net/third_party/nss/ssl/sslinfo.c - Issue 10454066: Move the core state machine of SSLClientSocketNSS into a thread-safe Core

Side by Side Diff: net/third_party/nss/ssl/sslinfo.c

Issue 10454066: Move the core state machine of SSLClientSocketNSS into a thread-safe Core (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 8 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 /* *** BEGIN LICENSE BLOCK ***	1 /* *** BEGIN LICENSE BLOCK ***

2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1	2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1

3 *	3 *

4 * The contents of this file are subject to the Mozilla Public License Version	4 * The contents of this file are subject to the Mozilla Public License Version

5 * 1.1 (the "License"); you may not use this file except in compliance with	5 * 1.1 (the "License"); you may not use this file except in compliance with

6 * the License. You may obtain a copy of the License at	6 * the License. You may obtain a copy of the License at

7 * http://www.mozilla.org/MPL/	7 * http://www.mozilla.org/MPL/

8 *	8 *

9 * Software distributed under the License is distributed on an "AS IS" basis,	9 * Software distributed under the License is distributed on an "AS IS" basis,

10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License	10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License

(...skipping 358 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
369 unsigned int valLen, i;	369 unsigned int valLen, i;

370 SECStatus rv = SECFailure;	370 SECStatus rv = SECFailure;

371	371

372 ss = ssl_FindSocket(fd);	372 ss = ssl_FindSocket(fd);

373 if (!ss) {	373 if (!ss) {

374 SSL_DBG(("%d: SSL[%d]: bad socket in ExportKeyingMaterial",	374 SSL_DBG(("%d: SSL[%d]: bad socket in ExportKeyingMaterial",

375 SSL_GETPID(), fd));	375 SSL_GETPID(), fd));

376 return SECFailure;	376 return SECFailure;

