Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-08 19:04:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

bug 1421084 - part 2/4 - remove nsNSSShutDownObject::isAlreadyShutDown() r=mt,ttaubert

Browse Source 
MozReview-Commit-ID: DlS16pHE0Ik

--HG--
extra : rebase_source : d7596a3571478adefae4ffa5d446ff5234ba9ed7
This commit is contained in:
David Keeler 2018-01-23 12:22:56 -08:00
parent e8cc0ba1ce
commit a0e34baf27
29 changed files with 131 additions and 788 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
dom/crypto/CryptoKey.cpp
View File

@ -162,9 +162,6 @@ CryptoKey::CryptoKey(nsIGlobalObject* aGlobal)
CryptoKey::~CryptoKey()
{
if (isAlreadyShutDown()) {
return;
}
destructorSafeDestroyNSSReference();
shutdown(ShutdownCalledFrom::Object);
}
@ -452,7 +449,7 @@ nsresult CryptoKey::SetSymKey(const CryptoBuffer& aSymKey)
nsresult
CryptoKey::SetPrivateKey(SECKEYPrivateKey* aPrivateKey)
{
if (!aPrivateKey || isAlreadyShutDown()) {
if (!aPrivateKey) {
mPrivateKey = nullptr;
return NS_OK;
}
@ -464,7 +461,7 @@ CryptoKey::SetPrivateKey(SECKEYPrivateKey* aPrivateKey)
nsresult
CryptoKey::SetPublicKey(SECKEYPublicKey* aPublicKey)
{
if (!aPublicKey || isAlreadyShutDown()) {
if (!aPublicKey) {
mPublicKey = nullptr;
return NS_OK;
}
@ -482,7 +479,7 @@ CryptoKey::GetSymKey() const
UniqueSECKEYPrivateKey
CryptoKey::GetPrivateKey() const
{
if (!mPrivateKey || isAlreadyShutDown()) {
if (!mPrivateKey) {
return nullptr;
}
return UniqueSECKEYPrivateKey(SECKEY_CopyPrivateKey(mPrivateKey.get()));
@ -491,7 +488,7 @@ CryptoKey::GetPrivateKey() const
UniqueSECKEYPublicKey
CryptoKey::GetPublicKey() const
{
if (!mPublicKey || isAlreadyShutDown()) {
if (!mPublicKey) {
return nullptr;
}
return UniqueSECKEYPublicKey(SECKEY_CopyPublicKey(mPublicKey.get()));
@ -1234,10 +1231,6 @@ CryptoKey::PublicKeyValid(SECKEYPublicKey* aPubKey)
bool
CryptoKey::WriteStructuredClone(JSStructuredCloneWriter* aWriter) const
{
if (isAlreadyShutDown()) {
return false;
}
// Write in five pieces
// 1. Attributes
// 2. Symmetric key as raw (if present)
@ -1268,10 +1261,6 @@ CryptoKey::WriteStructuredClone(JSStructuredCloneWriter* aWriter) const
bool
CryptoKey::ReadStructuredClone(JSStructuredCloneReader* aReader)
{
if (isAlreadyShutDown()) {
return false;
}
// Ensure that NSS is initialized.
if (!EnsureNSSInitializedChromeOrContent()) {
return false;

14
dom/crypto/WebCryptoTask.cpp
View File

@ -405,11 +405,7 @@ WebCryptoTask::Run()
{
// Run heavy crypto operations on the thread pool, off the original thread.
if (!IsOnOriginalThread()) {
if (isAlreadyShutDown()) {
mRv = NS_ERROR_NOT_AVAILABLE;
} else {
mRv = CalculateResult();
}
mRv = CalculateResult();
// Back to the original thread, i.e. continue below.
mOriginalEventTarget->Dispatch(this, NS_DISPATCH_NORMAL);
@ -460,10 +456,6 @@ WebCryptoTask::CalculateResult()
{
MOZ_ASSERT(!IsOnOriginalThread());
if (isAlreadyShutDown()) {
return NS_ERROR_DOM_UNKNOWN_ERR;
}
return DoCrypto();
}
@ -3726,9 +3718,7 @@ WebCryptoTask::~WebCryptoTask()
{
MOZ_ASSERT(mReleasedNSSResources);
if (!isAlreadyShutDown()) {
shutdown(ShutdownCalledFrom::Object);
}
shutdown(ShutdownCalledFrom::Object);
if (mWorkerHolder) {
NS_ProxyRelease(

11
dom/media/webrtc/RTCCertificate.cpp
View File

@ -308,9 +308,6 @@ RTCCertificate::RTCCertificate(nsIGlobalObject* aGlobal,
RTCCertificate::~RTCCertificate()
{
if (isAlreadyShutDown()) {
return;
}
destructorSafeDestroyNSSReference();
shutdown(ShutdownCalledFrom::Object);
}
@ -329,7 +326,7 @@ RTCCertificate::~RTCCertificate()
RefPtr<DtlsIdentity>
RTCCertificate::CreateDtlsIdentity() const
{
if (isAlreadyShutDown() || !mPrivateKey || !mCertificate) {
if (!mPrivateKey || !mCertificate) {
return nullptr;
}
UniqueSECKEYPrivateKey key(SECKEY_CopyPrivateKey(mPrivateKey.get()));
@ -388,7 +385,7 @@ RTCCertificate::WriteCertificate(JSStructuredCloneWriter* aWriter) const
bool
RTCCertificate::WriteStructuredClone(JSStructuredCloneWriter* aWriter) const
{
if (isAlreadyShutDown() || !mPrivateKey || !mCertificate) {
if (!mPrivateKey || !mCertificate) {
return false;
}
@ -432,10 +429,6 @@ RTCCertificate::ReadCertificate(JSStructuredCloneReader* aReader)
bool
RTCCertificate::ReadStructuredClone(JSStructuredCloneReader* aReader)
{
if (isAlreadyShutDown()) {
return false;
}
uint32_t version, authType;
if (!JS_ReadUint32Pair(aReader, &version, &authType) ||
version != RTCCERTIFICATE_SC_VERSION) {

21
dom/webauthn/U2FSoftTokenManager.cpp
View File

@ -70,11 +70,6 @@ U2FSoftTokenManager::U2FSoftTokenManager(uint32_t aCounter)
U2FSoftTokenManager::~U2FSoftTokenManager()
{
if (isAlreadyShutDown()) {
return;
}
destructorSafeDestroyNSSReference();
shutdown(ShutdownCalledFrom::Object);
}
@ -366,10 +361,6 @@ U2FSoftTokenManager::Init()
return NS_OK;
}
if (NS_WARN_IF(isAlreadyShutDown())) {
return NS_ERROR_NOT_AVAILABLE;
}
UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
MOZ_ASSERT(slot.get());
@ -570,10 +561,6 @@ U2FSoftTokenManager::IsRegistered(const nsTArray<uint8_t>& aKeyHandle,
const nsTArray<uint8_t>& aAppParam,
bool& aResult)
{
if (NS_WARN_IF(isAlreadyShutDown())) {
return NS_ERROR_FAILURE;
}
if (!mInitialized) {
nsresult rv = Init();
if (NS_WARN_IF(NS_FAILED(rv))) {
@ -620,10 +607,6 @@ U2FSoftTokenManager::Register(const nsTArray<WebAuthnScopedCredential>& aCredent
const nsTArray<uint8_t>& aChallenge,
uint32_t aTimeoutMS)
{
if (NS_WARN_IF(isAlreadyShutDown())) {
return U2FRegisterPromise::CreateAndReject(NS_ERROR_NOT_AVAILABLE, __func__);
}
if (!mInitialized) {
nsresult rv = Init();
if (NS_WARN_IF(NS_FAILED(rv))) {
@ -751,10 +734,6 @@ U2FSoftTokenManager::Sign(const nsTArray<WebAuthnScopedCredential>& aCredentials
bool aRequireUserVerification,
uint32_t aTimeoutMS)
{
if (NS_WARN_IF(isAlreadyShutDown())) {
return U2FSignPromise::CreateAndReject(NS_ERROR_NOT_AVAILABLE, __func__);
}
// The U2F softtoken doesn't support user verification.
if (aRequireUserVerification) {
return U2FSignPromise::CreateAndReject(NS_ERROR_DOM_NOT_ALLOWED_ERR, __func__);

