Bug 199082: checked in Nelson's patch, which

a) changes selfserv to test the return value from NSS_Shutdown. b) changes SECMOD_Shutdown to set the error code SEC_ERROR_BUSY before returning SECFailure. c) Adds a new function SSL_ShutdownServerSessionIDCache to ssl.h. d) Changes selfserv to call SSL_ShutdownServerSessionIDCache before calling NSS_Shutdown. Modified Files: cmd/selfserv/selfserv.c lib/pk11wrap/pk11util.c lib/ssl/ssl.def lib/ssl/ssl.h lib/ssl/ssl3con.c lib/ssl/sslimpl.h lib/ssl/sslsnce.c
2003-03-26 00:31:13 +00:00 · 2003-03-26 00:31:13 +00:00 · 5fa3007c43
--- a/security/nss/cmd/selfserv/selfserv.c
+++ b/security/nss/cmd/selfserv/selfserv.c
@ -1739,7 +1739,13 @@ main(int argc, char **argv)
    free(nickName);
    free(passwd);

-    NSS_Shutdown();
+    SSL_ShutdownServerSessionIDCache();
+
+    if (NSS_Shutdown() != SECSuccess) {
+	SECU_PrintError(progName, "NSS_Shutdown");
+	PR_Cleanup();
+	exit(1);
+    }
    PR_Cleanup();
    printf("selfserv: normal termination\n");
    return 0;
--- a/security/nss/lib/pk11wrap/pk11util.c
+++ b/security/nss/lib/pk11wrap/pk11util.c
@ -112,7 +112,11 @@ SECMOD_Shutdown() {
 	PORT_Assert(secmod_PrivateModuleCount == 0);
    }
 #endif
-    return (secmod_PrivateModuleCount == 0) ? SECSuccess : SECFailure;
+    if (secmod_PrivateModuleCount) {
+    	PORT_SetError(SEC_ERROR_BUSY);
+	return SECFailure;
+    }
+    return SECSuccess;
 }


--- a/security/nss/lib/ssl/ssl.def
+++ b/security/nss/lib/ssl/ssl.def
@ -115,3 +115,9 @@ SSL_SetMaxServerCacheLocks;
 ;+    local:
 ;+*;
 ;+};
+;+NSS_3.7.4 {       # NSS 3.7.4 release
+;+    global:
+SSL_ShutdownServerSessionIDCache;
+;+    local:
+;+*;
+;+};
--- a/security/nss/lib/ssl/ssl.h
+++ b/security/nss/lib/ssl/ssl.h
@ -32,7 +32,7 @@
 * may use your version of this file under either the MPL or the
 * GPL.
 *
- * $Id: ssl.h,v 1.15 2002-09-18 22:32:19 wtc%netscape.com Exp $
+ * $Id: ssl.h,v 1.16 2003-03-26 00:31:12 wtc%netscape.com Exp $
 */

 #ifndef __ssl_h_
@ -364,6 +364,11 @@ SSL_IMPORT SECItem *SSL_GetSessionID(PRFileDesc *fd);
 */
 SSL_IMPORT void SSL_ClearSessionCache(void);

+/*
+** Close the server's SSL session cache.
+*/
+SSL_IMPORT SECStatus SSL_ShutdownServerSessionIDCache(void);
+
 /*
 ** Set peer information so we can correctly look up SSL session later.
 ** You only have to do this if you're tunneling through a proxy.
--- a/security/nss/lib/ssl/ssl3con.c
+++ b/security/nss/lib/ssl/ssl3con.c
@ -37,7 +37,7 @@
 * may use your version of this file under either the MPL or the
 * GPL.
 *
- * $Id: ssl3con.c,v 1.51 2003-03-13 16:36:43 relyea%netscape.com Exp $
+ * $Id: ssl3con.c,v 1.52 2003-03-26 00:31:12 wtc%netscape.com Exp $
 */

 #include "nssrenam.h"
@ -3320,6 +3320,33 @@ typedef struct {
    PK11SymKey *      symWrapKey[kt_kea_size];
 } ssl3SymWrapKey;

