summaryrefslogtreecommitdiffstats
path: root/src/lib/crypto/nss
diff options
context:
space:
mode:
authorGreg Hudson <ghudson@mit.edu>2010-10-23 00:38:17 +0000
committerGreg Hudson <ghudson@mit.edu>2010-10-23 00:38:17 +0000
commit03a197a41f4f8d2cd2ec5da3892a006bd1b0d265 (patch)
tree95ab31fa0759cfaf7cae4788c0f7477e771311e1 /src/lib/crypto/nss
parentf6fe2be37c17c7cabb61af0f3e676dcecea8f5a8 (diff)
downloadkrb5-03a197a41f4f8d2cd2ec5da3892a006bd1b0d265.tar.gz
krb5-03a197a41f4f8d2cd2ec5da3892a006bd1b0d265.tar.xz
krb5-03a197a41f4f8d2cd2ec5da3892a006bd1b0d265.zip
Better libk5crypto NSS fork safety
Use SECMOD_RestartModules() from the forthcoming NSS 3.12.9 release to make the libk5crypto back end work after a fork. Add a test program to exercise fork detection in the NSS back end. Add a configure-time version check to ensure that we're using NSS 3.12.9 or later. ticket: 6810 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24470 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/crypto/nss')
-rw-r--r--src/lib/crypto/nss/enc_provider/enc_gen.c10
1 files changed, 6 insertions, 4 deletions
diff --git a/src/lib/crypto/nss/enc_provider/enc_gen.c b/src/lib/crypto/nss/enc_provider/enc_gen.c
index 3edf3fc72..6bdf1d0f9 100644
--- a/src/lib/crypto/nss/enc_provider/enc_gen.c
+++ b/src/lib/crypto/nss/enc_provider/enc_gen.c
@@ -39,6 +39,7 @@
#include "rand2key.h"
#include "aead.h"
#include "seccomon.h"
+#include "secmod.h"
#include "pk11pub.h"
#include "nss.h"
@@ -111,14 +112,15 @@ k5_nss_init(void)
/* Do nothing if the existing context is still good. */
if (k5_nss_pid == pid)
goto cleanup;
-
- /* We've forked since the last init, and need to reinitialize. */
- rv = NSS_ShutdownContext(k5_nss_ctx);
- k5_nss_ctx = NULL;
+ /* The caller has forked. Restart the NSS modules. This will
+ * invalidate all of our PKCS11 handles, which we're prepared for. */
+ rv = SECMOD_RestartModules(TRUE);
if (rv != SECSuccess) {
ret = k5_nss_map_last_error();
goto cleanup;
}
+ k5_nss_pid = pid;
+ goto cleanup;
}
k5_nss_ctx = NSS_InitContext(NSS_KRB5_CONFIGDIR, "", "", "", NULL, flags);
if (k5_nss_ctx == NULL) {
generated by cgit (git 2.34.1) at 2026-01-07 08:49:27 +0000