42
netwerk/base/BackgroundFileSaver.cpp
View File

@ -118,9 +118,6 @@ BackgroundFileSaver::BackgroundFileSaver()
BackgroundFileSaver::~BackgroundFileSaver()
{
LOG(("Destroying BackgroundFileSaver [this = %p]", this));
if (isAlreadyShutDown()) {
return;
}
destructorSafeDestroyNSSReference();
shutdown(ShutdownCalledFrom::Object);
}
@ -552,11 +549,9 @@ BackgroundFileSaver::ProcessStateChange()
// Create the digest context if requested and NSS hasn't been shut down.
if (sha256Enabled && !mDigestContext) {
if (!isAlreadyShutDown()) {
mDigestContext = UniquePK11Context(
PK11_CreateDigestContext(SEC_OID_SHA256));
NS_ENSURE_TRUE(mDigestContext, NS_ERROR_OUT_OF_MEMORY);
}
mDigestContext = UniquePK11Context(
PK11_CreateDigestContext(SEC_OID_SHA256));
NS_ENSURE_TRUE(mDigestContext, NS_ERROR_OUT_OF_MEMORY);
}
// When we are requested to append to an existing file, we should read the
@ -580,10 +575,6 @@ BackgroundFileSaver::ProcessStateChange()
break;
}
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
nsresult rv = MapSECStatus(
PK11_DigestOp(mDigestContext.get(),
BitwiseCast<unsigned char*, char*>(buffer),
@ -719,15 +710,13 @@ BackgroundFileSaver::CheckCompletion()
// Finish computing the hash
if (!failed && mDigestContext) {
if (!isAlreadyShutDown()) {
Digest d;
rv = d.End(SEC_OID_SHA256, mDigestContext);
if (NS_SUCCEEDED(rv)) {
MutexAutoLock lock(mLock);
mSha256 =
nsDependentCSubstring(BitwiseCast<char*, unsigned char*>(d.get().data),
d.get().len);
}
Digest d;
rv = d.End(SEC_OID_SHA256, mDigestContext);
if (NS_SUCCEEDED(rv)) {
MutexAutoLock lock(mLock);
mSha256 =
nsDependentCSubstring(BitwiseCast<char*, unsigned char*>(d.get().data),
d.get().len);
}
}
@ -810,10 +799,6 @@ nsresult
BackgroundFileSaver::ExtractSignatureInfo(const nsAString& filePath)
{
MOZ_ASSERT(!NS_IsMainThread(), "Cannot extract signature on main thread");
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
{
MutexAutoLock lock(mLock);
if (!mSignatureInfoEnabled) {
@ -1212,9 +1197,6 @@ DigestOutputStream::DigestOutputStream(nsIOutputStream* aStream,
DigestOutputStream::~DigestOutputStream()
{
if (isAlreadyShutDown()) {
return;
}
shutdown(ShutdownCalledFrom::Object);
}
@ -1233,10 +1215,6 @@ DigestOutputStream::Flush()
NS_IMETHODIMP
DigestOutputStream::Write(const char* aBuf, uint32_t aCount, uint32_t* retval)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
nsresult rv = MapSECStatus(
PK11_DigestOp(mDigestContext,
BitwiseCast<const unsigned char*, const char*>(aBuf),

15
security/manager/ssl/ContentSignatureVerifier.cpp
View File

@ -44,9 +44,6 @@ const nsLiteralCString kPREFIX = NS_LITERAL_CSTRING("Content-Signature:\x00");
ContentSignatureVerifier::~ContentSignatureVerifier()
{
if (isAlreadyShutDown()) {
return;
}
destructorSafeDestroyNSSReference();
shutdown(ShutdownCalledFrom::Object);
}
@ -146,10 +143,6 @@ ContentSignatureVerifier::CreateContextInternal(const nsACString& aData,
const nsACString& aName)
{
MOZ_ASSERT(NS_IsMainThread());
if (isAlreadyShutDown()) {
CSVerifier_LOG(("CSVerifier: nss is already shutdown\n"));
return NS_ERROR_FAILURE;
}
UniqueCERTCertList certCertList(CERT_NewCertList());
if (!certCertList) {
@ -406,10 +399,6 @@ NS_IMETHODIMP
ContentSignatureVerifier::Update(const nsACString& aData)
{
MOZ_ASSERT(NS_IsMainThread());
if (isAlreadyShutDown()) {
CSVerifier_LOG(("CSVerifier: nss is already shutdown\n"));
return NS_ERROR_FAILURE;
}
// If we didn't create the context yet, bail!
if (!mHasCertChain) {
@ -430,10 +419,6 @@ ContentSignatureVerifier::End(bool* _retval)
{
NS_ENSURE_ARG(_retval);
MOZ_ASSERT(NS_IsMainThread());
if (isAlreadyShutDown()) {
CSVerifier_LOG(("CSVerifier: nss is already shutdown\n"));
return NS_ERROR_FAILURE;
}
// If we didn't create the context yet, bail!
if (!mHasCertChain) {

10
security/manager/ssl/CryptoTask.cpp
View File

@ -13,9 +13,7 @@ CryptoTask::~CryptoTask()
{
MOZ_ASSERT(mReleasedNSSResources);
if (!isAlreadyShutDown()) {
shutdown(ShutdownCalledFrom::Object);
}
shutdown(ShutdownCalledFrom::Object);
}
nsresult
@ -45,11 +43,7 @@ NS_IMETHODIMP
CryptoTask::Run()
{
if (!NS_IsMainThread()) {
if (isAlreadyShutDown()) {
mRv = NS_ERROR_NOT_AVAILABLE;
} else {
mRv = CalculateResult();
}
mRv = CalculateResult();
NS_DispatchToMainThread(this);
} else {
// back on the main thread

31
security/manager/ssl/PKCS11ModuleDB.cpp
View File

@ -25,9 +25,6 @@ PKCS11ModuleDB::PKCS11ModuleDB()
PKCS11ModuleDB::~PKCS11ModuleDB()
{
if (isAlreadyShutDown()) {
return;
}
shutdown(ShutdownCalledFrom::Object);
}
@ -35,10 +32,6 @@ PKCS11ModuleDB::~PKCS11ModuleDB()
NS_IMETHODIMP
PKCS11ModuleDB::DeleteModule(const nsAString& aModuleName)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
if (aModuleName.IsEmpty()) {
return NS_ERROR_INVALID_ARG;
}
@ -89,10 +82,6 @@ PKCS11ModuleDB::AddModule(const nsAString& aModuleName,
int32_t aCryptoMechanismFlags,
int32_t aCipherFlags)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
if (aModuleName.IsEmpty()) {
return NS_ERROR_INVALID_ARG;
}
@ -152,10 +141,6 @@ PKCS11ModuleDB::FindModuleByName(const nsACString& name,
{
NS_ENSURE_ARG_POINTER(_retval);
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
nsresult rv = BlockUntilLoadableRootsLoaded();
if (NS_FAILED(rv)) {
return rv;
@ -176,10 +161,6 @@ PKCS11ModuleDB::ListModules(nsISimpleEnumerator** _retval)
{
NS_ENSURE_ARG_POINTER(_retval);
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
nsresult rv = BlockUntilLoadableRootsLoaded();
if (NS_FAILED(rv)) {
return rv;
@ -219,10 +200,6 @@ PKCS11ModuleDB::GetCanToggleFIPS(bool* aCanToggleFIPS)
{
NS_ENSURE_ARG_POINTER(aCanToggleFIPS);
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
*aCanToggleFIPS = SECMOD_CanDeleteInternalModule();
return NS_OK;
}
@ -231,10 +208,6 @@ PKCS11ModuleDB::GetCanToggleFIPS(bool* aCanToggleFIPS)
NS_IMETHODIMP
PKCS11ModuleDB::ToggleFIPSMode()
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
// The way to toggle FIPS mode in NSS is extremely obscure. Basically, we
// delete the internal module, and it gets replaced with the opposite module
// (i.e. if it was FIPS before, then it becomes non-FIPS next).
@ -262,10 +235,6 @@ PKCS11ModuleDB::GetIsFIPSEnabled(bool* aIsFIPSEnabled)
{
NS_ENSURE_ARG_POINTER(aIsFIPSEnabled);
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
*aIsFIPSEnabled = PK11_IsFIPS();
return NS_OK;
}

