeyFromString(int16_t aAlgorithm, const nsACString& aKey, return NS_ERROR_INVALID_ARG; } - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - CK_MECHANISM_TYPE cipherMech = CKM_GENERIC_SECRET_KEY_GEN; CK_ATTRIBUTE_TYPE cipherOperation = CKA_SIGN; diff --git a/security/manager/ssl/nsKeygenHandler.cpp b/security/manager/ssl/nsKeygenHandler.cpp index 2cfaea128672..17092d20b3d2 100644 --- a/security/manager/ssl/nsKeygenHandler.cpp +++ b/security/manager/ssl/nsKeygenHandler.cpp @@ -222,10 +222,6 @@ nsKeygenFormProcessor::nsKeygenFormProcessor() nsKeygenFormProcessor::~nsKeygenFormProcessor() { - if (isAlreadyShutDown()) { - return; - } - shutdown(ShutdownCalledFrom::Object); } @@ -274,10 +270,6 @@ nsKeygenFormProcessor::Init() nsresult nsKeygenFormProcessor::GetSlot(uint32_t aMechanism, PK11SlotInfo** aSlot) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - return GetSlotWithMechanism(aMechanism, m_ctx, aSlot); } @@ -424,10 +416,6 @@ nsKeygenFormProcessor::GetPublicKey(const nsAString& aValue, nsAString& aOutPublicKey, const nsAString& aKeyParams) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - nsresult rv = NS_ERROR_FAILURE; nsAutoCString keystring; char *keyparamsString = nullptr; diff --git a/security/manager/ssl/nsNSSCallbacks.cpp b/security/manager/ssl/nsNSSCallbacks.cpp index 9fe700f90c8d..2f10e5716187 100644 --- a/security/manager/ssl/nsNSSCallbacks.cpp +++ b/security/manager/ssl/nsNSSCallbacks.cpp @@ -753,20 +753,12 @@ private: PK11PasswordPromptRunnable::~PK11PasswordPromptRunnable() { - if (isAlreadyShutDown()) { - return; - } - shutdown(ShutdownCalledFrom::Object); } void PK11PasswordPromptRunnable::RunOnTargetThread() { - if (isAlreadyShutDown()) { - return; - } - nsresult rv; nsCOMPtr prompt; if (!mIR) { @@ -998,12 +990,6 @@ CanFalseStartCallback(PRFileDesc* fd, void* client_data, PRBool *canFalseStart) infoObject->SetFalseStartCallbackCalled(); - if (infoObject->isAlreadyShutDown()) { - MOZ_CRASH("SSL socket used after NSS shut down"); - PR_SetError(PR_INVALID_STATE_ERROR, 0); - return SECFailure; - } - PreliminaryHandshakeDone(fd); uint32_t reasonsForNotFalseStarting = 0; diff --git a/security/manager/ssl/nsNSSCertHelper.cpp b/security/manager/ssl/nsNSSCertHelper.cpp index 9367b0c0b0ac..ee36da7752f1 100644 --- a/security/manager/ssl/nsNSSCertHelper.cpp +++ b/security/manager/ssl/nsNSSCertHelper.cpp @@ -1834,9 +1834,6 @@ RegisterDynamicOids() nsresult nsNSSCertificate::CreateTBSCertificateASN1Struct(nsIASN1Sequence** retSequence) { - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - if (RegisterDynamicOids() != SECSuccess) return NS_ERROR_FAILURE; @@ -1981,9 +1978,6 @@ nsNSSCertificate::CreateTBSCertificateASN1Struct(nsIASN1Sequence** retSequence) nsresult nsNSSCertificate::CreateASN1Struct(nsIASN1Object** aRetVal) { - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - nsCOMPtr sequence = new nsNSSASN1Sequence(); nsCOMPtr asn1Objects; diff --git a/security/manager/ssl/nsNSSCertValidity.cpp b/security/manager/ssl/nsNSSCertValidity.cpp index dea3fe0205d1..658d48c0b1e8 100644 --- a/security/manager/ssl/nsNSSCertValidity.cpp +++ b/security/manager/ssl/nsNSSCertValidity.cpp @@ -22,10 +22,6 @@ nsX509CertValidity::nsX509CertValidity(const mozilla::UniqueCERTCertificate& cer return; } - if (isAlreadyShutDown()) { - return; - } - if (CERT_GetCertTimes(cert.get(), &mNotBefore, &mNotAfter) == SECSuccess) { mTimesInitialized = true; } @@ -33,10 +29,6 @@ nsX509CertValidity::nsX509CertValidity(const mozilla::UniqueCERTCertificate& cer nsX509CertValidity::~nsX509CertValidity() { - if (isAlreadyShutDown()) { - return; - } - shutdown(ShutdownCalledFrom::Object); } diff --git a/security/manager/ssl/nsNSSCertificate.cpp b/security/manager/ssl/nsNSSCertificate.cpp index ab344432ec63..26ad75ca2b8a 100644 --- a/security/manager/ssl/nsNSSCertificate.cpp +++ b/security/manager/ssl/nsNSSCertificate.cpp @@ -90,9 +90,6 @@ nsNSSCertificate::ConstructFromDER(char* certDER, int derLen) bool nsNSSCertificate::InitFromDER(char* certDER, int derLen) { - if (isAlreadyShutDown()) - return false; - if (!certDER || !derLen) return false; @@ -115,9 +112,6 @@ nsNSSCertificate::nsNSSCertificate(CERTCertificate* cert) , mPermDelete(false) , mCertType(CERT_TYPE_NOT_YET_INITIALIZED) { - if (isAlreadyShutDown()) - return; - if (cert) { mCert.reset(CERT_DupCertificate(cert)); } @@ -132,9 +126,6 @@ nsNSSCertificate::nsNSSCertificate() nsNSSCertificate::~nsNSSCertificate() { - if (isAlreadyShutDown()) { - return; - } destructorSafeDestroyNSSReference(); shutdown(ShutdownCalledFrom::Object); } @@ -177,9 +168,6 @@ nsNSSCertificate::GetIsSelfSigned(bool* aIsSelfSigned) { NS_ENSURE_ARG(aIsSelfSigned); - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - *aIsSelfSigned = mCert->isRoot; return NS_OK; } @@ -189,9 +177,6 @@ nsNSSCertificate::GetIsBuiltInRoot(bool* aIsBuiltInRoot) { NS_ENSURE_ARG(aIsBuiltInRoot); - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } pkix::Result rv = IsCertBuiltInRoot(mCert.get(), *aIsBuiltInRoot); if (rv != pkix::Result::Success) { return NS_ERROR_FAILURE; @@ -202,9 +187,6 @@ nsNSSCertificate::GetIsBuiltInRoot(bool* aIsBuiltInRoot) nsresult nsNSSCertificate::MarkForPermDeletion() { - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - // make sure user is logged in to the token nsCOMPtr ctx = new PipUIContext(); @@ -303,9 +285,6 @@ nsNSSCertificate::GetKeyUsages(nsAString& text) NS_IMETHODIMP nsNSSCertificate::GetDbKey(nsACString& aDbKey) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } return GetDbKey(mCert, aDbKey); } @@ -343,10 +322,6 @@ nsNSSCertificate::GetDbKey(const UniqueCERTCertificate& cert, nsACString& aDbKey NS_IMETHODIMP nsNSSCertificate::GetDisplayName(nsAString& aDisplayName) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - aDisplayName.Truncate(); MOZ_ASSERT(mCert, "mCert should not be null in GetDisplayName"); @@ -411,9 +386,6 @@ nsNSSCertificate::GetDisplayName(nsAString& aDisplayName) NS_IMETHODIMP nsNSSCertificate::GetEmailAddress(nsAString& aEmailAddress) { - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - if (mCert->emailAddr) { CopyUTF8toUTF16(mCert->emailAddr, aEmailAddress); } else { @@ -430,9 +402,6 @@ nsNSSCertificate::GetEmailAddress(nsAString& aEmailAddress) NS_IMETHODIMP nsNSSCertificate::GetEmailAddresses(uint32_t* aLength, char16_t*** aAddresses) { - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - NS_ENSURE_ARG(aLength); NS_ENSURE_ARG(aAddresses); @@ -469,9 +438,6 @@ NS_IMETHODIMP nsNSSCertificate::ContainsEmailAddress(const nsAString& aEmailAddress, bool* result) { - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - NS_ENSURE_ARG(result); *result = false; @@ -502,9 +468,6 @@ nsNSSCertificate::ContainsEmailAddress(const nsAString& aEmailAddress, NS_IMETHODIMP nsNSSCertificate::GetCommonName(nsAString& aCommonName) { - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - aCommonName.Truncate(); if (mCert) { UniquePORTString commonName(CERT_GetCommonName(&mCert->subject)); @@ -518,9 +481,6 @@ nsNSSCertificate::GetCommonName(nsAString& aCommonName) NS_IMETHODIMP nsNSSCertificate::GetOrganization(nsAString& aOrganization) { - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - aOrganization.Truncate(); if (mCert) { UniquePORTString organization(CERT_GetOrgName(&mCert->subject)); @@ -534,9 +494,6 @@ nsNSSCertificate::GetOrganization(nsAString& aOrganization) NS_IMETHODIMP nsNSSCertificate::GetIssuerCommonName(nsAString& aCommonName) { - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - aCommonName.Truncate(); if (mCert) { UniquePORTString commonName(CERT_GetCommonName(&mCert->issuer)); @@ -550,9 +507,6 @@ nsNSSCertificate::GetIssuerCommonName(nsAString& aCommonName) NS_IMETHODIMP nsNSSCertificate::GetIssuerOrganization(nsAString& aOrganization) { - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - aOrganization.Truncate(); if (mCert) { UniquePORTString organization(CERT_GetOrgName(&mCert->issuer)); @@ -566,9 +520,6 @@ nsNSSCertificate::GetIssuerOrganization(nsAString& aOrganization) NS_IMETHODIMP nsNSSCertificate::GetIssuerOrganizationUnit(nsAString& aOrganizationUnit) { - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - aOrganizationUnit.Truncate(); if (mCert) { UniquePORTString organizationUnit(CERT_GetOrgUnitName(&mCert->issuer)); @@ -582,9 +533,6 @@ nsNSSCertificate::GetIssuerOrganizationUnit(nsAString& aOrganizationUnit) NS_IMETHODIMP nsNSSCertificate::GetIssuer(nsIX509Cert** aIssuer) { - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - NS_ENSURE_ARG(aIssuer); *aIssuer = nullptr; @@ -611,9 +559,6 @@ nsNSSCertificate::GetIssuer(nsIX509Cert** aIssuer) NS_IMETHODIMP nsNSSCertificate::GetOrganizationalUnit(nsAString& aOrganizationalUnit) { - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - aOrganizationalUnit.Truncate(); if (mCert) { UniquePORTString orgunit(CERT_GetOrgUnitName(&mCert->subject)); @@ -655,9 +600,6 @@ UniqueCERTCertListToMutableArray(/*in*/ UniqueCERTCertList& nssChain, NS_IMETHODIMP nsNSSCertificate::GetChain(nsIArray** _rvChain) { - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - NS_ENSURE_ARG(_rvChain); mozilla::pkix::Time now(mozilla::pkix::Now()); @@ -699,9 +641,6 @@ nsNSSCertificate::GetChain(nsIArray** _rvChain) NS_IMETHODIMP nsNSSCertificate::GetSubjectName(nsAString& _subjectName) { - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - _subjectName.Truncate(); if (mCert->subjectName) { _subjectName = NS_ConvertUTF8toUTF16(mCert->subjectName); @@ -712,9 +651,6 @@ nsNSSCertificate::GetSubjectName(nsAString& _subjectName) NS_IMETHODIMP nsNSSCertificate::GetIssuerName(nsAString& _issuerName) { - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - _issuerName.Truncate(); if (mCert->issuerName) { _issuerName = NS_ConvertUTF8toUTF16(mCert->issuerName); @@ -725,9 +661,6 @@ nsNSSCertificate::GetIssuerName(nsAString& _issuerName) NS_IMETHODIMP nsNSSCertificate::GetSerialNumber(nsAString& _serialNumber) { - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - _serialNumber.Truncate(); UniquePORTString tmpstr(CERT_Hexify(&mCert->serialNumber, 1)); if (tmpstr) { @@ -740,10 +673,6 @@ nsNSSCertificate::GetSerialNumber(nsAString& _serialNumber) nsresult nsNSSCertificate::GetCertificateHash(nsAString& aFingerprint, SECOidTag aHashAlg) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - aFingerprint.Truncate(); Digest digest; nsresult rv = digest.DigestBuf(aHashAlg, mCert->derCert.data, @@ -777,9 +706,6 @@ nsNSSCertificate::GetSha1Fingerprint(nsAString& _sha1Fingerprint) NS_IMETHODIMP nsNSSCertificate::GetTokenName(nsAString& aTokenName) { - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - aTokenName.Truncate(); if (mCert) { // HACK alert @@ -811,10 +737,6 @@ nsNSSCertificate::GetTokenName(nsAString& aTokenName) NS_IMETHODIMP nsNSSCertificate::GetSha256SubjectPublicKeyInfoDigest(nsACString& aSha256SPKIDigest) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - aSha256SPKIDigest.Truncate(); Digest digest; nsresult rv = digest.DigestBuf(SEC_OID_SHA256, mCert->derPublicKey.data, @@ -835,9 +757,6 @@ nsNSSCertificate::GetSha256SubjectPublicKeyInfoDigest(nsACString& aSha256SPKIDig NS_IMETHODIMP nsNSSCertificate::GetRawDER(uint32_t* aLength, uint8_t** aArray) { - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - if (mCert) { *aArray = (uint8_t*)moz_xmalloc(mCert->derCert.len); if (*aArray) { @@ -857,9 +776,6 @@ nsNSSCertificate::ExportAsCMS(uint32_t chainMode, NS_ENSURE_ARG(aLength); NS_ENSURE_ARG(aArray); - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - nsresult rv = BlockUntilLoadableRootsLoaded(); if (NS_FAILED(rv)) { return rv; @@ -982,18 +898,12 @@ nsNSSCertificate::ExportAsCMS(uint32_t chainMode, CERTCertificate* nsNSSCertificate::GetCert() { - if (isAlreadyShutDown()) - return nullptr; - return (mCert) ? CERT_DupCertificate(mCert.get()) : nullptr; } NS_IMETHODIMP nsNSSCertificate::GetValidity(nsIX509CertValidity** aValidity) { - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - NS_ENSURE_ARG(aValidity); if (!mCert) { @@ -1018,9 +928,6 @@ nsNSSCertificate::GetASN1Structure(nsIASN1Object** aASN1Structure) NS_IMETHODIMP nsNSSCertificate::Equals(nsIX509Cert* other, bool* result) { - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - NS_ENSURE_ARG(other); NS_ENSURE_ARG(result); @@ -1093,9 +1000,6 @@ nsNSSCertList::nsNSSCertList() nsNSSCertList::~nsNSSCertList() { - if (isAlreadyShutDown()) { - return; - } destructorSafeDestroyNSSReference(); shutdown(ShutdownCalledFrom::Object); } @@ -1119,9 +1023,6 @@ nsNSSCertList::GetCertList() NS_IMETHODIMP nsNSSCertList::AddCert(nsIX509Cert* aCert) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } // We need an owning handle when calling nsIX509Cert::GetCert(). UniqueCERTCertificate cert(aCert->GetCert()); if (!cert) { @@ -1172,19 +1073,12 @@ nsNSSCertList::DupCertList(const UniqueCERTCertList& certList) CERTCertList* nsNSSCertList::GetRawCertList() { - if (isAlreadyShutDown()) { - return nullptr; - } return mCertList.get(); } NS_IMETHODIMP nsNSSCertList::Write(nsIObjectOutputStream* aStream) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - NS_ENSURE_STATE(mCertList); nsresult rv = NS_OK; @@ -1224,10 +1118,6 @@ nsNSSCertList::Write(nsIObjectOutputStream* aStream) NS_IMETHODIMP nsNSSCertList::Read(nsIObjectInputStream* aStream) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - NS_ENSURE_STATE(mCertList); nsresult rv = NS_OK; @@ -1257,10 +1147,6 @@ nsNSSCertList::Read(nsIObjectInputStream* aStream) NS_IMETHODIMP nsNSSCertList::GetEnumerator(nsISimpleEnumerator** _retval) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - if (!mCertList) { return NS_ERROR_FAILURE; } @@ -1275,10 +1161,6 @@ nsNSSCertList::GetEnumerator(nsISimpleEnumerator** _retval) NS_IMETHODIMP nsNSSCertList::Equals(nsIX509CertList* other, bool* result) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - NS_ENSURE_ARG(result); *result = true; @@ -1433,9 +1315,6 @@ nsNSSCertListEnumerator::nsNSSCertListEnumerator( nsNSSCertListEnumerator::~nsNSSCertListEnumerator() { - if (isAlreadyShutDown()) { - return; - } destructorSafeDestroyNSSReference(); shutdown(ShutdownCalledFrom::Object); } @@ -1453,10 +1332,6 @@ void nsNSSCertListEnumerator::destructorSafeDestroyNSSReference() NS_IMETHODIMP nsNSSCertListEnumerator::HasMoreElements(bool* _retval) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - NS_ENSURE_TRUE(mCertList, NS_ERROR_FAILURE); *_retval = !CERT_LIST_EMPTY(mCertList); @@ -1466,10 +1341,6 @@ nsNSSCertListEnumerator::HasMoreElements(bool* _retval) NS_IMETHODIMP nsNSSCertListEnumerator::GetNext(nsISupports** _retval) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - NS_ENSURE_TRUE(mCertList, NS_ERROR_FAILURE); CERTCertListNode* node = CERT_LIST_HEAD(mCertList); diff --git a/security/manager/ssl/nsNSSCertificateDB.cpp b/security/manager/ssl/nsNSSCertificateDB.cpp index b43135b70267..68e6139a5047 100644 --- a/security/manager/ssl/nsNSSCertificateDB.cpp +++ b/security/manager/ssl/nsNSSCertificateDB.cpp @@ -59,10 +59,6 @@ NS_IMPL_ISUPPORTS(nsNSSCertificateDB, nsIX509CertDB) nsNSSCertificateDB::~nsNSSCertificateDB() { - if (isAlreadyShutDown()) { - return; - } - shutdown(ShutdownCalledFrom::Object); } @@ -77,10 +73,6 @@ nsNSSCertificateDB::FindCertByDBKey(const nsACString& aDBKey, return NS_ERROR_INVALID_ARG; } - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - nsresult rv = BlockUntilLoadableRootsLoaded(); if (NS_FAILED(rv)) { return rv; @@ -433,10 +425,6 @@ nsNSSCertificateDB::ImportCertificates(uint8_t* data, uint32_t length, uint32_t type, nsIInterfaceRequestor* ctx) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - // We currently only handle CA certificates. if (type != nsIX509Cert::CA_CERT) { return NS_ERROR_FAILURE; @@ -540,10 +528,6 @@ NS_IMETHODIMP nsNSSCertificateDB::ImportEmailCertificate(uint8_t* data, uint32_t length, nsIInterfaceRequestor* ctx) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); if (!arena) { return NS_ERROR_OUT_OF_MEMORY; @@ -629,10 +613,6 @@ nsNSSCertificateDB::ImportUserCertificate(uint8_t* data, uint32_t length, return NS_ERROR_NOT_SAME_THREAD; } - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); if (!arena) { return NS_ERROR_OUT_OF_MEMORY; @@ -698,9 +678,6 @@ NS_IMETHODIMP nsNSSCertificateDB::DeleteCertificate(nsIX509Cert *aCert) { NS_ENSURE_ARG_POINTER(aCert); - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } UniqueCERTCertificate cert(aCert->GetCert()); if (!cert) { return NS_ERROR_FAILURE; @@ -743,10 +720,6 @@ nsNSSCertificateDB::SetCertTrust(nsIX509Cert *cert, uint32_t trusted) { NS_ENSURE_ARG_POINTER(cert); - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - nsNSSCertTrust trust; switch (type) { case nsIX509Cert::CA_CERT: @@ -783,10 +756,6 @@ nsNSSCertificateDB::IsCertTrusted(nsIX509Cert *cert, NS_ENSURE_ARG_POINTER(_isTrusted); *_isTrusted = false; - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - nsresult rv = BlockUntilLoadableRootsLoaded(); if (NS_FAILED(rv)) { return rv; @@ -832,10 +801,6 @@ nsNSSCertificateDB::IsCertTrusted(nsIX509Cert *cert, NS_IMETHODIMP nsNSSCertificateDB::ImportCertsFromFile(nsIFile* aFile, uint32_t aType) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - NS_ENSURE_ARG(aFile); switch (aType) { case nsIX509Cert::CA_CERT: @@ -891,9 +856,6 @@ nsNSSCertificateDB::ImportPKCS12File(nsIFile* aFile) if (!NS_IsMainThread()) { return NS_ERROR_NOT_SAME_THREAD; } - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } nsresult rv = BlockUntilLoadableRootsLoaded(); if (NS_FAILED(rv)) { return rv; @@ -919,9 +881,6 @@ nsNSSCertificateDB::ExportPKCS12File(nsIFile* aFile, uint32_t count, if (!NS_IsMainThread()) { return NS_ERROR_NOT_SAME_THREAD; } - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } nsresult rv = BlockUntilLoadableRootsLoaded(); if (NS_FAILED(rv)) { return rv; @@ -939,10 +898,6 @@ NS_IMETHODIMP nsNSSCertificateDB::FindCertByEmailAddress(const nsACString& aEmailAddress, nsIX509Cert** _retval) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - nsresult rv = BlockUntilLoadableRootsLoaded(); if (NS_FAILED(rv)) { return rv; @@ -999,9 +954,6 @@ NS_IMETHODIMP nsNSSCertificateDB::ConstructX509FromBase64(const nsACString& base64, /*out*/ nsIX509Cert** _retval) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } if (!_retval) { return NS_ERROR_INVALID_POINTER; } @@ -1026,9 +978,6 @@ NS_IMETHODIMP nsNSSCertificateDB::ConstructX509(const nsACString& certDER, nsIX509Cert** _retval) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } if (NS_WARN_IF(!_retval)) { return NS_ERROR_INVALID_POINTER; } @@ -1169,10 +1118,6 @@ nsNSSCertificateDB::AddCertFromBase64(const nsACString& aBase64, } *addedCertificate = nullptr; - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - nsNSSCertTrust trust; if (CERT_DecodeTrustString(&trust.GetTrust(), PromiseFlatCString(aTrust).get()) != SECSuccess) { @@ -1253,10 +1198,6 @@ nsNSSCertificateDB::SetCertTrustFromString(nsIX509Cert* cert, NS_IMETHODIMP nsNSSCertificateDB::GetCerts(nsIX509CertList **_retval) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - nsresult rv = BlockUntilLoadableRootsLoaded(); if (NS_FAILED(rv)) { return rv; @@ -1289,10 +1230,6 @@ nsNSSCertificateDB::GetEnterpriseRoots(nsIX509CertList** enterpriseRoots) NS_ENSURE_ARG_POINTER(enterpriseRoots); - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - #ifdef