Update net/third_party/nss to NSS 3.15.4.

net/third_party/nss/ssl/sslnonce.c

 /* 
  * This file implements the CLIENT Session ID cache.  
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "cert.h"
 #include "pk11pub.h"
 #include "secitem.h"
@@ skipping 105 matching lines @@
     SSL_TRC(8, ("SSL: destroy sid: sid=0x%x cached=%d", sid, sid->cached));
     PORT_Assert((sid->references == 0));
 
     if (sid->cached == in_client_cache)
         return; /* it will get taken care of next time cache is traversed. */
 
     if (sid->version < SSL_LIBRARY_VERSION_3_0) {
         SECITEM_ZfreeItem(&sid->u.ssl2.masterKey, PR_FALSE);
         SECITEM_ZfreeItem(&sid->u.ssl2.cipherArg, PR_FALSE);
     } else {
-        if (sid->u.ssl3.sessionTicket.ticket.data) {
-            SECITEM_FreeItem(&sid->u.ssl3.sessionTicket.ticket, PR_FALSE);
-        }
-        if (sid->u.ssl3.srvName.data) {
-            SECITEM_FreeItem(&sid->u.ssl3.srvName, PR_FALSE);
-        }
-        if (sid->u.ssl3.signedCertTimestamps.data) {
-            SECITEM_FreeItem(&sid->u.ssl3.signedCertTimestamps, PR_FALSE);
-        }
-        if (sid->u.ssl3.originalHandshakeHash.data) {
-          SECITEM_FreeItem(&sid->u.ssl3.originalHandshakeHash, PR_FALSE);
-        }
+        if (sid->u.ssl3.locked.sessionTicket.ticket.data) {
+            SECITEM_FreeItem(&sid->u.ssl3.locked.sessionTicket.ticket,
+                             PR_FALSE);
+        }
+        if (sid->u.ssl3.srvName.data) {
+            SECITEM_FreeItem(&sid->u.ssl3.srvName, PR_FALSE);
+        }
+        if (sid->u.ssl3.originalHandshakeHash.data) {
+            SECITEM_FreeItem(&sid->u.ssl3.originalHandshakeHash, PR_FALSE);
+        }
+        if (sid->u.ssl3.signedCertTimestamps.data) {
+            SECITEM_FreeItem(&sid->u.ssl3.signedCertTimestamps, PR_FALSE);
+        }
+
+        if (sid->u.ssl3.lock) {
+            PR_DestroyRWLock(sid->u.ssl3.lock);
+        }
     }
 
     if (sid->peerID != NULL)
         PORT_Free((void *)sid->peerID);         /* CONST */
 
     if (sid->urlSvrName != NULL)
         PORT_Free((void *)sid->urlSvrName);     /* CONST */
 
     if ( sid->peerCert ) {
         CERT_DestroyCertificate(sid->peerCert);
     }
     for (i = 0; i < MAX_PEER_CERT_CHAIN_SIZE && sid->peerCertChain[i]; i++) {
         CERT_DestroyCertificate(sid->peerCertChain[i]);
     }
     if (sid->peerCertStatus.items) {
         SECITEM_FreeArray(&sid->peerCertStatus, PR_FALSE);
     }
 
     if ( sid->localCert ) {
         CERT_DestroyCertificate(sid->localCert);
     }
-
+    
     PORT_ZFree(sid, sizeof(sslSessionID));
 }
 
 /* BEWARE: This function gets called for both client and server SIDs !!
  * Decrement reference count, and 
  *    free sid if ref count is zero, and sid is not in the cache. 
  * Does NOT remove from the cache first.  
  * If the sid is still in the cache, it is left there until next time
  * the cache list is traversed.
  */
@@ skipping 90 matching lines @@
 }
 
 /*
 ** Add an sid to the cache or return a previously cached entry to the cache.
 ** Although this is static, it is called via ss->sec.cache().
 */
 static void 
 CacheSID(sslSessionID *sid)
 {
     PRUint32  expirationPeriod;
+
+    PORT_Assert(sid->cached == never_cached);
+
     SSL_TRC(8, ("SSL: Cache: sid=0x%x cached=%d addr=0x%08x%08x%08x%08x port=0x%04x "
                 "time=%x cached=%d",
                 sid, sid->cached, sid->addr.pr_s6_addr32[0], 
                 sid->addr.pr_s6_addr32[1], sid->addr.pr_s6_addr32[2],
                 sid->addr.pr_s6_addr32[3],  sid->port, sid->creationTime,
                 sid->cached));
 