112
security/manager/ssl/SSLServerCertVerification.cpp
View File

@ -1564,71 +1564,67 @@ SSLServerCertVerificationJob::Run()
PRErrorCode error;
if (mInfoObject->isAlreadyShutDown()) {
error = SEC_ERROR_USER_CANCELLED;
} else {
Telemetry::HistogramID successTelemetry
= Telemetry::SSL_SUCCESFUL_CERT_VALIDATION_TIME_MOZILLAPKIX;
Telemetry::HistogramID failureTelemetry
= Telemetry::SSL_INITIAL_FAILED_CERT_VALIDATION_TIME_MOZILLAPKIX;
Telemetry::HistogramID successTelemetry
= Telemetry::SSL_SUCCESFUL_CERT_VALIDATION_TIME_MOZILLAPKIX;
Telemetry::HistogramID failureTelemetry
= Telemetry::SSL_INITIAL_FAILED_CERT_VALIDATION_TIME_MOZILLAPKIX;
// Reset the error code here so we can detect if AuthCertificate fails to
// set the error code if/when it fails.
PR_SetError(0, 0);
SECStatus rv = AuthCertificate(*mCertVerifier, mInfoObject, mCert,
mPeerCertChain, mStapledOCSPResponse.get(),
mSCTsFromTLSExtension.get(),
mProviderFlags, mTime);
MOZ_ASSERT(mPeerCertChain || rv != SECSuccess,
"AuthCertificate() should take ownership of chain on failure");
if (rv == SECSuccess) {
uint32_t interval = (uint32_t) ((TimeStamp::Now() - mJobStartTime).ToMilliseconds());
RefPtr<SSLServerCertVerificationResult> restart(
new SSLServerCertVerificationResult(mInfoObject, 0,
successTelemetry, interval));
restart->Dispatch();
Telemetry::Accumulate(Telemetry::SSL_CERT_ERROR_OVERRIDES, 1);
return NS_OK;
}
// Reset the error code here so we can detect if AuthCertificate fails to
// set the error code if/when it fails.
PR_SetError(0, 0);
SECStatus rv = AuthCertificate(*mCertVerifier, mInfoObject, mCert,
mPeerCertChain, mStapledOCSPResponse.get(),
mSCTsFromTLSExtension.get(),
mProviderFlags, mTime);
MOZ_ASSERT(mPeerCertChain || rv != SECSuccess,
"AuthCertificate() should take ownership of chain on failure");
if (rv == SECSuccess) {
uint32_t interval = (uint32_t) ((TimeStamp::Now() - mJobStartTime).ToMilliseconds());
RefPtr<SSLServerCertVerificationResult> restart(
new SSLServerCertVerificationResult(mInfoObject, 0,
successTelemetry, interval));
restart->Dispatch();
Telemetry::Accumulate(Telemetry::SSL_CERT_ERROR_OVERRIDES, 1);
return NS_OK;
}
// Note: the interval is not calculated once as PR_GetError MUST be called
// before any other function call
error = PR_GetError();
// Note: the interval is not calculated once as PR_GetError MUST be called
// before any other function call
error = PR_GetError();
TimeStamp now = TimeStamp::Now();
Telemetry::AccumulateTimeDelta(failureTelemetry, mJobStartTime, now);
TimeStamp now = TimeStamp::Now();
Telemetry::AccumulateTimeDelta(failureTelemetry, mJobStartTime, now);
if (error != 0) {
RefPtr<CertErrorRunnable> runnable(
CreateCertErrorRunnable(*mCertVerifier, error, mInfoObject, mCert,
mFdForLogging, mProviderFlags, mPRTime));
if (!runnable) {
// CreateCertErrorRunnable set a new error code
error = PR_GetError();
} else {
// We must block the the socket transport service thread while the
// main thread executes the CertErrorRunnable. The CertErrorRunnable
// will dispatch the result asynchronously, so we don't have to block
// this thread waiting for it.
if (error != 0) {
RefPtr<CertErrorRunnable> runnable(
CreateCertErrorRunnable(*mCertVerifier, error, mInfoObject, mCert,
mFdForLogging, mProviderFlags, mPRTime));
if (!runnable) {
// CreateCertErrorRunnable set a new error code
error = PR_GetError();
} else {
// We must block the the socket transport service thread while the
// main thread executes the CertErrorRunnable. The CertErrorRunnable
// will dispatch the result asynchronously, so we don't have to block
// this thread waiting for it.
MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
("[%p][%p] Before dispatching CertErrorRunnable\n",
mFdForLogging, runnable.get()));
MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
("[%p][%p] Before dispatching CertErrorRunnable\n",
mFdForLogging, runnable.get()));
nsresult nrv;
nsCOMPtr<nsIEventTarget> stsTarget
= do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID, &nrv);
if (NS_SUCCEEDED(nrv)) {
nrv = stsTarget->Dispatch(new CertErrorRunnableRunnable(runnable),
NS_DISPATCH_NORMAL);
}
if (NS_SUCCEEDED(nrv)) {
return NS_OK;
}
NS_ERROR("Failed to dispatch CertErrorRunnable");
error = PR_INVALID_STATE_ERROR;
nsresult nrv;
nsCOMPtr<nsIEventTarget> stsTarget
= do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID, &nrv);
if (NS_SUCCEEDED(nrv)) {
nrv = stsTarget->Dispatch(new CertErrorRunnableRunnable(runnable),
NS_DISPATCH_NORMAL);
}
if (NS_SUCCEEDED(nrv)) {
return NS_OK;
}
NS_ERROR("Failed to dispatch CertErrorRunnable");
error = PR_INVALID_STATE_ERROR;
}
}

50
security/manager/ssl/SecretDecoderRing.cpp
View File

@ -66,20 +66,12 @@ SecretDecoderRing::SecretDecoderRing()
SecretDecoderRing::~SecretDecoderRing()
{
if (isAlreadyShutDown()) {
return;
}
shutdown(ShutdownCalledFrom::Object);
}
nsresult
SecretDecoderRing::Encrypt(const nsACString& data, /*out*/ nsACString& result)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
if (!slot) {
return NS_ERROR_NOT_AVAILABLE;
@ -116,10 +108,6 @@ SecretDecoderRing::Encrypt(const nsACString& data, /*out*/ nsACString& result)
nsresult
SecretDecoderRing::Decrypt(const nsACString& data, /*out*/ nsACString& result)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
/* Find token with SDR key */
UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
if (!slot) {
@ -228,10 +216,6 @@ SecretDecoderRing::DecryptString(const nsACString& encryptedBase64Text,
NS_IMETHODIMP
SecretDecoderRing::ChangePassword()
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
if (!slot) {
return NS_ERROR_NOT_AVAILABLE;
@ -255,22 +239,8 @@ SecretDecoderRing::ChangePassword()
NS_IMETHODIMP
SecretDecoderRing::Logout()
{
static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
nsresult rv;
nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
if (NS_FAILED(rv))
return rv;
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
PK11_LogoutAll();
SSL_ClearSessionCache();
}
PK11_LogoutAll();
SSL_ClearSessionCache();
return NS_OK;
}
@ -279,18 +249,13 @@ SecretDecoderRing::LogoutAndTeardown()
{
static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
PK11_LogoutAll();
SSL_ClearSessionCache();
nsresult rv;
nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
if (NS_FAILED(rv))
if (NS_FAILED(rv)) {
return rv;
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
PK11_LogoutAll();
SSL_ClearSessionCache();
}
rv = nssComponent->LogoutAuthenticatedPK11();
@ -299,8 +264,9 @@ SecretDecoderRing::LogoutAndTeardown()
// sure that all connections that should be stopped, are stopped. See
// bug 517584.
nsCOMPtr<nsIObserverService> os = mozilla::services::GetObserverService();
if (os)
if (os) {
os->NotifyObservers(nullptr, "net:prune-dead-connections", nullptr);
}
return rv;
}

7
security/manager/ssl/TransportSecurityInfo.cpp
View File

@ -50,9 +50,6 @@ TransportSecurityInfo::TransportSecurityInfo()
TransportSecurityInfo::~TransportSecurityInfo()
{
if (isAlreadyShutDown())
return;
shutdown(ShutdownCalledFrom::Object);
}
@ -1040,10 +1037,6 @@ TransportSecurityInfo::GetFailedCertChain(nsIX509CertList** _result)
nsresult
TransportSecurityInfo::SetFailedCertChain(UniqueCERTCertList certList)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
// nsNSSCertList takes ownership of certList
mFailedCertChain = new nsNSSCertList(Move(certList));

42
security/manager/ssl/nsCryptoHash.cpp
View File

@ -38,9 +38,6 @@ nsCryptoHash::nsCryptoHash()
nsCryptoHash::~nsCryptoHash()
{
if (isAlreadyShutDown()) {
return;
}
destructorSafeDestroyNSSReference();
shutdown(ShutdownCalledFrom::Object);
}
@ -62,10 +59,6 @@ NS_IMPL_ISUPPORTS(nsCryptoHash, nsICryptoHash)
NS_IMETHODIMP
nsCryptoHash::Init(uint32_t algorithm)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
HASH_HashType hashType;
switch (algorithm) {
case nsICryptoHash::MD2:
@ -134,10 +127,6 @@ nsCryptoHash::InitWithString(const nsACString & aAlgorithm)
NS_IMETHODIMP
nsCryptoHash::Update(const uint8_t *data, uint32_t len)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
if (!mInitialized) {
return NS_ERROR_NOT_INITIALIZED;
}
@ -149,10 +138,6 @@ nsCryptoHash::Update(const uint8_t *data, uint32_t len)
NS_IMETHODIMP
nsCryptoHash::UpdateFromStream(nsIInputStream *data, uint32_t aLen)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
if (!mInitialized)
return NS_ERROR_NOT_INITIALIZED;
@ -205,10 +190,6 @@ nsCryptoHash::UpdateFromStream(nsIInputStream *data, uint32_t aLen)
NS_IMETHODIMP
nsCryptoHash::Finish(bool ascii, nsACString & _retval)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
if (!mInitialized) {
return NS_ERROR_NOT_INITIALIZED;
}
@ -241,9 +222,6 @@ nsCryptoHMAC::nsCryptoHMAC()
nsCryptoHMAC::~nsCryptoHMAC()
{
if (isAlreadyShutDown()) {
return;
}
destructorSafeDestroyNSSReference();
shutdown(ShutdownCalledFrom::Object);
}
@ -263,10 +241,6 @@ nsCryptoHMAC::destructorSafeDestroyNSSReference()
NS_IMETHODIMP
nsCryptoHMAC::Init(uint32_t aAlgorithm, nsIKeyObject *aKeyObject)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
if (mHMACContext) {
mHMACContext = nullptr;
}
@ -319,10 +293,6 @@ nsCryptoHMAC::Init(uint32_t aAlgorithm, nsIKeyObject *aKeyObject)
NS_IMETHODIMP
nsCryptoHMAC::Update(const uint8_t *aData, uint32_t aLen)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
if (!mHMACContext)
return NS_ERROR_NOT_INITIALIZED;
@ -339,10 +309,6 @@ nsCryptoHMAC::Update(const uint8_t *aData, uint32_t aLen)
NS_IMETHODIMP
nsCryptoHMAC::UpdateFromStream(nsIInputStream *aStream, uint32_t aLen)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
if (!mHMACContext)
return NS_ERROR_NOT_INITIALIZED;
@ -398,10 +364,6 @@ nsCryptoHMAC::UpdateFromStream(nsIInputStream *aStream, uint32_t aLen)
NS_IMETHODIMP
nsCryptoHMAC::Finish(bool aASCII, nsACString & _retval)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
if (!mHMACContext)
return NS_ERROR_NOT_INITIALIZED;
@ -425,10 +387,6 @@ nsCryptoHMAC::Finish(bool aASCII, nsACString & _retval)
NS_IMETHODIMP
nsCryptoHMAC::Reset()
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
if (PK11_DigestBegin(mHMACContext.get()) != SECSuccess) {
return NS_ERROR_FAILURE;
}

8
security/manager/ssl/nsDataSignatureVerifier.cpp
View File

@ -31,10 +31,6 @@ const SEC_ASN1Template CERT_SignatureDataTemplate[] =
nsDataSignatureVerifier::~nsDataSignatureVerifier()
{
if (isAlreadyShutDown()) {
return;
}
shutdown(ShutdownCalledFrom::Object);
}
@ -46,10 +42,6 @@ nsDataSignatureVerifier::VerifyData(const nsACString& aData,
{
NS_ENSURE_ARG_POINTER(_retval);
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
// Allocate an arena to handle the majority of the allocations
UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
if (!arena) {

18
security/manager/ssl/nsKeyModule.cpp
View File

@ -19,9 +19,6 @@ nsKeyObject::nsKeyObject()
nsKeyObject::~nsKeyObject()
{
if (isAlreadyShutDown()) {
return;
}
destructorSafeDestroyNSSReference();
shutdown(ShutdownCalledFrom::Object);
}
@ -48,10 +45,6 @@ nsKeyObject::InitKey(int16_t aAlgorithm, PK11SymKey* aKey)
return NS_ERROR_INVALID_ARG;
}
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
mSymKey.reset(aKey);
return NS_OK;
}
@ -65,10 +58,6 @@ nsKeyObject::GetKeyObj(PK11SymKey** _retval)
*_retval = nullptr;
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
if (!mSymKey) {
return NS_ERROR_NOT_INITIALIZED;
}
@ -98,9 +87,6 @@ nsKeyObjectFactory::nsKeyObjectFactory()
nsKeyObjectFactory::~nsKeyObjectFactory()
{
if (isAlreadyShutDown()) {
return;
}
shutdown(ShutdownCalledFrom::Object);
}
@ -112,10 +98,6 @@ nsKeyObjectFactory::KeyFromString(int16_t aAlgorithm, const nsACString& aKey,
return NS_ERROR_INVALID_ARG;
}
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
CK_MECHANISM_TYPE cipherMech = CKM_GENERIC_SECRET_KEY_GEN;
CK_ATTRIBUTE_TYPE cipherOperation = CKA_SIGN;

12
security/manager/ssl/nsKeygenHandler.cpp
View File

@ -222,10 +222,6 @@ nsKeygenFormProcessor::nsKeygenFormProcessor()
nsKeygenFormProcessor::~nsKeygenFormProcessor()
{
if (isAlreadyShutDown()) {
return;
}
shutdown(ShutdownCalledFrom::Object);
}
@ -274,10 +270,6 @@ nsKeygenFormProcessor::Init()
nsresult
nsKeygenFormProcessor::GetSlot(uint32_t aMechanism, PK11SlotInfo** aSlot)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
return GetSlotWithMechanism(aMechanism, m_ctx, aSlot);
}
@ -424,10 +416,6 @@ nsKeygenFormProcessor::GetPublicKey(const nsAString& aValue,
nsAString& aOutPublicKey,
const nsAString& aKeyParams)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
nsresult rv = NS_ERROR_FAILURE;
nsAutoCString keystring;
char *keyparamsString = nullptr;

14
security/manager/ssl/nsNSSCallbacks.cpp
View File

@ -753,20 +753,12 @@ private:
PK11PasswordPromptRunnable::~PK11PasswordPromptRunnable()
{
if (isAlreadyShutDown()) {
return;
}
shutdown(ShutdownCalledFrom::Object);
}
void
PK11PasswordPromptRunnable::RunOnTargetThread()
{
if (isAlreadyShutDown()) {
return;
}
nsresult rv;
nsCOMPtr<nsIPrompt> prompt;
if (!mIR) {
@ -998,12 +990,6 @@ CanFalseStartCallback(PRFileDesc* fd, void* client_data, PRBool *canFalseStart)
infoObject->SetFalseStartCallbackCalled();
if (infoObject->isAlreadyShutDown()) {
MOZ_CRASH("SSL socket used after NSS shut down");
PR_SetError(PR_INVALID_STATE_ERROR, 0);
return SECFailure;
}
PreliminaryHandshakeDone(fd);
uint32_t reasonsForNotFalseStarting = 0;

6
security/manager/ssl/nsNSSCertHelper.cpp
View File

@ -1834,9 +1834,6 @@ RegisterDynamicOids()
nsresult
nsNSSCertificate::CreateTBSCertificateASN1Struct(nsIASN1Sequence** retSequence)
{
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
if (RegisterDynamicOids() != SECSuccess)
return NS_ERROR_FAILURE;
@ -1981,9 +1978,6 @@ nsNSSCertificate::CreateTBSCertificateASN1Struct(nsIASN1Sequence** retSequence)
nsresult
nsNSSCertificate::CreateASN1Struct(nsIASN1Object** aRetVal)
{
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
nsCOMPtr<nsIASN1Sequence> sequence = new nsNSSASN1Sequence();
nsCOMPtr<nsIMutableArray> asn1Objects;

8
security/manager/ssl/nsNSSCertValidity.cpp
View File

@ -22,10 +22,6 @@ nsX509CertValidity::nsX509CertValidity(const mozilla::UniqueCERTCertificate& cer
return;
}
if (isAlreadyShutDown()) {
return;
}
if (CERT_GetCertTimes(cert.get(), &mNotBefore, &mNotAfter) == SECSuccess) {
mTimesInitialized = true;
}
@ -33,10 +29,6 @@ nsX509CertValidity::nsX509CertValidity(const mozilla::UniqueCERTCertificate& cer
nsX509CertValidity::~nsX509CertValidity()
{
if (isAlreadyShutDown()) {
return;
}
shutdown(ShutdownCalledFrom::Object);
}

