зеркало из https://github.com/mozilla/pjs.git
1) fix crl memory.
2) remove several memory copies in the crl.
This commit is contained in:
relyea%netscape.com
Родитель
4865914fb2
Коммит
fc447dbc65
|
|
@ -70,9 +70,9 @@ nsslowcert_TraversePermCerts(NSSLOWCERTCertDBHandle *handle,
|
|||
PRBool
|
||||
nsslowcert_CertDBKeyConflict(SECItem *derCert, NSSLOWCERTCertDBHandle *handle);
|
||||
|
||||
SECItem *
|
||||
nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle, SECItem *crlKey,
|
||||
char **urlp, PRBool isKRL);
|
||||
certDBEntryRevocation *
|
||||
nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle,
|
||||
SECItem *crlKey, PRBool isKRL);
|
||||
|
||||
SECStatus
|
||||
nsslowcert_DeletePermCRL(NSSLOWCERTCertDBHandle *handle,SECItem *derName,
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@
|
|||
/*
|
||||
* Permanent Certificate database handling code
|
||||
*
|
||||
* $Id: pcertdb.c,v 1.28 2002-07-16 16:44:21 relyea%netscape.com Exp $
|
||||
* $Id: pcertdb.c,v 1.29 2002-08-21 00:09:22 relyea%netscape.com Exp $
|
||||
*/
|
||||
#include "prtime.h"
|
||||
|
||||
|
|
@ -250,7 +250,7 @@ certdb_Get(DB *db, DBT *key, DBT *data, unsigned int flags)
|
|||
|
||||
PORT_Assert(dbLock != NULL);
|
||||
PZ_Lock(dbLock);
|
||||
|
||||
|
||||
ret = (* db->get)(db, key, data, flags);
|
||||
|
||||
prstat = PZ_Unlock(dbLock);
|
||||
|
|
@ -262,7 +262,7 @@ static int
|
|||
certdb_Put(DB *db, DBT *key, DBT *data, unsigned int flags)
|
||||
{
|
||||
PRStatus prstat;
|
||||
int ret;
|
||||
int ret = 0;
|
||||
|
||||
PORT_Assert(dbLock != NULL);
|
||||
PZ_Lock(dbLock);
|
||||
|
|
@ -1368,7 +1368,7 @@ ReadDBCrlEntry(NSSLOWCERTCertDBHandle *handle, SECItem *certKey,
|
|||
goto loser;
|
||||
}
|
||||
|
||||
rv = ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, tmparena);
|
||||
rv = ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, NULL);
|
||||
if ( rv == SECFailure ) {
|
||||
goto loser;
|
||||
}
|
||||
|
|
@ -4784,9 +4784,9 @@ nsslowcert_DestroyCertificateNoLocking(NSSLOWCERTCertificate *cert)
|
|||
* Lookup a CRL in the databases. We mirror the same fast caching data base
|
||||
* caching stuff used by certificates....?
|
||||
*/
|
||||
SECItem *
|
||||
nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle, SECItem *crlKey,
|
||||
char **url, PRBool isKRL)
|
||||
certDBEntryRevocation *
|
||||
nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle,
|
||||
SECItem *crlKey, PRBool isKRL)
|
||||
{
|
||||
SECItem keyitem;
|
||||
DBT key;
|
||||
|
|
@ -4817,20 +4817,12 @@ nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle, SECItem *crlKey,
|
|||
goto loser;
|
||||
}
|
||||
|
||||
if (url && entry->url) {
|
||||
*url = PORT_Strdup(entry->url);
|
||||
}
|
||||
crl = SECITEM_DupItem(&entry->derCrl);
|
||||
|
||||
loser:
|
||||
if ( arena ) {
|
||||
PORT_FreeArena(arena, PR_FALSE);
|
||||
}
|
||||
if (entry) {
|
||||
DestroyDBEntry((certDBEntry *)entry);
|
||||
}
|
||||
|
||||
return(crl);
|
||||
return entry;
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
|||
|
|
@ -3602,12 +3602,13 @@ pk11_searchCrls(PK11Slot *slot, SECItem *derSubject, PRBool isKrl,
|
|||
return;
|
||||
}
|
||||
if (derSubject->data != NULL) {
|
||||
SECItem *crl =
|
||||
nsslowcert_FindCrlByKey(certHandle,derSubject,NULL,isKrl);
|
||||
certDBEntryRevocation *crl =
|
||||
nsslowcert_FindCrlByKey(certHandle, derSubject, isKrl);
|
||||
|
||||
if (crl != NULL) {
|
||||
pk11_addHandle(search, pk11_mkHandle(slot,derSubject,
|
||||