377 }	377 }

378	378

	379 ssl_GetRecvBufLock(ss);
	wtc 2012/05/30 22:54:29 The changes to this file should be moved to a sepa The changes to this file should be moved to a separate CL. Are you sure this function needs to get RecvBufLock? It doesn't read data from the transport. Ryan Sleevi 2012/05/30 23:20:10 No, this is important to avoiding the need to modi Show quoted text On 2012/05/30 22:54:29, wtc wrote: > > The changes to this file should be moved to a separate CL. No, this is important to avoiding the need to modify SSLClientSocketNSS::ExportKeyingMaterial. Show quoted text > > Are you sure this function needs to get RecvBufLock? > It doesn't read data from the transport. RecvBufLock is the only guard for ss->version, which is meant to be one of the 'atomic longs' but that is dependent on platform and thus not a safe assumption. SSL3HandshakeLock guards ss->ssl3 wtc 2012/05/31 01:23:42 I studied the functions in sslsecur.c as examples. Show quoted text On 2012/05/30 23:20:10, Ryan Sleevi wrote: > > RecvBufLock is the only guard for ss->version, which is meant to be one of the > 'atomic longs' but that is dependent on platform and thus not a safe assumption. I studied the functions in sslsecur.c as examples. They showed that ss->version seems to be protected by ssl_Get1stHandshakeLock rather than ssl_GetRecvBufLock. So I think we should use ssl_Get1stHandshakeLock instead. We need to add an NSS patch file for these changes. Ryan Sleevi 2012/05/31 01:31:14 1stHandshakeLock is itself guarded by RecvBufLock. Show quoted text On 2012/05/31 01:23:42, wtc wrote: > On 2012/05/30 23:20:10, Ryan Sleevi wrote: > > > > RecvBufLock is the only guard for ss->version, which is meant to be one of the > > 'atomic longs' but that is dependent on platform and thus not a safe > assumption. > > I studied the functions in sslsecur.c as examples. They > showed that ss->version seems to be protected by > ssl_Get1stHandshakeLock rather than ssl_GetRecvBufLock. > So I think we should use ssl_Get1stHandshakeLock instead. 1stHandshakeLock is itself guarded by RecvBufLock. I'll dig through the notes again, but there were writes to ss->version /before/ 1stHandshakeLock (in particular, renegotiation, IIRC), hence the broad lock. Show quoted text > > We need to add an NSS patch file for these changes. Agreed. Wanted to make the changes stick first. wtc 2012/06/01 01:02:38 1stHandshakeLock is broader than RecvBufLock. I f Show quoted text On 2012/05/31 01:31:14, Ryan Sleevi wrote: > > 1stHandshakeLock is itself guarded by RecvBufLock. I'll dig through the notes > again, but there were writes to ss->version /before/ 1stHandshakeLock (in > particular, renegotiation, IIRC), hence the broad lock. 1stHandshakeLock is broader than RecvBufLock. I found places where NSS reads or writes ss->version while holding only 1stHandshakeLock. The place where NSS writes ss->version while holding only 1stHandshakeLock is in ssl3_SendClientHello, when it copies the version from the SID structure. Unless we are modifying ss->version based on info just received from the peer, we don't need to hold RecvBufLock. Ryan Sleevi 2012/06/04 21:51:50 ssl3_SendClientHello expects HaveSSL3HandshakeLock Show quoted text On 2012/06/01 01:02:38, wtc wrote: > > On 2012/05/31 01:31:14, Ryan Sleevi wrote: > > > > 1stHandshakeLock is itself guarded by RecvBufLock. I'll dig through the notes > > again, but there were writes to ss->version /before/ 1stHandshakeLock (in > > particular, renegotiation, IIRC), hence the broad lock. > > 1stHandshakeLock is broader than RecvBufLock. > > I found places where NSS reads or writes ss->version > while holding only 1stHandshakeLock. The place where > NSS writes ss->version while holding only 1stHandshakeLock > is in ssl3_SendClientHello, when it copies the version from the > SID structure. > > Unless we are modifying ss->version based on info just > received from the peer, we don't need to hold RecvBufLock. ssl3_SendClientHello expects HaveSSL3HandshakeLock. http://mxr.mozilla.org/security/source/security/nss/lib/ssl/ssl3con.c?mark=39... ssl3_HandleV2ClientHello (really only for servers) is the one I was thinking of that didn't have it locked appropriately, because it originates in the SSL2 layer, and thus only has RecvBuf. Thus, I think this is the correct locking sequence, even though SSLServerSocketNSS has (not yet?) been ported to use a ref-counted core. wtc 2012/06/04 23:44:58 I am not suggesting that we remove the ssl_GetSSL3 I am not suggesting that we remove the ssl_GetSSL3HandshakeLock call. I am suggesting that we either remove the ssl_GetRecvBufLock call or replace the ssl_GetRecvBufLock call with a ssl_Get1stHandshakeLock call. The RecvBufLock has to be held during ssl3_HandleV2ClientHello because ssl3_HandleV2ClientHello is using data in ss->gs.buf to set ss->version. The RecvBufLock is used to protect ss->gs.buf, as documented in this comment: PZMonitor * recvBufLock; /* locks low level recv buffers. / All the ssl3_Handle<HandshakeMessate> functions need to hold the RecvBufLock for this reason. I think it is enough for SSL_ExportKeyingMaterial to hold just the SSL3HandshakeLock. Ryan Sleevi* 2012/06/05 00:01:59 Apologies, but I still don't understand why you're Show quoted text On 2012/06/04 23:44:58, wtc wrote: > > I am not suggesting that we remove the ssl_GetSSL3HandshakeLock > call. I am suggesting that we either remove the > ssl_GetRecvBufLock call or replace the ssl_GetRecvBufLock > call with a ssl_Get1stHandshakeLock call. > > The RecvBufLock has to be held during ssl3_HandleV2ClientHello > because ssl3_HandleV2ClientHello is using data in > ss->gs.buf to set ss->version. The RecvBufLock is > used to protect ss->gs.buf, as documented in this > comment: > > PZMonitor * recvBufLock; /* locks low level recv buffers. */ > > All the ssl3_Handle<HandshakeMessate> functions need to > hold the RecvBufLock for this reason. > > I think it is enough for SSL_ExportKeyingMaterial to > hold just the SSL3HandshakeLock. Apologies, but I still don't understand why you're suggesting this. SSL3HandshakeLock is too narrow by itself (doesn't cover the server case) 1stHandshakeLook is too narrow by itself (doesn't cover renegotiation handshakes) The only one that covers the entire state machine is RecvBufLock. As you note, /all/ ssl[23]_Handle<HandshakeMessage> functions need to hold this lock. The remaining locking is to ensure that the lock ordering (eg: must hold HS lock, must hold SpecReadLock) is respected, even though RecvBufLock should cover all of this.
	380 ssl_GetSSL3HandshakeLock(ss);

