зеркало из https://github.com/mozilla/gecko-dev.git
bug 162976: make crl update atomic. Set up new Crl with a new Object ID which is different from the old one.
This commit is contained in:
relyea%netscape.com
Родитель
a9f27f307f
Коммит
b47c2269f6
|
|
@ -998,7 +998,11 @@ pk11_handleCrlObject(PK11Session *session,PK11Object *object)
|
||||||
return CKR_DEVICE_ERROR;
|
return CKR_DEVICE_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
object->handle = pk11_mkHandle(slot,&derSubj,
|
/* if we overwrote the existing CRL, poison the handle entry so we get
|
||||||
|
* a new object handle */
|
||||||
|
(void) pk11_poisonHandle(slot, &derSubj,
|
||||||
|
isKRL ? PK11_TOKEN_KRL_HANDLE : PK11_TOKEN_TYPE_CRL);
|
||||||
|
object->handle = pk11_mkHandle(slot, &derSubj,
|
||||||
isKRL ? PK11_TOKEN_KRL_HANDLE : PK11_TOKEN_TYPE_CRL);
|
isKRL ? PK11_TOKEN_KRL_HANDLE : PK11_TOKEN_TYPE_CRL);
|
||||||
pk11_FreeAttribute(subject);
|
pk11_FreeAttribute(subject);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -661,6 +661,8 @@ PK11TokenObject * pk11_narrowToTokenObject(PK11Object *);
|
||||||
* token object utilities
|
* token object utilities
|
||||||
*/
|
*/
|
||||||
void pk11_addHandle(PK11SearchResults *search, CK_OBJECT_HANDLE handle);
|
void pk11_addHandle(PK11SearchResults *search, CK_OBJECT_HANDLE handle);
|
||||||
|
PRBool pk11_poisonHandle(PK11Slot *slot, SECItem *dbkey,
|
||||||
|
CK_OBJECT_HANDLE handle);
|
||||||
PRBool pk11_tokenMatch(PK11Slot *slot, SECItem *dbKey, CK_OBJECT_HANDLE class,
|
PRBool pk11_tokenMatch(PK11Slot *slot, SECItem *dbKey, CK_OBJECT_HANDLE class,
|
||||||
CK_ATTRIBUTE_PTR theTemplate,int count);
|
CK_ATTRIBUTE_PTR theTemplate,int count);
|
||||||
CK_OBJECT_HANDLE pk11_mkHandle(PK11Slot *slot,
|
CK_OBJECT_HANDLE pk11_mkHandle(PK11Slot *slot,
|
||||||
|
|
|
||||||
|
|
@ -2653,6 +2653,40 @@ pk11_mkHandle(PK11Slot *slot, SECItem *dbKey, CK_OBJECT_HANDLE class)
|
||||||
return handle;
|
return handle;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
PRBool
|
||||||
|
pk11_poisonHandle(PK11Slot *slot, SECItem *dbKey, CK_OBJECT_HANDLE class)
|
||||||
|
{
|
||||||
|
unsigned char hashBuf[4];
|
||||||
|
CK_OBJECT_HANDLE handle;
|
||||||
|
SECItem *key;
|
||||||
|
|
||||||
|
handle = class;
|
||||||
|
/* there is only one KRL, use a fixed handle for it */
|
||||||
|
if (handle != PK11_TOKEN_KRL_HANDLE) {
|
||||||
|
pk11_XORHash(hashBuf,dbKey->data,dbKey->len);
|
||||||
|
handle = (hashBuf[0] << 24) | (hashBuf[1] << 16) |
|
||||||
|
(hashBuf[2] << 8) | hashBuf[3];
|
||||||
|
handle = PK11_TOKEN_MAGIC | class |
|
||||||
|
(handle & ~(PK11_TOKEN_TYPE_MASK|PK11_TOKEN_MASK));
|
||||||
|
/* we have a CRL who's handle has randomly matched the reserved KRL
|
||||||
|
* handle, increment it */
|
||||||
|
if (handle == PK11_TOKEN_KRL_HANDLE) {
|
||||||
|
handle++;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
pk11_tokenKeyLock(slot);
|
||||||
|
while ((key = pk11_lookupTokenKeyByHandle(slot,handle)) != NULL) {
|
||||||
|
if (SECITEM_ItemsAreEqual(key,dbKey)) {
|
||||||
|
key->data[0] ^= 0x80;
|
||||||
|
pk11_tokenKeyUnlock(slot);
|
||||||
|
return PR_TRUE;
|
||||||
|
}
|
||||||
|
handle++;
|
||||||
|
}
|
||||||
|
pk11_tokenKeyUnlock(slot);
|
||||||
|
return PR_FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
pk11_addHandle(PK11SearchResults *search, CK_OBJECT_HANDLE handle)
|
pk11_addHandle(PK11SearchResults *search, CK_OBJECT_HANDLE handle)
|
||||||
{
|
{
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче