bug 1230377 - part 1/2: ensure nsKeyObject releases NSS resources on shutdown
--- a/security/manager/ssl/nsKeyModule.cpp
+++ b/security/manager/ssl/nsKeyModule.cpp
@@ -16,21 +16,32 @@ NS_IMPL_ISUPPORTS(nsKeyObject, nsIKeyObj
nsKeyObject::nsKeyObject()
: mKeyType(0), mSymKey(nullptr), mPrivateKey(nullptr),
mPublicKey(nullptr)
{
}
nsKeyObject::~nsKeyObject()
{
- CleanUp();
+ nsNSSShutDownPreventionLock locker;
+ if (isAlreadyShutDown()) {
+ return;
+ }
+ destructorSafeDestroyNSSReference();
+ shutdown(calledFromObject);
}
void
-nsKeyObject::CleanUp()
+nsKeyObject::virtualDestroyNSSReference()
+{
+ destructorSafeDestroyNSSReference();
+}
+
+void
+nsKeyObject::destructorSafeDestroyNSSReference()
{
switch (mKeyType) {
case nsIKeyObject::SYM_KEY:
PK11_FreeSymKey(mSymKey);
break;
case nsIKeyObject::PRIVATE_KEY:
PK11_DeleteTokenPrivateKey(mPrivateKey, true /* force */);
@@ -48,18 +59,23 @@ nsKeyObject::CleanUp()
}
//////////////////////////////////////////////////////////////////////////////
// nsIKeyObject
NS_IMETHODIMP
nsKeyObject::InitKey(int16_t aAlgorithm, void * aKey)
{
+ nsNSSShutDownPreventionLock locker;
+ if (isAlreadyShutDown()) {
+ return NS_ERROR_NOT_AVAILABLE;
+ }
+
// Clear previous key data if it exists
- CleanUp();
+ destructorSafeDestroyNSSReference();
switch (aAlgorithm) {
case nsIKeyObject::RC4:
case nsIKeyObject::HMAC:
mSymKey = reinterpret_cast<PK11SymKey*>(aKey);
if (!mSymKey) {
NS_ERROR("no symkey");
@@ -80,16 +96,21 @@ nsKeyObject::InitKey(int16_t aAlgorithm,
return NS_ERROR_FAILURE;
return NS_OK;
}
NS_IMETHODIMP
nsKeyObject::GetKeyObj(void * *_retval)
{
+ nsNSSShutDownPreventionLock locker;
+ if (isAlreadyShutDown()) {
+ return NS_ERROR_NOT_AVAILABLE;
+ }
+
if (mKeyType == 0)
return NS_ERROR_NOT_INITIALIZED;
switch (mKeyType) {
case nsIKeyObject::SYM_KEY:
*_retval = (void*)mSymKey;
break;
@@ -140,16 +161,21 @@ nsKeyObjectFactory::UnwrapKey(int16_t aA
{
return NS_ERROR_NOT_IMPLEMENTED;
}
NS_IMETHODIMP
nsKeyObjectFactory::KeyFromString(int16_t aAlgorithm, const nsACString & aKey,
nsIKeyObject **_retval)
{
+ nsNSSShutDownPreventionLock locker;
+ if (isAlreadyShutDown()) {
+ return NS_ERROR_NOT_AVAILABLE;
+ }
+
CK_MECHANISM_TYPE cipherMech;
CK_ATTRIBUTE_TYPE cipherOperation;
switch (aAlgorithm)
{
case nsIKeyObject::HMAC:
cipherMech = CKM_GENERIC_SECRET_KEY_GEN;
cipherOperation = CKA_SIGN;
break;
--- a/security/manager/ssl/nsKeyModule.h
+++ b/security/manager/ssl/nsKeyModule.h
@@ -1,31 +1,33 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef _NS_KEYMODULE_H_
#define _NS_KEYMODULE_H_
+#include "mozilla/Attributes.h"
#include "nsIKeyModule.h"
+#include "nsNSSShutDown.h"
#include "pk11pub.h"
-#include "mozilla/Attributes.h"
/* eae599aa-ecef-49c6-a8af-6ddcc6feb484 */
#define NS_KEYMODULEOBJECT_CID \
{ 0xeae599aa, 0xecef, 0x49c6, {0xa8, 0xaf, 0x6d, 0xdc, 0xc6, 0xfe, 0xb4, 0x84} }
#define NS_KEYMODULEOBJECT_CONTRACTID "@mozilla.org/security/keyobject;1"
/* a39e0e9d-e567-41e3-b12c-5df67f18174d */
#define NS_KEYMODULEOBJECTFACTORY_CID \
{ 0xa39e0e9d, 0xe567, 0x41e3, {0xb1, 0x2c, 0x5d, 0xf6, 0x7f, 0x18, 0x17, 0x4d} }
#define NS_KEYMODULEOBJECTFACTORY_CONTRACTID \
"@mozilla.org/security/keyobjectfactory;1"
class nsKeyObject final : public nsIKeyObject
+ , public nsNSSShutDownObject
{
public:
nsKeyObject();
NS_DECL_ISUPPORTS
NS_DECL_NSIKEYOBJECT
private:
@@ -37,29 +39,34 @@ private:
// 0 if not yet set, otherwise one of the nsIKeyObject::*KEY values
uint32_t mKeyType;
// A union of our possible key types
PK11SymKey* mSymKey;
SECKEYPrivateKey* mPrivateKey;
SECKEYPublicKey* mPublicKey;
- // Helper method to free memory used by keys.
- void CleanUp();
+
+ virtual void virtualDestroyNSSReference() override;
+ void destructorSafeDestroyNSSReference();
};
class nsKeyObjectFactory final : public nsIKeyObjectFactory
+ , public nsNSSShutDownObject
{
public:
nsKeyObjectFactory();
NS_DECL_THREADSAFE_ISUPPORTS
NS_DECL_NSIKEYOBJECTFACTORY
private:
~nsKeyObjectFactory() {}
// Disallow copy constructor
nsKeyObjectFactory(nsKeyObjectFactory&);
+
+ // No NSS resources to release.
+ virtual void virtualDestroyNSSReference() override {}
};
#endif // _NS_KEYMODULE_H_