| OLD | NEW |
|---|
| (Empty) | |
| 1 ***** BEGIN LICENSE BLOCK ***** |
| 2 Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| 3 |
| 4 The contents of this file are subject to the Mozilla Public License Version |
| 5 1.1 (the "License"); you may not use this file except in compliance with |
| 6 the License. You may obtain a copy of the License at |
| 7 http://www.mozilla.org/MPL/ |
| 8 |
| 9 Software distributed under the License is distributed on an "AS IS" basis, |
| 10 WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License |
| 11 for the specific language governing rights and limitations under the |
| 12 License. |
| 13 |
| 14 The Original Code is the Netscape security libraries. |
| 15 |
| 16 The Initial Developer of the Original Code is |
| 17 Netscape Communications Corporation. |
| 18 Portions created by the Initial Developer are Copyright (C) 1994-2000 |
| 19 the Initial Developer. All Rights Reserved. |
| 20 |
| 21 Contributor(s): |
| 22 |
| 23 Alternatively, the contents of this file may be used under the terms of |
| 24 either the GNU General Public License Version 2 or later (the "GPL"), or |
| 25 the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), |
| 26 in which case the provisions of the GPL or the LGPL are applicable instead |
| 27 of those above. If you wish to allow use of your version of this file only |
| 28 under the terms of either the GPL or the LGPL, and not to allow others to |
| 29 use your version of this file under the terms of the MPL, indicate your |
| 30 decision by deleting the provisions above and replace them with the notice |
| 31 and other provisions required by the GPL or the LGPL. If you do not delete |
| 32 the provisions above, a recipient may use your version of this file under |
| 33 the terms of any one of the MPL, the GPL or the LGPL. |
| 34 |
| 35 ***** END LICENSE BLOCK ***** |
| 36 |
| 37 SSL's Buffers: enumerated and explained. |
| 38 |
| 39 --------------------------------------------------------------------------- |
| 40 incoming: |
| 41 |
| 42 gs = ss->gather |
| 43 hs = ss->ssl3->hs |
| 44 |
| 45 gs->inbuf SSL3 only: incoming (encrypted) ssl records are placed here, |
| 46 and then decrypted (or copied) to gs->buf. |
| 47 |
| 48 gs->buf SSL2: incoming SSL records are put here, and then decrypted |
| 49 in place. |
| 50 SSL3: ssl3_HandleHandshake puts decrypted ssl records here. |
| 51 |
| 52 hs.msg_body (SSL3 only) When an incoming handshake message spans more |
| 53 than one ssl record, the first part(s) of it are accumulated |
| 54 here until it all arrives. |
| 55 |
| 56 hs.msgState (SSL3 only) an alternative set of pointers/lengths for gs->buf. |
| 57 Used only when a handleHandshake function returns SECWouldBlock. |
| 58 ssl3_HandleHandshake remembers how far it previously got by |
| 59 using these pointers instead of gs->buf when it is called |
| 60 after a previous SECWouldBlock return. |
| 61 |
| 62 --------------------------------------------------------------------------- |
| 63 outgoing: |
| 64 |
| 65 sec = ss->sec |
| 66 ci = ss->sec->ci /* connect info */ |
| 67 |
| 68 ci->sendBuf Outgoing handshake messages are appended to this buffer. |
| 69 This buffer will then be sent as a single SSL record. |
| 70 |
| 71 sec->writeBuf outgoing ssl records are constructed here and encrypted in |
| 72 place before being written or copied to pendingBuf. |
| 73 |
| 74 ss->pendingBuf contains outgoing ciphertext that was saved after a write |
| 75 attempt to the socket failed, e.g. EWouldBlock. |
| 76 Generally empty with blocking sockets (should be no incomplete |
| 77 writes). |
| 78 |
| 79 ss->saveBuf Used only by socks code. Intended to be used to buffer |
| 80 outgoing data until a socks handshake completes. However, |
| 81 this buffer is always empty. There is no code to put |
| 82 anything into it. |
| 83 |
| 84 --------------------------------------------------------------------------- |
| 85 |
| 86 SECWouldBlock means that the function cannot make progress because it is |
| 87 waiting for some event OTHER THAN socket I/O completion (e.g. waiting for |
| 88 user dialog to finish). It is not the same as EWOULDBLOCK. |
| 89 |
| 90 --------------------------------------------------------------------------- |
| 91 |
| 92 Rank (order) of locks |
| 93 |
| 94 [ReadLock ->]\ [firstHandshake ->] [ssl3Handshake ->] recvbuf \ -> "spec" |
| 95 [WriteLock->]/ xmitbuf / |
| 96 |
| 97 crypto and hash Data that must be protected while turning plaintext into |
| 98 ciphertext: |
| 99 |
| 100 SSL2: (in ssl2_Send*) |
| 101 sec->hash* |
| 102 sec->hashcx (ptr and data) |
| 103 sec->enc |
| 104 sec->writecx* (ptr and content) |
| 105 sec->sendSecret*(ptr and content) |
| 106 sec->sendSequence locked by xmitBufLock |
| 107 sec->blockSize |
| 108 sec->writeBuf* (ptr & content) locked by xmitBufLock |
| 109 "in" locked by xmitBufLock |
| 110 |
| 111 SSl3: (in ssl3_SendPlainText) |
| 112 ss->ssl3 (the pointer) |
| 113 ss->ssl3->current_write* (the pointer and the data in the spec |
| 114 and any data referenced by the spec. |
| 115 |
| 116 ss->sec->isServer |
| 117 ss->sec->writebuf* (ptr & content) locked by xmitBufLock |
| 118 "buf" locked by xmitBufLock |
| 119 |
| 120 crypto and hash data that must be protected while turning ciphertext into |
| 121 plaintext: |
| 122 |
| 123 SSL2: (in ssl2_GatherData) |
| 124 gs->* (locked by recvBufLock ) |
| 125 sec->dec |
| 126 sec->readcx |
| 127 sec->hash* (ptr and data) |
| 128 sec->hashcx (ptr and data) |
| 129 |
| 130 SSL3: (in ssl3_HandleRecord ) |
| 131 ssl3->current_read* (the pointer and all data refernced) |
| 132 ss->sec->isServer |
| 133 |
| 134 |
| 135 Data that must be protected while being used by a "writer": |
| 136 |
| 137 ss->pendingBuf.* |
| 138 ss->saveBuf.* (which is dead) |
| 139 |
| 140 in ssl3_sendPlainText |
| 141 |
| 142 ss->ssl3->current_write-> (spec) |
| 143 ss->sec->writeBuf.* |
| 144 ss->sec->isServer |
| 145 |
| 146 in SendBlock |
| 147 |
| 148 ss->sec->hash->length |
| 149 ss->sec->blockSize |
| 150 ss->sec->writeBuf.* |
| 151 ss->sec->sendSecret |
| 152 ss->sec->sendSequence |
| 153 ss->sec->writecx * |
| 154 ss->pendingBuf |
| 155 |
| 156 -------------------------------------------------------------------------- |
| 157 |
| 158 Data variables (not const) protected by the "sslGlobalDataLock". |
| 159 Note, this really should be a reader/writer lock. |
| 160 |
| 161 allowedByPolicy sslcon.c |
| 162 maybeAllowedByPolicy sslcon.c |
| 163 chosenPreference sslcon.c |
| 164 policyWasSet sslcon.c |
| 165 |
| 166 cipherSuites[] ssl3con.c |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 394003:
Linux: enable building with a local version of libssl. (Closed)