129
security/manager/ssl/nsNSSCertificate.cpp
View File

@ -90,9 +90,6 @@ nsNSSCertificate::ConstructFromDER(char* certDER, int derLen)
bool
nsNSSCertificate::InitFromDER(char* certDER, int derLen)
{
if (isAlreadyShutDown())
return false;
if (!certDER || !derLen)
return false;
@ -115,9 +112,6 @@ nsNSSCertificate::nsNSSCertificate(CERTCertificate* cert)
, mPermDelete(false)
, mCertType(CERT_TYPE_NOT_YET_INITIALIZED)
{
if (isAlreadyShutDown())
return;
if (cert) {
mCert.reset(CERT_DupCertificate(cert));
}
@ -132,9 +126,6 @@ nsNSSCertificate::nsNSSCertificate()
nsNSSCertificate::~nsNSSCertificate()
{
if (isAlreadyShutDown()) {
return;
}
destructorSafeDestroyNSSReference();
shutdown(ShutdownCalledFrom::Object);
}
@ -177,9 +168,6 @@ nsNSSCertificate::GetIsSelfSigned(bool* aIsSelfSigned)
{
NS_ENSURE_ARG(aIsSelfSigned);
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
*aIsSelfSigned = mCert->isRoot;
return NS_OK;
}
@ -189,9 +177,6 @@ nsNSSCertificate::GetIsBuiltInRoot(bool* aIsBuiltInRoot)
{
NS_ENSURE_ARG(aIsBuiltInRoot);
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
pkix::Result rv = IsCertBuiltInRoot(mCert.get(), *aIsBuiltInRoot);
if (rv != pkix::Result::Success) {
return NS_ERROR_FAILURE;
@ -202,9 +187,6 @@ nsNSSCertificate::GetIsBuiltInRoot(bool* aIsBuiltInRoot)
nsresult
nsNSSCertificate::MarkForPermDeletion()
{
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
// make sure user is logged in to the token
nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
@ -303,9 +285,6 @@ nsNSSCertificate::GetKeyUsages(nsAString& text)
NS_IMETHODIMP
nsNSSCertificate::GetDbKey(nsACString& aDbKey)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
return GetDbKey(mCert, aDbKey);
}
@ -343,10 +322,6 @@ nsNSSCertificate::GetDbKey(const UniqueCERTCertificate& cert, nsACString& aDbKey
NS_IMETHODIMP
nsNSSCertificate::GetDisplayName(nsAString& aDisplayName)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
aDisplayName.Truncate();
MOZ_ASSERT(mCert, "mCert should not be null in GetDisplayName");
@ -411,9 +386,6 @@ nsNSSCertificate::GetDisplayName(nsAString& aDisplayName)
NS_IMETHODIMP
nsNSSCertificate::GetEmailAddress(nsAString& aEmailAddress)
{
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
if (mCert->emailAddr) {
CopyUTF8toUTF16(mCert->emailAddr, aEmailAddress);
} else {
@ -430,9 +402,6 @@ nsNSSCertificate::GetEmailAddress(nsAString& aEmailAddress)
NS_IMETHODIMP
nsNSSCertificate::GetEmailAddresses(uint32_t* aLength, char16_t*** aAddresses)
{
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
NS_ENSURE_ARG(aLength);
NS_ENSURE_ARG(aAddresses);
@ -469,9 +438,6 @@ NS_IMETHODIMP
nsNSSCertificate::ContainsEmailAddress(const nsAString& aEmailAddress,
bool* result)
{
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
NS_ENSURE_ARG(result);
*result = false;
@ -502,9 +468,6 @@ nsNSSCertificate::ContainsEmailAddress(const nsAString& aEmailAddress,
NS_IMETHODIMP
nsNSSCertificate::GetCommonName(nsAString& aCommonName)
{
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
aCommonName.Truncate();
if (mCert) {
UniquePORTString commonName(CERT_GetCommonName(&mCert->subject));
@ -518,9 +481,6 @@ nsNSSCertificate::GetCommonName(nsAString& aCommonName)
NS_IMETHODIMP
nsNSSCertificate::GetOrganization(nsAString& aOrganization)
{
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
aOrganization.Truncate();
if (mCert) {
UniquePORTString organization(CERT_GetOrgName(&mCert->subject));
@ -534,9 +494,6 @@ nsNSSCertificate::GetOrganization(nsAString& aOrganization)
NS_IMETHODIMP
nsNSSCertificate::GetIssuerCommonName(nsAString& aCommonName)
{
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
aCommonName.Truncate();
if (mCert) {
UniquePORTString commonName(CERT_GetCommonName(&mCert->issuer));
@ -550,9 +507,6 @@ nsNSSCertificate::GetIssuerCommonName(nsAString& aCommonName)
NS_IMETHODIMP
nsNSSCertificate::GetIssuerOrganization(nsAString& aOrganization)
{
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
aOrganization.Truncate();
if (mCert) {
UniquePORTString organization(CERT_GetOrgName(&mCert->issuer));
@ -566,9 +520,6 @@ nsNSSCertificate::GetIssuerOrganization(nsAString& aOrganization)
NS_IMETHODIMP
nsNSSCertificate::GetIssuerOrganizationUnit(nsAString& aOrganizationUnit)
{
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
aOrganizationUnit.Truncate();
if (mCert) {
UniquePORTString organizationUnit(CERT_GetOrgUnitName(&mCert->issuer));
@ -582,9 +533,6 @@ nsNSSCertificate::GetIssuerOrganizationUnit(nsAString& aOrganizationUnit)
NS_IMETHODIMP
nsNSSCertificate::GetIssuer(nsIX509Cert** aIssuer)
{
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
NS_ENSURE_ARG(aIssuer);
*aIssuer = nullptr;
@ -611,9 +559,6 @@ nsNSSCertificate::GetIssuer(nsIX509Cert** aIssuer)
NS_IMETHODIMP
nsNSSCertificate::GetOrganizationalUnit(nsAString& aOrganizationalUnit)
{
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
aOrganizationalUnit.Truncate();
if (mCert) {
UniquePORTString orgunit(CERT_GetOrgUnitName(&mCert->subject));
@ -655,9 +600,6 @@ UniqueCERTCertListToMutableArray(/*in*/ UniqueCERTCertList& nssChain,
NS_IMETHODIMP
nsNSSCertificate::GetChain(nsIArray** _rvChain)
{
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
NS_ENSURE_ARG(_rvChain);
mozilla::pkix::Time now(mozilla::pkix::Now());
@ -699,9 +641,6 @@ nsNSSCertificate::GetChain(nsIArray** _rvChain)
NS_IMETHODIMP
nsNSSCertificate::GetSubjectName(nsAString& _subjectName)
{
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
_subjectName.Truncate();
if (mCert->subjectName) {
_subjectName = NS_ConvertUTF8toUTF16(mCert->subjectName);
@ -712,9 +651,6 @@ nsNSSCertificate::GetSubjectName(nsAString& _subjectName)
NS_IMETHODIMP
nsNSSCertificate::GetIssuerName(nsAString& _issuerName)
{
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
_issuerName.Truncate();
if (mCert->issuerName) {
_issuerName = NS_ConvertUTF8toUTF16(mCert->issuerName);
@ -725,9 +661,6 @@ nsNSSCertificate::GetIssuerName(nsAString& _issuerName)
NS_IMETHODIMP
nsNSSCertificate::GetSerialNumber(nsAString& _serialNumber)
{
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
_serialNumber.Truncate();
UniquePORTString tmpstr(CERT_Hexify(&mCert->serialNumber, 1));
if (tmpstr) {
@ -740,10 +673,6 @@ nsNSSCertificate::GetSerialNumber(nsAString& _serialNumber)
nsresult
nsNSSCertificate::GetCertificateHash(nsAString& aFingerprint, SECOidTag aHashAlg)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
aFingerprint.Truncate();
Digest digest;
nsresult rv = digest.DigestBuf(aHashAlg, mCert->derCert.data,
@ -777,9 +706,6 @@ nsNSSCertificate::GetSha1Fingerprint(nsAString& _sha1Fingerprint)
NS_IMETHODIMP
nsNSSCertificate::GetTokenName(nsAString& aTokenName)
{
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
aTokenName.Truncate();
if (mCert) {
// HACK alert
@ -811,10 +737,6 @@ nsNSSCertificate::GetTokenName(nsAString& aTokenName)
NS_IMETHODIMP
nsNSSCertificate::GetSha256SubjectPublicKeyInfoDigest(nsACString& aSha256SPKIDigest)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
aSha256SPKIDigest.Truncate();
Digest digest;
nsresult rv = digest.DigestBuf(SEC_OID_SHA256, mCert->derPublicKey.data,
@ -835,9 +757,6 @@ nsNSSCertificate::GetSha256SubjectPublicKeyInfoDigest(nsACString& aSha256SPKIDig
NS_IMETHODIMP
nsNSSCertificate::GetRawDER(uint32_t* aLength, uint8_t** aArray)
{
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
if (mCert) {
*aArray = (uint8_t*)moz_xmalloc(mCert->derCert.len);
if (*aArray) {
@ -857,9 +776,6 @@ nsNSSCertificate::ExportAsCMS(uint32_t chainMode,
NS_ENSURE_ARG(aLength);
NS_ENSURE_ARG(aArray);
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
nsresult rv = BlockUntilLoadableRootsLoaded();
if (NS_FAILED(rv)) {
return rv;
@ -982,18 +898,12 @@ nsNSSCertificate::ExportAsCMS(uint32_t chainMode,
CERTCertificate*
nsNSSCertificate::GetCert()
{
if (isAlreadyShutDown())
return nullptr;
return (mCert) ? CERT_DupCertificate(mCert.get()) : nullptr;
}
NS_IMETHODIMP
nsNSSCertificate::GetValidity(nsIX509CertValidity** aValidity)
{
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
NS_ENSURE_ARG(aValidity);
if (!mCert) {
@ -1018,9 +928,6 @@ nsNSSCertificate::GetASN1Structure(nsIASN1Object** aASN1Structure)
NS_IMETHODIMP
nsNSSCertificate::Equals(nsIX509Cert* other, bool* result)
{
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
NS_ENSURE_ARG(other);
NS_ENSURE_ARG(result);
@ -1093,9 +1000,6 @@ nsNSSCertList::nsNSSCertList()
nsNSSCertList::~nsNSSCertList()
{
if (isAlreadyShutDown()) {
return;
}
destructorSafeDestroyNSSReference();
shutdown(ShutdownCalledFrom::Object);
}
@ -1119,9 +1023,6 @@ nsNSSCertList::GetCertList()
NS_IMETHODIMP
nsNSSCertList::AddCert(nsIX509Cert* aCert)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
// We need an owning handle when calling nsIX509Cert::GetCert().
UniqueCERTCertificate cert(aCert->GetCert());
if (!cert) {
@ -1172,19 +1073,12 @@ nsNSSCertList::DupCertList(const UniqueCERTCertList& certList)
CERTCertList*
nsNSSCertList::GetRawCertList()
{
if (isAlreadyShutDown()) {
return nullptr;
}
return mCertList.get();
}
NS_IMETHODIMP
nsNSSCertList::Write(nsIObjectOutputStream* aStream)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
NS_ENSURE_STATE(mCertList);
nsresult rv = NS_OK;
@ -1224,10 +1118,6 @@ nsNSSCertList::Write(nsIObjectOutputStream* aStream)
NS_IMETHODIMP
nsNSSCertList::Read(nsIObjectInputStream* aStream)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
NS_ENSURE_STATE(mCertList);
nsresult rv = NS_OK;
@ -1257,10 +1147,6 @@ nsNSSCertList::Read(nsIObjectInputStream* aStream)
NS_IMETHODIMP
nsNSSCertList::GetEnumerator(nsISimpleEnumerator** _retval)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
if (!mCertList) {
return NS_ERROR_FAILURE;
}
@ -1275,10 +1161,6 @@ nsNSSCertList::GetEnumerator(nsISimpleEnumerator** _retval)
NS_IMETHODIMP
nsNSSCertList::Equals(nsIX509CertList* other, bool* result)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
NS_ENSURE_ARG(result);
*result = true;
@ -1433,9 +1315,6 @@ nsNSSCertListEnumerator::nsNSSCertListEnumerator(
nsNSSCertListEnumerator::~nsNSSCertListEnumerator()
{
if (isAlreadyShutDown()) {
return;
}
destructorSafeDestroyNSSReference();
shutdown(ShutdownCalledFrom::Object);
}
@ -1453,10 +1332,6 @@ void nsNSSCertListEnumerator::destructorSafeDestroyNSSReference()
NS_IMETHODIMP
nsNSSCertListEnumerator::HasMoreElements(bool* _retval)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
NS_ENSURE_TRUE(mCertList, NS_ERROR_FAILURE);
*_retval = !CERT_LIST_EMPTY(mCertList);
@ -1466,10 +1341,6 @@ nsNSSCertListEnumerator::HasMoreElements(bool* _retval)
NS_IMETHODIMP
nsNSSCertListEnumerator::GetNext(nsISupports** _retval)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
NS_ENSURE_TRUE(mCertList, NS_ERROR_FAILURE);
CERTCertListNode* node = CERT_LIST_HEAD(mCertList);

