Fix SDR race condition with a coarse lock. Does not address multiaccess DB
authorrelyea%netscape.com
Tue, 01 Oct 2002 00:23:46 +0000
changeset 3665 41b90994a5e6618df8979f1b1e82c96ff17278b7
parent 3664 37001b8193a6edcb98549a7e725e15ac49b701d4
child 3666 114ef6d37037d70a6c7607c332c58e83d5cdd1be
push idunknown
push userunknown
push dateunknown
bugs169296
Fix SDR race condition with a coarse lock. Does not address multiaccess DB races. Bug 169296.
security/nss/lib/pk11wrap/pk11init.h
security/nss/lib/pk11wrap/pk11sdr.c
--- a/security/nss/lib/pk11wrap/pk11init.h
+++ b/security/nss/lib/pk11wrap/pk11init.h
@@ -53,11 +53,12 @@ struct PK11PreSlotInfoStr {
 
 #define SECMOD_MAKE_NSS_FLAGS(fips,slot) \
 "Flags=internal,critical"fips" slotparams=("#slot"={"SECMOD_SLOT_FLAGS"})"
 
 #define SECMOD_INT_NAME "NSS Internal PKCS #11 Module"
 #define SECMOD_INT_FLAGS SECMOD_MAKE_NSS_FLAGS("",1)
 #define SECMOD_FIPS_NAME "NSS Internal FIPS PKCS #11 Module"
 #define SECMOD_FIPS_FLAGS SECMOD_MAKE_NSS_FLAGS(",fips",3)
-
+extern void PK11SDR_Init(void);
+extern void PK11SDR_Shutdown(void);
 
 #endif /* _PK11_INIT_H_ 1 */
--- a/security/nss/lib/pk11wrap/pk11sdr.c
+++ b/security/nss/lib/pk11wrap/pk11sdr.c
@@ -36,16 +36,17 @@
  */
 
 #include "seccomon.h"
 #include "secoid.h"
 #include "secasn1.h"
 #include "pkcs11.h"
 #include "pk11func.h"
 #include "pk11sdr.h"
+#include "pk11init.h"
 
 /*
  * Data structure and template for encoding the result of an SDR operation
  *  This is temporary.  It should include the algorithm ID of the encryption mechanism
  */
 struct SDRResult
 {
   SECItem keyid;
@@ -123,16 +124,33 @@ unpadBlock(SECItem *data, int blockSize,
   if (!result->data) { rv = SECFailure; goto loser; }
 
   PORT_Memcpy(result->data, data->data, result->len);
 
 loser:
   return rv;
 }
 
+static PRLock *pk11sdrLock = NULL;
+
+void
+pk11sdr_Init (void)
+{
+   pk11sdrLock = PR_NewLock();
+}
+
+void
+pk11sdr_Shutdown(void)
+{
+    if (pk11sdrLock) {
+	PR_DestroyLock(pk11sdrLock);
+	pk11sdrLock = NULL;
+    }
+}
+
 /*
  * PK11SDR_Encrypt
  *  Encrypt a block of data using the symmetric key identified.  The result
  *  is an ASN.1 (DER) encoded block of keyid, params and data.
  */
 SECStatus
 PK11SDR_Encrypt(SECItem *keyid, SECItem *data, SECItem *result, void *cx)
 {
@@ -173,21 +191,28 @@ PK11SDR_Encrypt(SECItem *keyid, SECItem 
   rv = PK11_Authenticate(slot, PR_TRUE, cx);
   if (rv != SECSuccess) goto loser;
 
   /* Find the key to use */
   pKeyID = keyid;
   if (pKeyID->len == 0) {
 	  pKeyID = &keyIDItem;  /* Use default value */
 
+	  /* put in a course lock to prevent a race between not finding the 
+	   * key and creating  one.
+	   */
+
+	  if (pk11sdrLock) PR_Lock(pk11sdrLock);
+
 	  /* Try to find the key */
 	  key = PK11_FindFixedKey(slot, type, pKeyID, cx);
 	  
 	  /* If the default key doesn't exist yet, try to create it */
 	  if (!key) key = PK11_GenDES3TokenKey(slot, pKeyID, cx);
+	  if (pk11sdrLock) PR_Unlock(pk11sdrLock);
   } else {
 	  key = PK11_FindFixedKey(slot, type, pKeyID, cx);
   }
 
   if (!key) { rv = SECFailure; goto loser; }
 
   params = PK11_GenerateNewParam(type, key);
   if (!params) { rv = SECFailure; goto loser; }