XP_WIN nsCOMPtr psm(do_GetService(PSM_COMPONENT_CONTRACTID)); if (!psm) { @@ -1384,10 +1321,6 @@ nsNSSCertificateDB::VerifyCertNow(nsIX509Cert* aCert, bool* aHasEVPolicy, int32_t* /*PRErrorCode*/ _retval) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - return ::VerifyCertAtTime(aCert, aUsage, aFlags, aHostname, mozilla::pkix::Now(), aVerifiedChain, aHasEVPolicy, _retval); @@ -1403,10 +1336,6 @@ nsNSSCertificateDB::VerifyCertAtTime(nsIX509Cert* aCert, bool* aHasEVPolicy, int32_t* /*PRErrorCode*/ _retval) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - return ::VerifyCertAtTime(aCert, aUsage, aFlags, aHostname, mozilla::pkix::TimeFromEpochInSeconds(aTime), aVerifiedChain, aHasEVPolicy, _retval); @@ -1476,9 +1405,6 @@ nsNSSCertificateDB::AsyncVerifyCertAtTime(nsIX509Cert* aCert, uint64_t aTime, nsICertVerificationCallback* aCallback) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } RefPtr task(new VerifyCertAtTimeTask(aCert, aUsage, aFlags, aHostname, aTime, aCallback)); @@ -1488,10 +1414,6 @@ nsNSSCertificateDB::AsyncVerifyCertAtTime(nsIX509Cert* aCert, NS_IMETHODIMP nsNSSCertificateDB::ClearOCSPCache() { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - RefPtr certVerifier(GetDefaultCertVerifier()); NS_ENSURE_TRUE(certVerifier, NS_ERROR_FAILURE); certVerifier->ClearOCSPCache(); diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp index efe4fe15f81e..9e4e64f33028 100644 --- a/security/manager/ssl/nsNSSComponent.cpp +++ b/security/manager/ssl/nsNSSComponent.cpp @@ -822,11 +822,6 @@ nsNSSComponent::GetEnterpriseRoots(nsIX509CertList** enterpriseRoots) } NS_ENSURE_ARG_POINTER(enterpriseRoots); - // nsNSSComponent isn't a nsNSSShutDownObject, so we can't check - // isAlreadyShutDown(). However, since mEnterpriseRoots is cleared when NSS - // shuts down, we can use that as a proxy for checking for NSS shutdown. - // (Of course, it may also be the case that no enterprise roots were imported, - // so we should just return a null list and NS_OK in this case.) if (!mEnterpriseRoots) { *enterpriseRoots = nullptr; return NS_OK; @@ -1003,9 +998,6 @@ private: LoadLoadableRootsTask::~LoadLoadableRootsTask() { - if (isAlreadyShutDown()) { - return; - } shutdown(ShutdownCalledFrom::Object); } @@ -1027,10 +1019,6 @@ LoadLoadableRootsTask::Dispatch() NS_IMETHODIMP LoadLoadableRootsTask::Run() { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - nsresult rv = LoadLoadableRoots(); if (NS_FAILED(rv)) { MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("LoadLoadableRoots failed")); diff --git a/security/manager/ssl/nsNSSIOLayer.cpp b/security/manager/ssl/nsNSSIOLayer.cpp index a95d1aecede5..dcabd9d40497 100644 --- a/security/manager/ssl/nsNSSIOLayer.cpp +++ b/security/manager/ssl/nsNSSIOLayer.cpp @@ -358,10 +358,6 @@ nsNSSSocketInfo::GetAlpnEarlySelection(nsACString& aAlpnSelected) { aAlpnSelected.Truncate(); - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - SSLPreliminaryChannelInfo info; SECStatus rv = SSL_GetPreliminaryChannelInfo(mFd, &info, sizeof(info)); if (rv != SECSuccess || !info.canSendEarlyData) { @@ -402,9 +398,6 @@ nsNSSSocketInfo::SetEarlyDataAccepted(bool aAccepted) NS_IMETHODIMP nsNSSSocketInfo::DriveHandshake() { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } if (!mFd) { return NS_ERROR_FAILURE; } @@ -584,8 +577,6 @@ nsNSSSocketInfo::StartTLS() NS_IMETHODIMP nsNSSSocketInfo::SetNPNList(nsTArray& protocolArray) { - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; if (!mFd) return NS_ERROR_FAILURE; @@ -613,9 +604,6 @@ nsNSSSocketInfo::SetNPNList(nsTArray& protocolArray) nsresult nsNSSSocketInfo::ActivateSSL() { - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - if (SECSuccess != SSL_OptionSet(mFd, SSL_SECURITY, true)) return NS_ERROR_FAILURE; if (SECSuccess != SSL_ResetHandshake(mFd, false)) @@ -757,11 +745,6 @@ getSocketInfoIfRunning(PRFileDesc* fd, Operation op) nsNSSSocketInfo* socketInfo = (nsNSSSocketInfo*) fd->secret; - if (socketInfo->isAlreadyShutDown()) { - PR_SetError(PR_SOCKET_SHUTDOWN_ERROR, 0); - return nullptr; - } - if (socketInfo->GetErrorCode()) { PRErrorCode err = socketInfo->GetErrorCode(); PR_SetError(err, 0); diff --git a/security/manager/ssl/nsNSSShutDown.h b/security/manager/ssl/nsNSSShutDown.h index d908113b2acf..9f472e495384 100644 --- a/security/manager/ssl/nsNSSShutDown.h +++ b/security/manager/ssl/nsNSSShutDown.h @@ -24,8 +24,6 @@ public: void shutdown(ShutdownCalledFrom) {} - bool isAlreadyShutDown() const { return false; } - protected: virtual void virtualDestroyNSSReference() = 0; }; diff --git a/security/manager/ssl/nsPK11TokenDB.cpp b/security/manager/ssl/nsPK11TokenDB.cpp index 9d8d8d952dac..7b2896c2068b 100644 --- a/security/manager/ssl/nsPK11TokenDB.cpp +++ b/security/manager/ssl/nsPK11TokenDB.cpp @@ -26,10 +26,6 @@ nsPK11Token::nsPK11Token(PK11SlotInfo* slot) : mUIContext(new PipUIContext()) { MOZ_ASSERT(slot); - - if (isAlreadyShutDown()) - return; - mSlot.reset(PK11_ReferenceSlot(slot)); mSeries = PK11_GetSlotSeries(slot); @@ -84,9 +80,6 @@ nsPK11Token::refreshTokenInfo() nsPK11Token::~nsPK11Token() { - if (isAlreadyShutDown()) { - return; - } destructorSafeDestroyNSSReference(); shutdown(ShutdownCalledFrom::Object); } @@ -107,10 +100,6 @@ nsresult nsPK11Token::GetAttributeHelper(const nsACString& attribute, /*out*/ nsACString& xpcomOutParam) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - // Handle removals/insertions. if (PK11_GetSlotSeries(mSlot.get()) != mSeries) { nsresult rv = refreshTokenInfo(); @@ -163,21 +152,13 @@ NS_IMETHODIMP nsPK11Token::IsLoggedIn(bool* _retval) { NS_ENSURE_ARG_POINTER(_retval); - - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - *_retval = PK11_IsLoggedIn(mSlot.get(), 0); - return NS_OK; } NS_IMETHODIMP nsPK11Token::Login(bool force) { - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - nsresult rv; bool test; rv = this->NeedsLogin(&test); @@ -195,9 +176,6 @@ nsPK11Token::Login(bool force) NS_IMETHODIMP nsPK11Token::LogoutSimple() { - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - // PK11_Logout() can fail if the user wasn't logged in beforehand. We want // this method to succeed even in this case, so we ignore the return value. Unused << PK11_Logout(mSlot.get()); @@ -224,9 +202,6 @@ nsPK11Token::LogoutAndDropAuthenticatedResources() NS_IMETHODIMP nsPK11Token::Reset() { - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - return MapSECStatus(PK11_ResetToken(mSlot.get(), nullptr)); } @@ -234,10 +209,6 @@ NS_IMETHODIMP nsPK11Token::GetNeedsUserInit(bool* aNeedsUserInit) { NS_ENSURE_ARG_POINTER(aNeedsUserInit); - - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - *aNeedsUserInit = PK11_NeedUserInit(mSlot.get()); return NS_OK; } @@ -246,10 +217,6 @@ NS_IMETHODIMP nsPK11Token::CheckPassword(const nsACString& password, bool* _retval) { NS_ENSURE_ARG_POINTER(_retval); - - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - SECStatus srv = PK11_CheckUserPassword(mSlot.get(), PromiseFlatCString(password).get()); if (srv != SECSuccess) { @@ -268,10 +235,6 @@ nsPK11Token::CheckPassword(const nsACString& password, bool* _retval) NS_IMETHODIMP nsPK11Token::InitPassword(const nsACString& initialPassword) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - const nsCString& passwordCStr = PromiseFlatCString(initialPassword); // PSM initializes the sqlite-backed softoken with an empty password. The // implementation considers this not to be a password (GetHasPassword returns @@ -292,9 +255,6 @@ NS_IMETHODIMP nsPK11Token::ChangePassword(const nsACString& oldPassword, const nsACString& newPassword) { - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - // PK11_ChangePW() has different semantics for the empty string and for // nullptr. In order to support this difference, we need to check IsVoid() to // find out if our caller supplied null/undefined args or just empty strings. @@ -309,11 +269,6 @@ NS_IMETHODIMP nsPK11Token::GetHasPassword(bool* hasPassword) { NS_ENSURE_ARG_POINTER(hasPassword); - - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - // PK11_NeedLogin returns true if the token is currently configured to require // the user to log in (whether or not the user is actually logged in makes no // difference). @@ -325,12 +280,7 @@ NS_IMETHODIMP nsPK11Token::NeedsLogin(bool* _retval) { NS_ENSURE_ARG_POINTER(_retval); - - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - *_retval = PK11_NeedLogin(mSlot.get()); - return NS_OK; } @@ -344,10 +294,6 @@ nsPK11TokenDB::nsPK11TokenDB() nsPK11TokenDB::~nsPK11TokenDB() { - if (isAlreadyShutDown()) { - return; - } - shutdown(ShutdownCalledFrom::Object); } @@ -355,11 +301,6 @@ NS_IMETHODIMP nsPK11TokenDB::GetInternalKeyToken(nsIPK11Token** _retval) { NS_ENSURE_ARG_POINTER(_retval); - - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - UniquePK11SlotInfo slot(PK11_GetInternalKeySlot()); if (!slot) { return NS_ERROR_FAILURE; @@ -376,11 +317,6 @@ nsPK11TokenDB::FindTokenByName(const nsACString& tokenName, /*out*/ nsIPK11Token** _retval) { NS_ENSURE_ARG_POINTER(_retval); - - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - nsresult rv = BlockUntilLoadableRootsLoaded(); if (NS_FAILED(rv)) { return rv; diff --git a/security/manager/ssl/nsPKCS11Slot.cpp b/security/manager/ssl/nsPKCS11Slot.cpp index cca95502487b..dc9de9979788 100644 --- a/security/manager/ssl/nsPKCS11Slot.cpp +++ b/security/manager/ssl/nsPKCS11Slot.cpp @@ -26,10 +26,6 @@ NS_IMPL_ISUPPORTS(nsPKCS11Slot, nsIPKCS11Slot) nsPKCS11Slot::nsPKCS11Slot(PK11SlotInfo* slot) { MOZ_ASSERT(slot); - - if (isAlreadyShutDown()) - return; - mSlot.reset(PK11_ReferenceSlot(slot)); mSeries = PK11_GetSlotSeries(slot); Unused << refreshSlotInfo(); @@ -75,9 +71,6 @@ nsPKCS11Slot::refreshSlotInfo() nsPKCS11Slot::~nsPKCS11Slot() { - if (isAlreadyShutDown()) { - return; - } destructorSafeDestroyNSSReference(); shutdown(ShutdownCalledFrom::Object); } @@ -98,10 +91,6 @@ nsresult nsPKCS11Slot::GetAttributeHelper(const nsACString& attribute, /*out*/ nsACString& xpcomOutParam) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - if (PK11_GetSlotSeries(mSlot.get()) != mSeries) { nsresult rv = refreshSlotInfo(); if (NS_FAILED(rv)) { @@ -116,9 +105,6 @@ nsPKCS11Slot::GetAttributeHelper(const nsACString& attribute, NS_IMETHODIMP nsPKCS11Slot::GetName(/*out*/ nsACString& name) { - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - // |csn| is non-owning. char* csn = PK11_GetSlotName(mSlot.get()); if (csn && *csn) { @@ -164,10 +150,6 @@ NS_IMETHODIMP nsPKCS11Slot::GetToken(nsIPK11Token** _retval) { NS_ENSURE_ARG_POINTER(_retval); - - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - nsCOMPtr token = new nsPK11Token(mSlot.get()); token.forget(_retval); return NS_OK; @@ -176,9 +158,6 @@ nsPKCS11Slot::GetToken(nsIPK11Token** _retval) NS_IMETHODIMP nsPKCS11Slot::GetTokenName(/*out*/ nsACString& tokenName) { - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - if (!PK11_IsPresent(mSlot.get())) { tokenName.SetIsVoid(true); return NS_OK; @@ -199,10 +178,6 @@ NS_IMETHODIMP nsPKCS11Slot::GetStatus(uint32_t* _retval) { NS_ENSURE_ARG_POINTER(_retval); - - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - if (PK11_IsDisabled(mSlot.get())) { *_retval = SLOT_DISABLED; } else if (!PK11_IsPresent(mSlot.get())) { @@ -225,18 +200,11 @@ NS_IMPL_ISUPPORTS(nsPKCS11Module, nsIPKCS11Module) nsPKCS11Module::nsPKCS11Module(SECMODModule* module) { MOZ_ASSERT(module); - - if (isAlreadyShutDown()) - return; - mModule.reset(SECMOD_ReferenceModule(module)); } nsPKCS11Module::~nsPKCS11Module() { - if (isAlreadyShutDown()) { - return; - } destructorSafeDestroyNSSReference(); shutdown(ShutdownCalledFrom::Object); } @@ -256,9 +224,6 @@ nsPKCS11Module::destructorSafeDestroyNSSReference() NS_IMETHODIMP nsPKCS11Module::GetName(/*out*/ nsACString& name) { - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - name = mModule->commonName; return NS_OK; } @@ -266,9 +231,6 @@ nsPKCS11Module::GetName(/*out*/ nsACString& name) NS_IMETHODIMP nsPKCS11Module::GetLibName(/*out*/ nsACString& libName) { - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - if (mModule->dllName) { libName = mModule->dllName; } else { @@ -283,9 +245,6 @@ nsPKCS11Module::FindSlotByName(const nsACString& name, { NS_ENSURE_ARG_POINTER(_retval); - if (isAlreadyShutDown()) - return NS_ERROR_NOT_AVAILABLE; - const nsCString& flatName = PromiseFlatCString(name); MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Getting \"%s\"", flatName.get())); UniquePK11SlotInfo slotInfo; @@ -321,9 +280,6 @@ nsPKCS11Module::ListSlots(nsISimpleEnumerator** _retval) { NS_ENSURE_ARG_POINTER(_retval); - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } nsresult rv = CheckForSmartCardChanges(); if (NS_FAILED(rv)) { return rv; diff --git a/security/manager/ssl/nsPKCS12Blob.cpp b/security/manager/ssl/nsPKCS12Blob.cpp index 713c2dbdade2..fc570159a8aa 100644 --- a/security/manager/ssl/nsPKCS12Blob.cpp +++ b/security/manager/ssl/nsPKCS12Blob.cpp @@ -42,10 +42,6 @@ nsPKCS12Blob::nsPKCS12Blob() // destructor nsPKCS12Blob::~nsPKCS12Blob() { - if (isAlreadyShutDown()) { - return; - } - shutdown(ShutdownCalledFrom::Object); } diff --git a/security/manager/ssl/nsRandomGenerator.cpp b/security/manager/ssl/nsRandomGenerator.cpp index a117c23b497c..49f88f45fb5d 100644 --- a/security/manager/ssl/nsRandomGenerator.cpp +++ b/security/manager/ssl/nsRandomGenerator.cpp @@ -19,10 +19,6 @@ nsRandomGenerator::GenerateRandomBytes(uint32_t aLength, NS_ENSURE_ARG_POINTER(aBuffer); *aBuffer = nullptr; - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - mozilla::UniquePK11SlotInfo slot(PK11_GetInternalSlot()); if (!slot) { return NS_ERROR_FAILURE; @@ -46,8 +42,5 @@ nsRandomGenerator::GenerateRandomBytes(uint32_t aLength, nsRandomGenerator::~nsRandomGenerator() { - if (isAlreadyShutDown()) { - return; - } shutdown(ShutdownCalledFrom::Object); } diff --git a/security/manager/ssl/nsSSLStatus.cpp b/security/manager/ssl/nsSSLStatus.cpp index 26a37ad31b4b..75a17534414a 100644 --- a/security/manager/ssl/nsSSLStatus.cpp +++ b/security/manager/ssl/nsSSLStatus.cpp @@ -395,9 +395,6 @@ NS_IMPL_ISUPPORTS(nsSSLStatus, nsISSLStatus, nsISerializable, nsIClassInfo) nsSSLStatus::~nsSSLStatus() { - if (isAlreadyShutDown()) { - return; - } shutdown(ShutdownCalledFrom::Object); } @@ -414,10 +411,6 @@ nsSSLStatus::SetServerCert(nsNSSCertificate* aServerCert, EVStatus aEVStatus) nsresult nsSSLStatus::SetSucceededCertChain(UniqueCERTCertList