78
security/manager/ssl/nsNSSCertificateDB.cpp
View File

@ -59,10 +59,6 @@ NS_IMPL_ISUPPORTS(nsNSSCertificateDB, nsIX509CertDB)
nsNSSCertificateDB::~nsNSSCertificateDB()
{
if (isAlreadyShutDown()) {
return;
}
shutdown(ShutdownCalledFrom::Object);
}
@ -77,10 +73,6 @@ nsNSSCertificateDB::FindCertByDBKey(const nsACString& aDBKey,
return NS_ERROR_INVALID_ARG;
}
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
nsresult rv = BlockUntilLoadableRootsLoaded();
if (NS_FAILED(rv)) {
return rv;
@ -433,10 +425,6 @@ nsNSSCertificateDB::ImportCertificates(uint8_t* data, uint32_t length,
uint32_t type,
nsIInterfaceRequestor* ctx)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
// We currently only handle CA certificates.
if (type != nsIX509Cert::CA_CERT) {
return NS_ERROR_FAILURE;
@ -540,10 +528,6 @@ NS_IMETHODIMP
nsNSSCertificateDB::ImportEmailCertificate(uint8_t* data, uint32_t length,
nsIInterfaceRequestor* ctx)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
if (!arena) {
return NS_ERROR_OUT_OF_MEMORY;
@ -629,10 +613,6 @@ nsNSSCertificateDB::ImportUserCertificate(uint8_t* data, uint32_t length,
return NS_ERROR_NOT_SAME_THREAD;
}
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
if (!arena) {
return NS_ERROR_OUT_OF_MEMORY;
@ -698,9 +678,6 @@ NS_IMETHODIMP
nsNSSCertificateDB::DeleteCertificate(nsIX509Cert *aCert)
{
NS_ENSURE_ARG_POINTER(aCert);
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
UniqueCERTCertificate cert(aCert->GetCert());
if (!cert) {
return NS_ERROR_FAILURE;
@ -743,10 +720,6 @@ nsNSSCertificateDB::SetCertTrust(nsIX509Cert *cert,
uint32_t trusted)
{
NS_ENSURE_ARG_POINTER(cert);
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
nsNSSCertTrust trust;
switch (type) {
case nsIX509Cert::CA_CERT:
@ -783,10 +756,6 @@ nsNSSCertificateDB::IsCertTrusted(nsIX509Cert *cert,
NS_ENSURE_ARG_POINTER(_isTrusted);
*_isTrusted = false;
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
nsresult rv = BlockUntilLoadableRootsLoaded();
if (NS_FAILED(rv)) {
return rv;
@ -832,10 +801,6 @@ nsNSSCertificateDB::IsCertTrusted(nsIX509Cert *cert,
NS_IMETHODIMP
nsNSSCertificateDB::ImportCertsFromFile(nsIFile* aFile, uint32_t aType)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
NS_ENSURE_ARG(aFile);
switch (aType) {
case nsIX509Cert::CA_CERT:
@ -891,9 +856,6 @@ nsNSSCertificateDB::ImportPKCS12File(nsIFile* aFile)
if (!NS_IsMainThread()) {
return NS_ERROR_NOT_SAME_THREAD;
}
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
nsresult rv = BlockUntilLoadableRootsLoaded();
if (NS_FAILED(rv)) {
return rv;
@ -919,9 +881,6 @@ nsNSSCertificateDB::ExportPKCS12File(nsIFile* aFile, uint32_t count,
if (!NS_IsMainThread()) {
return NS_ERROR_NOT_SAME_THREAD;
}
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
nsresult rv = BlockUntilLoadableRootsLoaded();
if (NS_FAILED(rv)) {
return rv;
@ -939,10 +898,6 @@ NS_IMETHODIMP
nsNSSCertificateDB::FindCertByEmailAddress(const nsACString& aEmailAddress,
nsIX509Cert** _retval)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
nsresult rv = BlockUntilLoadableRootsLoaded();
if (NS_FAILED(rv)) {
return rv;
@ -999,9 +954,6 @@ NS_IMETHODIMP
nsNSSCertificateDB::ConstructX509FromBase64(const nsACString& base64,
/*out*/ nsIX509Cert** _retval)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
if (!_retval) {
return NS_ERROR_INVALID_POINTER;
}
@ -1026,9 +978,6 @@ NS_IMETHODIMP
nsNSSCertificateDB::ConstructX509(const nsACString& certDER,
nsIX509Cert** _retval)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
if (NS_WARN_IF(!_retval)) {
return NS_ERROR_INVALID_POINTER;
}
@ -1169,10 +1118,6 @@ nsNSSCertificateDB::AddCertFromBase64(const nsACString& aBase64,
}
*addedCertificate = nullptr;
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
nsNSSCertTrust trust;
if (CERT_DecodeTrustString(&trust.GetTrust(), PromiseFlatCString(aTrust).get())
!= SECSuccess) {
@ -1253,10 +1198,6 @@ nsNSSCertificateDB::SetCertTrustFromString(nsIX509Cert* cert,
NS_IMETHODIMP
nsNSSCertificateDB::GetCerts(nsIX509CertList **_retval)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
nsresult rv = BlockUntilLoadableRootsLoaded();
if (NS_FAILED(rv)) {
return rv;
@ -1289,10 +1230,6 @@ nsNSSCertificateDB::GetEnterpriseRoots(nsIX509CertList** enterpriseRoots)
NS_ENSURE_ARG_POINTER(enterpriseRoots);
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
#ifdef XP_WIN
nsCOMPtr<nsINSSComponent> psm(do_GetService(PSM_COMPONENT_CONTRACTID));
if (!psm) {
@ -1384,10 +1321,6 @@ nsNSSCertificateDB::VerifyCertNow(nsIX509Cert* aCert,
bool* aHasEVPolicy,
int32_t* /*PRErrorCode*/ _retval)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
return ::VerifyCertAtTime(aCert, aUsage, aFlags, aHostname,
mozilla::pkix::Now(),
aVerifiedChain, aHasEVPolicy, _retval);
@ -1403,10 +1336,6 @@ nsNSSCertificateDB::VerifyCertAtTime(nsIX509Cert* aCert,
bool* aHasEVPolicy,
int32_t* /*PRErrorCode*/ _retval)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
return ::VerifyCertAtTime(aCert, aUsage, aFlags, aHostname,
mozilla::pkix::TimeFromEpochInSeconds(aTime),
aVerifiedChain, aHasEVPolicy, _retval);
@ -1476,9 +1405,6 @@ nsNSSCertificateDB::AsyncVerifyCertAtTime(nsIX509Cert* aCert,
uint64_t aTime,
nsICertVerificationCallback* aCallback)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
RefPtr<VerifyCertAtTimeTask> task(new VerifyCertAtTimeTask(aCert, aUsage,
aFlags, aHostname,
aTime, aCallback));
@ -1488,10 +1414,6 @@ nsNSSCertificateDB::AsyncVerifyCertAtTime(nsIX509Cert* aCert,
NS_IMETHODIMP
nsNSSCertificateDB::ClearOCSPCache()
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
NS_ENSURE_TRUE(certVerifier, NS_ERROR_FAILURE);
certVerifier->ClearOCSPCache();

12
security/manager/ssl/nsNSSComponent.cpp
View File

@ -822,11 +822,6 @@ nsNSSComponent::GetEnterpriseRoots(nsIX509CertList** enterpriseRoots)
}
NS_ENSURE_ARG_POINTER(enterpriseRoots);
// nsNSSComponent isn't a nsNSSShutDownObject, so we can't check
// isAlreadyShutDown(). However, since mEnterpriseRoots is cleared when NSS
// shuts down, we can use that as a proxy for checking for NSS shutdown.
// (Of course, it may also be the case that no enterprise roots were imported,
// so we should just return a null list and NS_OK in this case.)
if (!mEnterpriseRoots) {
*enterpriseRoots = nullptr;
return NS_OK;
@ -1003,9 +998,6 @@ private:
LoadLoadableRootsTask::~LoadLoadableRootsTask()
{
if (isAlreadyShutDown()) {
return;
}
shutdown(ShutdownCalledFrom::Object);
}
@ -1027,10 +1019,6 @@ LoadLoadableRootsTask::Dispatch()
NS_IMETHODIMP
LoadLoadableRootsTask::Run()
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
nsresult rv = LoadLoadableRoots();
if (NS_FAILED(rv)) {
MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("LoadLoadableRoots failed"));

17
security/manager/ssl/nsNSSIOLayer.cpp
View File

@ -358,10 +358,6 @@ nsNSSSocketInfo::GetAlpnEarlySelection(nsACString& aAlpnSelected)
{
aAlpnSelected.Truncate();
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
SSLPreliminaryChannelInfo info;
SECStatus rv = SSL_GetPreliminaryChannelInfo(mFd, &info, sizeof(info));
if (rv != SECSuccess || !info.canSendEarlyData) {
@ -402,9 +398,6 @@ nsNSSSocketInfo::SetEarlyDataAccepted(bool aAccepted)
NS_IMETHODIMP
nsNSSSocketInfo::DriveHandshake()
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
if (!mFd) {
return NS_ERROR_FAILURE;
}
@ -584,8 +577,6 @@ nsNSSSocketInfo::StartTLS()
NS_IMETHODIMP
nsNSSSocketInfo::SetNPNList(nsTArray<nsCString>& protocolArray)
{
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
if (!mFd)
return NS_ERROR_FAILURE;
@ -613,9 +604,6 @@ nsNSSSocketInfo::SetNPNList(nsTArray<nsCString>& protocolArray)
nsresult
nsNSSSocketInfo::ActivateSSL()
{
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
if (SECSuccess != SSL_OptionSet(mFd, SSL_SECURITY, true))
return NS_ERROR_FAILURE;
if (SECSuccess != SSL_ResetHandshake(mFd, false))
@ -757,11 +745,6 @@ getSocketInfoIfRunning(PRFileDesc* fd, Operation op)
nsNSSSocketInfo* socketInfo = (nsNSSSocketInfo*) fd->secret;
if (socketInfo->isAlreadyShutDown()) {
PR_SetError(PR_SOCKET_SHUTDOWN_ERROR, 0);
return nullptr;
}
if (socketInfo->GetErrorCode()) {
PRErrorCode err = socketInfo->GetErrorCode();
PR_SetError(err, 0);

2
security/manager/ssl/nsNSSShutDown.h
View File

@ -24,8 +24,6 @@ public:
void shutdown(ShutdownCalledFrom) {}
bool isAlreadyShutDown() const { return false; }
protected:
virtual void virtualDestroyNSSReference() = 0;
};

64
security/manager/ssl/nsPK11TokenDB.cpp
View File

@ -26,10 +26,6 @@ nsPK11Token::nsPK11Token(PK11SlotInfo* slot)
: mUIContext(new PipUIContext())
{
MOZ_ASSERT(slot);
if (isAlreadyShutDown())
return;
mSlot.reset(PK11_ReferenceSlot(slot));
mSeries = PK11_GetSlotSeries(slot);
@ -84,9 +80,6 @@ nsPK11Token::refreshTokenInfo()
nsPK11Token::~nsPK11Token()
{
if (isAlreadyShutDown()) {
return;
}
destructorSafeDestroyNSSReference();
shutdown(ShutdownCalledFrom::Object);
}
@ -107,10 +100,6 @@ nsresult
nsPK11Token::GetAttributeHelper(const nsACString& attribute,
/*out*/ nsACString& xpcomOutParam)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
// Handle removals/insertions.
if (PK11_GetSlotSeries(mSlot.get()) != mSeries) {
nsresult rv = refreshTokenInfo();
@ -163,21 +152,13 @@ NS_IMETHODIMP
nsPK11Token::IsLoggedIn(bool* _retval)
{
NS_ENSURE_ARG_POINTER(_retval);
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
*_retval = PK11_IsLoggedIn(mSlot.get(), 0);
return NS_OK;
}
NS_IMETHODIMP
nsPK11Token::Login(bool force)
{
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
nsresult rv;
bool test;
rv = this->NeedsLogin(&test);
@ -195,9 +176,6 @@ nsPK11Token::Login(bool force)
NS_IMETHODIMP
nsPK11Token::LogoutSimple()
{
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
// PK11_Logout() can fail if the user wasn't logged in beforehand. We want
// this method to succeed even in this case, so we ignore the return value.
Unused << PK11_Logout(mSlot.get());
@ -224,9 +202,6 @@ nsPK11Token::LogoutAndDropAuthenticatedResources()
NS_IMETHODIMP
nsPK11Token::Reset()
{
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
return MapSECStatus(PK11_ResetToken(mSlot.get(), nullptr));
}
@ -234,10 +209,6 @@ NS_IMETHODIMP
nsPK11Token::GetNeedsUserInit(bool* aNeedsUserInit)
{
NS_ENSURE_ARG_POINTER(aNeedsUserInit);
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
*aNeedsUserInit = PK11_NeedUserInit(mSlot.get());
return NS_OK;
}
@ -246,10 +217,6 @@ NS_IMETHODIMP
nsPK11Token::CheckPassword(const nsACString& password, bool* _retval)
{
NS_ENSURE_ARG_POINTER(_retval);
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
SECStatus srv =
PK11_CheckUserPassword(mSlot.get(), PromiseFlatCString(password).get());
if (srv != SECSuccess) {
@ -268,10 +235,6 @@ nsPK11Token::CheckPassword(const nsACString& password, bool* _retval)
NS_IMETHODIMP
nsPK11Token::InitPassword(const nsACString& initialPassword)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
const nsCString& passwordCStr = PromiseFlatCString(initialPassword);
// PSM initializes the sqlite-backed softoken with an empty password. The
// implementation considers this not to be a password (GetHasPassword returns
@ -292,9 +255,6 @@ NS_IMETHODIMP
nsPK11Token::ChangePassword(const nsACString& oldPassword,
const nsACString& newPassword)
{
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
// PK11_ChangePW() has different semantics for the empty string and for
// nullptr. In order to support this difference, we need to check IsVoid() to
// find out if our caller supplied null/undefined args or just empty strings.
@ -309,11 +269,6 @@ NS_IMETHODIMP
nsPK11Token::GetHasPassword(bool* hasPassword)
{
NS_ENSURE_ARG_POINTER(hasPassword);
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
// PK11_NeedLogin returns true if the token is currently configured to require
// the user to log in (whether or not the user is actually logged in makes no
// difference).
@ -325,12 +280,7 @@ NS_IMETHODIMP
nsPK11Token::NeedsLogin(bool* _retval)
{
NS_ENSURE_ARG_POINTER(_retval);
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
*_retval = PK11_NeedLogin(mSlot.get());
return NS_OK;
}
@ -344,10 +294,6 @@ nsPK11TokenDB::nsPK11TokenDB()
nsPK11TokenDB::~nsPK11TokenDB()
{
if (isAlreadyShutDown()) {
return;
}
shutdown(ShutdownCalledFrom::Object);
}
@ -355,11 +301,6 @@ NS_IMETHODIMP
nsPK11TokenDB::GetInternalKeyToken(nsIPK11Token** _retval)
{
NS_ENSURE_ARG_POINTER(_retval);
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
if (!slot) {
return NS_ERROR_FAILURE;
@ -376,11 +317,6 @@ nsPK11TokenDB::FindTokenByName(const nsACString& tokenName,
/*out*/ nsIPK11Token** _retval)
{
NS_ENSURE_ARG_POINTER(_retval);
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
nsresult rv = BlockUntilLoadableRootsLoaded();
if (NS_FAILED(rv)) {
return rv;

44
security/manager/ssl/nsPKCS11Slot.cpp
View File

@ -26,10 +26,6 @@ NS_IMPL_ISUPPORTS(nsPKCS11Slot, nsIPKCS11Slot)
nsPKCS11Slot::nsPKCS11Slot(PK11SlotInfo* slot)
{
MOZ_ASSERT(slot);
if (isAlreadyShutDown())
return;
mSlot.reset(PK11_ReferenceSlot(slot));
mSeries = PK11_GetSlotSeries(slot);
Unused << refreshSlotInfo();
@ -75,9 +71,6 @@ nsPKCS11Slot::refreshSlotInfo()
nsPKCS11Slot::~nsPKCS11Slot()
{
if (isAlreadyShutDown()) {
return;
}
destructorSafeDestroyNSSReference();
shutdown(ShutdownCalledFrom::Object);
}
@ -98,10 +91,6 @@ nsresult
nsPKCS11Slot::GetAttributeHelper(const nsACString& attribute,
/*out*/ nsACString& xpcomOutParam)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
if (PK11_GetSlotSeries(mSlot.get()) != mSeries) {
nsresult rv = refreshSlotInfo();
if (NS_FAILED(rv)) {
@ -116,9 +105,6 @@ nsPKCS11Slot::GetAttributeHelper(const nsACString& attribute,
NS_IMETHODIMP
nsPKCS11Slot::GetName(/*out*/ nsACString& name)
{
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
// |csn| is non-owning.
char* csn = PK11_GetSlotName(mSlot.get());
if (csn && *csn) {
@ -164,10 +150,6 @@ NS_IMETHODIMP
nsPKCS11Slot::GetToken(nsIPK11Token** _retval)
{
NS_ENSURE_ARG_POINTER(_retval);
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
nsCOMPtr<nsIPK11Token> token = new nsPK11Token(mSlot.get());
token.forget(_retval);
return NS_OK;
@ -176,9 +158,6 @@ nsPKCS11Slot::GetToken(nsIPK11Token** _retval)
NS_IMETHODIMP
nsPKCS11Slot::GetTokenName(/*out*/ nsACString& tokenName)
{
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
if (!PK11_IsPresent(mSlot.get())) {
tokenName.SetIsVoid(true);
return NS_OK;
@ -199,10 +178,6 @@ NS_IMETHODIMP
nsPKCS11Slot::GetStatus(uint32_t* _retval)
{
NS_ENSURE_ARG_POINTER(_retval);
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
if (PK11_IsDisabled(mSlot.get())) {
*_retval = SLOT_DISABLED;
} else if (!PK11_IsPresent(mSlot.get())) {
@ -225,18 +200,11 @@ NS_IMPL_ISUPPORTS(nsPKCS11Module, nsIPKCS11Module)
nsPKCS11Module::nsPKCS11Module(SECMODModule* module)
{
MOZ_ASSERT(module);
if (isAlreadyShutDown())
return;
mModule.reset(SECMOD_ReferenceModule(module));
}
nsPKCS11Module::~nsPKCS11Module()
{
if (isAlreadyShutDown()) {
return;
}
destructorSafeDestroyNSSReference();
shutdown(ShutdownCalledFrom::Object);
}
@ -256,9 +224,6 @@ nsPKCS11Module::destructorSafeDestroyNSSReference()
NS_IMETHODIMP
nsPKCS11Module::GetName(/*out*/ nsACString& name)
{
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
name = mModule->commonName;
return NS_OK;
}
@ -266,9 +231,6 @@ nsPKCS11Module::GetName(/*out*/ nsACString& name)
NS_IMETHODIMP
nsPKCS11Module::GetLibName(/*out*/ nsACString& libName)
{
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
if (mModule->dllName) {
libName = mModule->dllName;
} else {
@ -283,9 +245,6 @@ nsPKCS11Module::FindSlotByName(const nsACString& name,
{
NS_ENSURE_ARG_POINTER(_retval);
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
const nsCString& flatName = PromiseFlatCString(name);
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Getting \"%s\"", flatName.get()));
UniquePK11SlotInfo slotInfo;
@ -321,9 +280,6 @@ nsPKCS11Module::ListSlots(nsISimpleEnumerator** _retval)
{
NS_ENSURE_ARG_POINTER(_retval);
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
nsresult rv = CheckForSmartCardChanges();
if (NS_FAILED(rv)) {
return rv;