+static PZLock *          symWrapKeysLock;
+static ssl3SymWrapKey    symWrapKeys[SSL_NUM_WRAP_MECHS];
+
+SECStatus
+SSL3_ShutdownServerCache(void)
+{
+    int             i, j;
+
+    if (!symWrapKeysLock)
+    	return SECSuccess;	/* was never initialized */
+    PZ_Lock(symWrapKeysLock);
+    /* get rid of all symWrapKeys */
+    for (i = 0; i < SSL_NUM_WRAP_MECHS; ++i) {
+    	for (j = 0; j < kt_kea_size; ++j) {
+	    PK11SymKey **   pSymWrapKey;
+	    pSymWrapKey = &symWrapKeys[i].symWrapKey[j];
+	    if (*pSymWrapKey) {
+		PK11_FreeSymKey(*pSymWrapKey);
+	    	*pSymWrapKey = NULL;
+	    }
+	}
+    }
+
+    PZ_Unlock(symWrapKeysLock);
+    return SECSuccess;
+}
+
 /* Try to get wrapping key for mechanism from in-memory array.
 * If that fails, look for one on disk.
 * If that fails, generate a new one, put the new one on disk,
@ -3344,9 +3371,6 @@ getWrappingKey( sslSocket *       ss,
    SECItem                  wrappedKey;
    SSLWrappedSymWrappingKey wswk;

-    static PZLock *          symWrapKeysLock;
-    static ssl3SymWrapKey    symWrapKeys[SSL_NUM_WRAP_MECHS];
-
    svrPrivKey  = ss->serverCerts[exchKeyType].serverKey;
    PORT_Assert(svrPrivKey != NULL);
    if (!svrPrivKey) {
--- a/security/nss/lib/ssl/sslimpl.h
+++ b/security/nss/lib/ssl/sslimpl.h
@ -38,7 +38,7 @@
 * may use your version of this file under either the MPL or the
 * GPL.
 *
- * $Id: sslimpl.h,v 1.30 2003-02-27 01:31:34 nelsonb%netscape.com Exp $
+ * $Id: sslimpl.h,v 1.31 2003-03-26 00:31:13 wtc%netscape.com Exp $
 */

 #ifndef __sslimpl_h_
@ -1261,6 +1261,9 @@ ssl_GetWrappingKey( PRInt32                   symWrapMechIndex,
 extern PRBool
 ssl_SetWrappingKey(SSLWrappedSymWrappingKey *wswk);

+/* get rid of the symmetric wrapping key references. */
+extern SECStatus SSL3_ShutdownServerCache(void);
+
 /********************** misc calls *********************/

 extern int ssl_MapLowLevelError(int hiLevelError);
--- a/security/nss/lib/ssl/sslsnce.c
+++ b/security/nss/lib/ssl/sslsnce.c
@ -32,7 +32,7 @@
 * may use your version of this file under either the MPL or the
 * GPL.
 *
- * $Id: sslsnce.c,v 1.23 2003-01-23 00:15:08 jpierre%netscape.com Exp $
+ * $Id: sslsnce.c,v 1.24 2003-03-26 00:31:13 wtc%netscape.com Exp $
 */

 /* Note: ssl_FreeSID() in sslnonce.c gets used for both client and server 
@ -1158,6 +1158,21 @@ SSL_ConfigServerSessionIDCache(	int      maxCacheEntries,
    		maxCacheEntries, ssl2_timeout, ssl3_timeout, directory, PR_FALSE);
 }

+SECStatus
+SSL_ShutdownServerSessionIDCacheInstance(cacheDesc *cache)
+{
+    /* if single process, close down, clean up.
+    ** if multi-process, TBD.
+    */
+}
+
+SECStatus
+SSL_ShutdownServerSessionIDCache(void)
+{
+    SSL3_ShutdownServerCache();
+    return SSL_ShutdownServerSessionIDCacheInstance(&globalCache);
+}
+
 /* Use this function, instead of SSL_ConfigServerSessionIDCache,
 * if the cache will be shared by multiple processes.
 */