From d5914d43f9354b921205ae95af588f30fc09f8e8 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Mon, 1 Nov 2010 22:48:28 -0400 Subject: [PATCH 100/150] - load the pem slot as-needed --- src/plugins/preauth/pkinit/pkinit_crypto_nss.c | 50 ++++++++++++++++-------- 1 files changed, 33 insertions(+), 17 deletions(-) diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c index 53f96ca..6054125 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c @@ -625,14 +625,6 @@ pkinit_init_identity_crypto(pkinit_identity_crypto_context *id_cryptoctx) id->id_certs = CERT_NewCertList(); id->ca_certs = CERT_NewCertList(); if ((id->id_certs != NULL) && (id->ca_certs != NULL)) { - id->pem_module = SECMOD_LoadUserModule("library=libnsspem.so", - NULL, PR_FALSE); - if (id->pem_module == NULL) { - pkiDebug("%s: error loading libnsspem.so\n", - __FUNCTION__); - } else { - SECMOD_UpdateSlotList(id->pem_module); - } *id_cryptoctx = id; return 0; } @@ -1986,6 +1978,36 @@ crypto_load_pkcs11(krb5_context context, return status; } +static PK11SlotInfo * +crypto_get_pem_slot(struct _pkinit_identity_crypto_context *id) +{ + PK11SlotInfo *slot; + if (id->pem_module == NULL) { + id->pem_module = SECMOD_LoadUserModule("library=libnsspem.so", + NULL, PR_FALSE); + if (id->pem_module == NULL) { + pkiDebug("%s: error loading libnsspem.so\n", + __FUNCTION__); + } else { + SECMOD_UpdateSlotList(id->pem_module); + } + } + if (id->pem_module != NULL) { + if (id->pem_module->slotCount != 0) { + slot = id->pem_module->slots[0]; + } else { + slot = NULL; + } + if (slot == NULL) { + pkiDebug("%s: no slots in libnsspem.so?\n", + __FUNCTION__); + } + } else { + slot = NULL; + } + return slot; +} + static SECStatus crypto_load_pkcs12(krb5_context context, pkinit_plg_crypto_context plg_cryptoctx, @@ -1997,8 +2019,7 @@ crypto_load_pkcs12(krb5_context context, SEC_PKCS12DecoderContext *ctx; SECItem tmp, empty; - if ((id_cryptoctx->pem_module->slotCount == 0) || - ((slot = id_cryptoctx->pem_module->slots[0]) == NULL)) { + if ((slot = crypto_get_pem_slot(id_cryptoctx)) == NULL) { pkiDebug("%s: skipping identity PKCS12 bundle \"%s\": " "no slot found\n", __FUNCTION__, name); return SECFailure; @@ -2086,7 +2107,7 @@ crypto_load_files(krb5_context context, SECStatus status; int n_attrs, i, n_objs; - if (id_cryptoctx->pem_module == NULL) { + if ((slot = crypto_get_pem_slot(id_cryptoctx)) == NULL) { if (certfile != NULL) { pkiDebug("%s: nsspem module not loaded, " "not loading file \"%s\"\n", @@ -2107,11 +2128,6 @@ crypto_load_files(krb5_context context, if ((certfile == NULL) && (crlfile == NULL)) { return SECFailure; } - if ((id_cryptoctx->pem_module->slotCount == 0) || - ((slot = id_cryptoctx->pem_module->slots[0]) == NULL)) { - pkiDebug("%s: unable to find first slot\n", __FUNCTION__); - return SECFailure; - } status = SECSuccess; if (keyfile != NULL) { n_attrs = 0; @@ -2277,7 +2293,7 @@ crypto_load_dir(krb5_context context, const char *suffix = load_crl ? ".crl" : ".crt"; int i; - if (id_cryptoctx->pem_module == NULL) { + if (crypto_get_pem_slot(id_cryptoctx) == NULL) { pkiDebug("%s: nsspem module not loaded, " "not loading directory \"%s\"\n", __FUNCTION__, dirname); -- 1.7.6.4