4
security/manager/ssl/nsPKCS12Blob.cpp
View File

@ -42,10 +42,6 @@ nsPKCS12Blob::nsPKCS12Blob()
// destructor
nsPKCS12Blob::~nsPKCS12Blob()
{
if (isAlreadyShutDown()) {
return;
}
shutdown(ShutdownCalledFrom::Object);
}

7
security/manager/ssl/nsRandomGenerator.cpp
View File

@ -19,10 +19,6 @@ nsRandomGenerator::GenerateRandomBytes(uint32_t aLength,
NS_ENSURE_ARG_POINTER(aBuffer);
*aBuffer = nullptr;
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
mozilla::UniquePK11SlotInfo slot(PK11_GetInternalSlot());
if (!slot) {
return NS_ERROR_FAILURE;
@ -46,8 +42,5 @@ nsRandomGenerator::GenerateRandomBytes(uint32_t aLength,
nsRandomGenerator::~nsRandomGenerator()
{
if (isAlreadyShutDown()) {
return;
}
shutdown(ShutdownCalledFrom::Object);
}

7
security/manager/ssl/nsSSLStatus.cpp
View File

@ -395,9 +395,6 @@ NS_IMPL_ISUPPORTS(nsSSLStatus, nsISSLStatus, nsISerializable, nsIClassInfo)
nsSSLStatus::~nsSSLStatus()
{
if (isAlreadyShutDown()) {
return;
}
shutdown(ShutdownCalledFrom::Object);
}
@ -414,10 +411,6 @@ nsSSLStatus::SetServerCert(nsNSSCertificate* aServerCert, EVStatus aEVStatus)
nsresult
nsSSLStatus::SetSucceededCertChain(UniqueCERTCertList aCertList)
{
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
// nsNSSCertList takes ownership of certList
mSucceededCertChain = new nsNSSCertList(Move(aCertList));

115
services/crypto/component/IdentityCryptoService.cpp
View File

@ -59,9 +59,6 @@ public:
private:
~KeyPair() override
{
if (isAlreadyShutDown()) {
return;
}
destructorSafeDestroyNSSReference();
shutdown(ShutdownCalledFrom::Object);
}
@ -100,9 +97,6 @@ public:
private:
~KeyGenRunnable() override
{
if (isAlreadyShutDown()) {
return;
}
destructorSafeDestroyNSSReference();
shutdown(ShutdownCalledFrom::Object);
}
@ -137,9 +131,6 @@ public:
private:
~SignRunnable() override
{
if (isAlreadyShutDown()) {
return;
}
destructorSafeDestroyNSSReference();
shutdown(ShutdownCalledFrom::Object);
}
@ -438,37 +429,33 @@ NS_IMETHODIMP
KeyGenRunnable::Run()
{
if (!NS_IsMainThread()) {
if (isAlreadyShutDown()) {
mRv = NS_ERROR_NOT_AVAILABLE;
// We always want to use the internal slot for BrowserID; in particular,
// we want to avoid smartcard slots.
PK11SlotInfo *slot = PK11_GetInternalSlot();
if (!slot) {
mRv = NS_ERROR_UNEXPECTED;
} else {
// We always want to use the internal slot for BrowserID; in particular,
// we want to avoid smartcard slots.
PK11SlotInfo *slot = PK11_GetInternalSlot();
if (!slot) {
mRv = NS_ERROR_UNEXPECTED;
} else {
SECKEYPrivateKey *privk = nullptr;
SECKEYPublicKey *pubk = nullptr;
SECKEYPrivateKey *privk = nullptr;
SECKEYPublicKey *pubk = nullptr;
switch (mKeyType) {
case rsaKey:
mRv = GenerateRSAKeyPair(slot, &privk, &pubk);
break;
case dsaKey:
mRv = GenerateDSAKeyPair(slot, &privk, &pubk);
break;
default:
MOZ_CRASH("unknown key type");
}
switch (mKeyType) {
case rsaKey:
mRv = GenerateRSAKeyPair(slot, &privk, &pubk);
break;
case dsaKey:
mRv = GenerateDSAKeyPair(slot, &privk, &pubk);
break;
default:
MOZ_CRASH("unknown key type");
}
PK11_FreeSlot(slot);
PK11_FreeSlot(slot);
if (NS_SUCCEEDED(mRv)) {
MOZ_ASSERT(privk);
MOZ_ASSERT(pubk);
// mKeyPair will take over ownership of privk and pubk
mKeyPair = new KeyPair(privk, pubk, mThread);
}
if (NS_SUCCEEDED(mRv)) {
MOZ_ASSERT(privk);
MOZ_ASSERT(pubk);
// mKeyPair will take over ownership of privk and pubk
mKeyPair = new KeyPair(privk, pubk, mThread);
}
}
@ -496,39 +483,35 @@ NS_IMETHODIMP
SignRunnable::Run()
{
if (!NS_IsMainThread()) {
if (isAlreadyShutDown()) {
mRv = NS_ERROR_NOT_AVAILABLE;
// We need the output in PKCS#11 format, not DER encoding, so we must use
// PK11_HashBuf and PK11_Sign instead of SEC_SignData.
SECItem sig = { siBuffer, nullptr, 0 };
int sigLength = PK11_SignatureLen(mPrivateKey);
if (sigLength <= 0) {
mRv = mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
} else if (!SECITEM_AllocItem(nullptr, &sig, sigLength)) {
mRv = mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
} else {
// We need the output in PKCS#11 format, not DER encoding, so we must use
// PK11_HashBuf and PK11_Sign instead of SEC_SignData.
uint8_t hash[32]; // big enough for SHA-1 or SHA-256
SECOidTag hashAlg = mPrivateKey->keyType == dsaKey ? SEC_OID_SHA1
: SEC_OID_SHA256;
SECItem hashItem = { siBuffer, hash,
hashAlg == SEC_OID_SHA1 ? 20u : 32u };
SECItem sig = { siBuffer, nullptr, 0 };
int sigLength = PK11_SignatureLen(mPrivateKey);
if (sigLength <= 0) {
mRv = mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
} else if (!SECITEM_AllocItem(nullptr, &sig, sigLength)) {
mRv = mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
} else {
uint8_t hash[32]; // big enough for SHA-1 or SHA-256
SECOidTag hashAlg = mPrivateKey->keyType == dsaKey ? SEC_OID_SHA1
: SEC_OID_SHA256;
SECItem hashItem = { siBuffer, hash,
hashAlg == SEC_OID_SHA1 ? 20u : 32u };
mRv = MapSECStatus(PK11_HashBuf(hashAlg, hash,
const_cast<uint8_t*>(reinterpret_cast<const uint8_t *>(
mTextToSign.get())),
mTextToSign.Length()));
if (NS_SUCCEEDED(mRv)) {
mRv = MapSECStatus(PK11_Sign(mPrivateKey, &sig, &hashItem));
}
if (NS_SUCCEEDED(mRv)) {
mRv = Base64URLEncode(sig.len, sig.data,
Base64URLEncodePaddingPolicy::Include,
mSignature);
}
SECITEM_FreeItem(&sig, false);
mRv = MapSECStatus(PK11_HashBuf(hashAlg, hash,
const_cast<uint8_t*>(reinterpret_cast<const uint8_t *>(
mTextToSign.get())),
mTextToSign.Length()));
if (NS_SUCCEEDED(mRv)) {
mRv = MapSECStatus(PK11_Sign(mPrivateKey, &sig, &hashItem));
}
if (NS_SUCCEEDED(mRv)) {
mRv = Base64URLEncode(sig.len, sig.data,
Base64URLEncodePaddingPolicy::Include,
mSignature);
}
SECITEM_FreeItem(&sig, false);
}
NS_DispatchToMainThread(this);