aCertList) { - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - // nsNSSCertList takes ownership of certList mSucceededCertChain = new nsNSSCertList(Move(aCertList)); diff --git a/services/crypto/component/IdentityCryptoService.cpp b/services/crypto/component/IdentityCryptoService.cpp index 85f8acf6b5ba..477c415c928f 100644 --- a/services/crypto/component/IdentityCryptoService.cpp +++ b/services/crypto/component/IdentityCryptoService.cpp @@ -59,9 +59,6 @@ public: private: ~KeyPair() override { - if (isAlreadyShutDown()) { - return; - } destructorSafeDestroyNSSReference(); shutdown(ShutdownCalledFrom::Object); } @@ -100,9 +97,6 @@ public: private: ~KeyGenRunnable() override { - if (isAlreadyShutDown()) { - return; - } destructorSafeDestroyNSSReference(); shutdown(ShutdownCalledFrom::Object); } @@ -137,9 +131,6 @@ public: private: ~SignRunnable() override { - if (isAlreadyShutDown()) { - return; - } destructorSafeDestroyNSSReference(); shutdown(ShutdownCalledFrom::Object); } @@ -438,37 +429,33 @@ NS_IMETHODIMP KeyGenRunnable::Run() { if (!NS_IsMainThread()) { - if (isAlreadyShutDown()) { - mRv = NS_ERROR_NOT_AVAILABLE; + // We always want to use the internal slot for BrowserID; in particular, + // we want to avoid smartcard slots. + PK11SlotInfo *slot = PK11_GetInternalSlot(); + if (!slot) { + mRv = NS_ERROR_UNEXPECTED; } else { - // We always want to use the internal slot for BrowserID; in particular, - // we want to avoid smartcard slots. - PK11SlotInfo *slot = PK11_GetInternalSlot(); - if (!slot) { - mRv = NS_ERROR_UNEXPECTED; - } else { - SECKEYPrivateKey *privk = nullptr; - SECKEYPublicKey *pubk = nullptr; + SECKEYPrivateKey *privk = nullptr; + SECKEYPublicKey *pubk = nullptr; - switch (mKeyType) { - case rsaKey: - mRv = GenerateRSAKeyPair(slot, &privk, &pubk); - break; - case dsaKey: - mRv = GenerateDSAKeyPair(slot, &privk, &pubk); - break; - default: - MOZ_CRASH("unknown key type"); - } + switch (mKeyType) { + case rsaKey: + mRv = GenerateRSAKeyPair(slot, &privk, &pubk); + break; + case dsaKey: + mRv = GenerateDSAKeyPair(slot, &privk, &pubk); + break; + default: + MOZ_CRASH("unknown key type"); + } - PK11_FreeSlot(slot); + PK11_FreeSlot(slot); - if (NS_SUCCEEDED(mRv)) { - MOZ_ASSERT(privk); - MOZ_ASSERT(pubk); - // mKeyPair will take over ownership of privk and pubk - mKeyPair = new KeyPair(privk, pubk, mThread); - } + if (NS_SUCCEEDED(mRv)) { + MOZ_ASSERT(privk); + MOZ_ASSERT(pubk); + // mKeyPair will take over ownership of privk and pubk + mKeyPair = new KeyPair(privk, pubk, mThread); } } @@ -496,39 +483,35 @@ NS_IMETHODIMP SignRunnable::Run() { if (!NS_IsMainThread()) { - if (isAlreadyShutDown()) { - mRv = NS_ERROR_NOT_AVAILABLE; + // We need the output in PKCS#11 format, not DER encoding, so we must use + // PK11_HashBuf and PK11_Sign instead of SEC_SignData. + + SECItem sig = { siBuffer, nullptr, 0 }; + int sigLength = PK11_SignatureLen(mPrivateKey); + if (sigLength <= 0) { + mRv = mozilla::psm::GetXPCOMFromNSSError(PR_GetError()); + } else if (!SECITEM_AllocItem(nullptr, &sig, sigLength)) { + mRv = mozilla::psm::GetXPCOMFromNSSError(PR_GetError()); } else { - // We need the output in PKCS#11 format, not DER encoding, so we must use - // PK11_HashBuf and PK11_Sign instead of SEC_SignData. + uint8_t hash[32]; // big enough for SHA-1 or SHA-256 + SECOidTag hashAlg = mPrivateKey->keyType == dsaKey ? SEC_OID_SHA1 + : SEC_OID_SHA256; + SECItem hashItem = { siBuffer, hash, + hashAlg == SEC_OID_SHA1 ? 20u : 32u }; - SECItem sig = { siBuffer, nullptr, 0 }; - int sigLength = PK11_SignatureLen(mPrivateKey); - if (sigLength <= 0) { - mRv = mozilla::psm::GetXPCOMFromNSSError(PR_GetError()); - } else if (!SECITEM_AllocItem(nullptr, &sig, sigLength)) { - mRv = mozilla::psm::GetXPCOMFromNSSError(PR_GetError()); - } else { - uint8_t hash[32]; // big enough for SHA-1 or SHA-256 - SECOidTag hashAlg = mPrivateKey->keyType == dsaKey ? SEC_OID_SHA1 - : SEC_OID_SHA256; - SECItem hashItem = { siBuffer, hash, - hashAlg == SEC_OID_SHA1 ? 20u : 32u }; - - mRv = MapSECStatus(PK11_HashBuf(hashAlg, hash, - const_cast(reinterpret_cast( - mTextToSign.get())), - mTextToSign.Length())); - if (NS_SUCCEEDED(mRv)) { - mRv = MapSECStatus(PK11_Sign(mPrivateKey, &sig, &hashItem)); - } - if (NS_SUCCEEDED(mRv)) { - mRv = Base64URLEncode(sig.len, sig.data, - Base64URLEncodePaddingPolicy::Include, - mSignature); - } - SECITEM_FreeItem(&sig, false); + mRv = MapSECStatus(PK11_HashBuf(hashAlg, hash, + const_cast(reinterpret_cast( + mTextToSign.get())), + mTextToSign.Length())); + if (NS_SUCCEEDED(mRv)) { + mRv = MapSECStatus(PK11_Sign(mPrivateKey, &sig, &hashItem)); } + if (NS_SUCCEEDED(mRv)) { + mRv = Base64URLEncode(sig.len, sig.data, + Base64URLEncodePaddingPolicy::Include, + mSignature); + } + SECITEM_FreeItem(&sig, false); } NS_DispatchToMainThread(this);