pk11_addHandle(search, pk11_mkHandle(slot, derSubject,
|
||||
isKrl ? PK11_TOKEN_KRL_HANDLE : PK11_TOKEN_TYPE_CRL));
|
||||
nsslowcert_DestroyDBEntry((certDBEntry *)crl);
|
||||
}
|
||||
} else {
|
||||
pk11CrlData crlData;
|
||||
|
|
|
|||
|
|
@ -344,50 +344,27 @@ pk11_getSMime(PK11TokenObject *object)
|
|||
return entry;
|
||||
}
|
||||
|
||||
static SECItem *
|
||||
static certDBEntryRevocation *
|
||||
pk11_getCrl(PK11TokenObject *object)
|
||||
{
|
||||
SECItem *crl;
|
||||
certDBEntryRevocation *crl;
|
||||
PRBool isKrl;
|
||||
|
||||
if (object->obj.objclass != CKO_NETSCAPE_CRL) {
|
||||
return NULL;
|
||||
}
|
||||
if (object->obj.objectInfo) {
|
||||
return (SECItem *)object->obj.objectInfo;
|
||||
return (certDBEntryRevocation *)object->obj.objectInfo;
|
||||
}
|
||||
|
||||
isKrl = (PRBool) object->obj.handle == PK11_TOKEN_KRL_HANDLE;
|
||||
crl = nsslowcert_FindCrlByKey(object->obj.slot->certDB,&object->dbKey,
|
||||
NULL,isKrl);
|
||||
crl = nsslowcert_FindCrlByKey(object->obj.slot->certDB,
|
||||
&object->dbKey, isKrl);
|
||||
object->obj.objectInfo = (void *)crl;
|
||||
object->obj.infoFree = (PK11Free) pk11_FreeItem;
|
||||
object->obj.infoFree = (PK11Free) nsslowcert_DestroyDBEntry;
|
||||
return crl;
|
||||
}
|
||||
|
||||
static char *
|
||||
pk11_getUrl(PK11TokenObject *object)
|
||||
{
|
||||
SECItem *crl;
|
||||
PRBool isKrl;
|
||||
char *url = NULL;
|
||||
|
||||
if (object->obj.objclass != CKO_NETSCAPE_CRL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
isKrl = (PRBool) object->obj.handle == PK11_TOKEN_KRL_HANDLE;
|
||||
crl = nsslowcert_FindCrlByKey(object->obj.slot->certDB,&object->dbKey,
|
||||
&url,isKrl);
|
||||
if (object->obj.objectInfo == NULL) {
|
||||
object->obj.objectInfo = (void *)crl;
|
||||
object->obj.infoFree = (PK11Free) pk11_FreeItem;
|
||||
} else {
|
||||
if (crl) SECITEM_FreeItem(crl,PR_TRUE);
|
||||
}
|
||||
return url;
|
||||
}
|
||||
|
||||
static NSSLOWCERTCertificate *
|
||||
pk11_getCert(PK11TokenObject *object)
|
||||
{
|
||||
|
|
@ -991,7 +968,7 @@ trust:
|
|||
static PK11Attribute *
|
||||
pk11_FindCrlAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type)
|
||||
{
|
||||
SECItem *crl;
|
||||
certDBEntryRevocation *crl;
|
||||
char *url;
|
||||
|
||||
switch (type) {
|
||||
|
|
@ -1001,19 +978,23 @@ pk11_FindCrlAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type)
|
|||
case CKA_NETSCAPE_KRL:
|
||||
return (PK11Attribute *) ((object->obj.handle == PK11_TOKEN_KRL_HANDLE)
|
||||
? &pk11_StaticTrueAttr : &pk11_StaticFalseAttr);
|
||||
case CKA_SUBJECT:
|
||||
return pk11_NewTokenAttribute(type,object->dbKey.data,
|
||||
object->dbKey.len, PR_FALSE);
|
||||
default:
|
||||
break;
|
||||
}
|
||||
crl = pk11_getCrl(object);
|
||||
switch (type) {
|
||||
case CKA_NETSCAPE_URL:
|
||||
url = pk11_getUrl(object);
|
||||
if (url == NULL) {
|
||||
return (PK11Attribute *) &pk11_StaticNullAttr;
|
||||
}
|
||||
return pk11_NewTokenAttribute(type, url, PORT_Strlen(url)+1, PR_TRUE);
|
||||
return pk11_NewTokenAttribute(type, crl->url,
|
||||
PORT_Strlen(crl->url)+1, PR_TRUE);
|
||||
case CKA_VALUE:
|
||||
crl = pk11_getCrl(object);
|
||||
if (crl == NULL) break;
|
||||
return pk11_NewTokenAttribute(type, crl->data, crl->len, PR_FALSE);
|
||||
case CKA_SUBJECT:
|
||||
return pk11_NewTokenAttribute(type,object->dbKey.data,
|
||||
object->dbKey.len, PR_FALSE);
|
||||
return pk11_NewTokenAttribute(type, crl->derCrl.data,
|
||||
crl->derCrl.len, PR_FALSE);
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче