Update prefork and postfork NSS code for unit tests.

src/ext/tinytest.c

@@ -120,8 +120,10 @@ testcase_run_bare_(const struct testcase_t *testcase)
 #ifndef NO_FORKING
 
 #ifdef TINYTEST_POSTFORK
+void tinytest_prefork(void);
 void tinytest_postfork(void);
 #else
+static void tinytest_prefork(void) { }
 static void tinytest_postfork(void) { }
 #endif
 
@@ -185,16 +187,17 @@ testcase_run_forked_(const struct testgroup_t *group,
 
 	if (opt_verbosity>0)
 		printf("[forking] ");
+	tinytest_prefork();
 	pid = fork();
 #ifdef FORK_BREAKS_GCOV
 	vproc_transaction_begin(0);
 #endif
+	tinytest_postfork();
 	if (!pid) {
 		/* child. */
 		int test_r, write_r;
 		char b[1];
 		close(outcome_pipe[0]);
-		tinytest_postfork();
 		test_r = testcase_run_bare_(testcase);
 		assert(0<=(int)test_r && (int)test_r<=2);
 		b[0] = "NYS"[test_r];

src/lib/crypt_ops/crypto_init.c

@@ -58,7 +58,7 @@ crypto_early_init(void)
     crypto_openssl_early_init();
 #endif
 #ifdef ENABLE_NSS
-    crypto_nss_early_init();
+    crypto_nss_early_init(0);
 #endif
 
     if (crypto_seed_rng() < 0)
@@ -134,6 +134,16 @@ crypto_global_cleanup(void)
   return 0;
 }
 
+/** Run operations that the crypto library requires to be happy again
+ * after forking. */
+void
+crypto_prefork(void)
+{
+#ifdef ENABLE_NSS
+  crypto_nss_prefork();
+#endif
+}
+
 /** Run operations that the crypto library requires to be happy again
  * after forking. */
 void

src/lib/crypt_ops/crypto_init.h

@@ -24,6 +24,7 @@ int crypto_global_init(int hardwareAccel,
 
 void crypto_thread_cleanup(void);
 int crypto_global_cleanup(void);
+void crypto_prefork(void);
 void crypto_postfork(void);
 
 const char *crypto_get_library_name(void);

src/lib/crypt_ops/crypto_nss_mgt.c

@@ -50,10 +50,12 @@ nss_password_func_always_fail(PK11SlotInfo *slot,
 }
 
 void
-crypto_nss_early_init(void)
+crypto_nss_early_init(int nss_only)
 {
-  PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
-  PK11_SetPasswordFunc(nss_password_func_always_fail);
+  if (! nss_only) {
+    PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
+    PK11_SetPasswordFunc(nss_password_func_always_fail);
+  }
 
   /* Eventually we should use NSS_Init() instead -- but that wants a
      directory. The documentation says that we can't use this if we want
@@ -111,6 +113,14 @@ crypto_nss_late_init(void)
 
 void
 crypto_nss_global_cleanup(void)
+{
+  NSS_Shutdown();
+  PL_ArenaFinish();
+  PR_Cleanup();
+}
+
+void
+crypto_nss_prefork(void)
 {
   NSS_Shutdown();
 }
@@ -118,6 +128,5 @@ crypto_nss_global_cleanup(void)
 void
 crypto_nss_postfork(void)
 {
-  crypto_nss_global_cleanup();
-  crypto_nss_early_init();
+  crypto_nss_early_init(1);
 }

src/lib/crypt_ops/crypto_nss_mgt.h

@@ -22,11 +22,12 @@ const char *crypto_nss_get_header_version_str(void);
 
 void crypto_nss_log_errors(int severity, const char *doing);
 
-void crypto_nss_early_init(void);
+void crypto_nss_early_init(int nss_only);
 int crypto_nss_late_init(void);
 
 void crypto_nss_global_cleanup(void);
 
+void crypto_nss_prefork(void);
 void crypto_nss_postfork(void);
 #endif
 

src/test/testing_common.c

@@ -223,11 +223,17 @@ an_assertion_failed(void)
   tinytest_set_test_failed_();
 }
 
+void tinytest_prefork(void);
 void tinytest_postfork(void);
 void
-tinytest_postfork(void)
+tinytest_prefork(void)
 {
   free_pregenerated_keys();
+  crypto_prefork();
+}
+void
+tinytest_postfork(void)
+{
   crypto_postfork();
   init_pregenerated_keys();
 }