	381

379 if (ss->version < SSL_LIBRARY_VERSION_3_1_TLS) {	382 if (ss->version < SSL_LIBRARY_VERSION_3_1_TLS) {

380 PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION);	383 PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION);

	384 ssl_ReleaseSSL3HandshakeLock(ss);

	385 ssl_ReleaseRecvBufLock(ss);

381 return SECFailure;	386 return SECFailure;

382 }	387 }

383	388

384 /* construct PRF arguments */	389 /* construct PRF arguments */

385 valLen = SSL3_RANDOM_LENGTH * 2;	390 valLen = SSL3_RANDOM_LENGTH * 2;

386 if (hasContext) {	391 if (hasContext) {

387 valLen += 2 /* uint16 length */ + contextLen;	392 valLen += 2 /* uint16 length */ + contextLen;

388 }	393 }

389 val = PORT_Alloc(valLen);	394 val = PORT_Alloc(valLen);

390 if (!val) {	395 if (!val) {

	396 ssl_ReleaseSSL3HandshakeLock(ss);

	397 ssl_ReleaseRecvBufLock(ss);

391 return SECFailure;	398 return SECFailure;

392 }	399 }

393 i = 0;	400 i = 0;

	401

394 PORT_Memcpy(val + i, &ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH);	402 PORT_Memcpy(val + i, &ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH);

395 i += SSL3_RANDOM_LENGTH;	403 i += SSL3_RANDOM_LENGTH;

396 PORT_Memcpy(val + i, &ss->ssl3.hs.server_random.rand, SSL3_RANDOM_LENGTH);	404 PORT_Memcpy(val + i, &ss->ssl3.hs.server_random.rand, SSL3_RANDOM_LENGTH);

397 i += SSL3_RANDOM_LENGTH;	405 i += SSL3_RANDOM_LENGTH;

	406 ssl_ReleaseSSL3HandshakeLock(ss);
	wtc 2012/05/30 22:54:29 BUG: this function releases SSL3HandshakeLock twic BUG: this function releases SSL3HandshakeLock twice, here and on line 428. Ryan Sleevi 2012/05/30 23:20:10 Well spotted. Show quoted text On 2012/05/30 22:54:29, wtc wrote: > > BUG: this function releases SSL3HandshakeLock twice, here > and on line 428. Well spotted.
	407

398 if (hasContext) {	408 if (hasContext) {

399 val[i++] = contextLen >> 8;	409 val[i++] = contextLen >> 8;

400 val[i++] = contextLen;	410 val[i++] = contextLen;

401 PORT_Memcpy(val + i, context, contextLen);	411 PORT_Memcpy(val + i, context, contextLen);

402 i += contextLen;	412 i += contextLen;

403 }	413 }

404 PORT_Assert(i == valLen);	414 PORT_Assert(i == valLen);

405	415

406 /* Allow TLS keying material to be exported sooner, when the master	416 /* Allow TLS keying material to be exported sooner, when the master

407 * secret is available and we have sent ChangeCipherSpec.	417 * secret is available and we have sent ChangeCipherSpec.

408 */	418 */

409 ssl_GetSpecReadLock(ss);	419 ssl_GetSpecReadLock(ss);

410 if (!ss->ssl3.cwSpec->master_secret && !ss->ssl3.cwSpec->msItem.len) {	420 if (!ss->ssl3.cwSpec->master_secret && !ss->ssl3.cwSpec->msItem.len) {

411 PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);	421 PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);

412 rv = SECFailure;	422 rv = SECFailure;

413 } else {	423 } else {

414 rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.cwSpec, label, labelLen, val,	424 rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.cwSpec, label, labelLen, val,

415 valLen, out, outLen);	425 valLen, out, outLen);

416 }	426 }

417 ssl_ReleaseSpecReadLock(ss);	427 ssl_ReleaseSpecReadLock(ss);

	428 ssl_ReleaseSSL3HandshakeLock(ss);

	429 ssl_ReleaseRecvBufLock(ss);

418	430

419 PORT_ZFree(val, valLen);	431 PORT_ZFree(val, valLen);

420 return rv;	432 return rv;

421 }	433 }

OLD	NEW

« net/socket/ssl_client_socket_unittest.cc ('K') | « net/socket/ssl_client_socket_unittest.cc ('k') | no next file » | no next file with comments »