-    if (sid->cached == in_client_cache)
-        return;
-
     if (!sid->urlSvrName) {
         /* don't cache this SID because it can never be matched */
         return;
     }
 
     /* XXX should be different trace for version 2 vs. version 3 */
     if (sid->version < SSL_LIBRARY_VERSION_3_0) {
         expirationPeriod = ssl_sid_timeout;
         PRINT_BUF(8, (0, "sessionID:",
                   sid->u.ssl2.sessionID, sizeof(sid->u.ssl2.sessionID)));
         PRINT_BUF(8, (0, "masterKey:",
                   sid->u.ssl2.masterKey.data, sid->u.ssl2.masterKey.len));
         PRINT_BUF(8, (0, "cipherArg:",
                   sid->u.ssl2.cipherArg.data, sid->u.ssl2.cipherArg.len));
     } else {
         if (sid->u.ssl3.sessionIDLength == 0 &&
-            sid->u.ssl3.sessionTicket.ticket.data == NULL)
+            sid->u.ssl3.locked.sessionTicket.ticket.data == NULL)
             return;
+
         /* Client generates the SessionID if this was a stateless resume. */
         if (sid->u.ssl3.sessionIDLength == 0) {
             SECStatus rv;
             rv = PK11_GenerateRandom(sid->u.ssl3.sessionID,
                 SSL3_SESSIONID_BYTES);
             if (rv != SECSuccess)
                 return;
             sid->u.ssl3.sessionIDLength = SSL3_SESSIONID_BYTES;
         }
         expirationPeriod = ssl3_sid_timeout;
         PRINT_BUF(8, (0, "sessionID:",
                       sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength));
+
+        sid->u.ssl3.lock = PR_NewRWLock(PR_RWLOCK_RANK_NONE, NULL);
+        if (!sid->u.ssl3.lock) {
+            return;
+        }
     }
     PORT_Assert(sid->creationTime != 0 && sid->expirationTime != 0);
     if (!sid->creationTime)
         sid->lastAccessTime = sid->creationTime = ssl_Time();
     if (!sid->expirationTime)
         sid->expirationTime = sid->creationTime + expirationPeriod;
 
     /*
      * Put sid into the cache.  Bump reference count to indicate that
      * cache is holding a reference. Uncache will reduce the cache
@@ skipping 103 matching lines @@
     PRInt64 ll;
 
     now = PR_Now();
     LL_I2L(ll, 1000000L);
     LL_DIV(now, now, ll);
     LL_L2UI(myTime, now);
 #endif
     return myTime;
 }
 
-SECStatus
-ssl3_SetSIDSessionTicket(sslSessionID *sid, NewSessionTicket *session_ticket)
+void
+ssl3_SetSIDSessionTicket(sslSessionID *sid,
+                         /*in/out*/ NewSessionTicket *newSessionTicket)
 {
-    SECStatus rv;
+    PORT_Assert(sid);
+    PORT_Assert(newSessionTicket);
 
-    /* We need to lock the cache, as this sid might already be in the cache. */
-    LOCK_CACHE;
+    /* if sid->u.ssl3.lock, we are updating an existing entry that is already
+     * cached or was once cached, so we need to acquire and release the write
+     * lock. Otherwise, this is a new session that isn't shared with anything
+     * yet, so no locking is needed.
+     */
+    if (sid->u.ssl3.lock) {
+        PR_RWLock_Wlock(sid->u.ssl3.lock);
 
-    /* Don't modify sid if it has ever been cached. */
-    if (sid->cached != never_cached) {
-        UNLOCK_CACHE;
-        return SECSuccess;
+        /* A server might have sent us an empty ticket, which has the
+         * effect of clearing the previously known ticket.
+         */
+        if (sid->u.ssl3.locked.sessionTicket.ticket.data) {
+            SECITEM_FreeItem(&sid->u.ssl3.locked.sessionTicket.ticket,
+                             PR_FALSE);
+        }
     }
 
-    /* A server might have sent us an empty ticket, which has the
-     * effect of clearing the previously known ticket.
-     */
-    if (sid->u.ssl3.sessionTicket.ticket.data)
-        SECITEM_FreeItem(&sid->u.ssl3.sessionTicket.ticket, PR_FALSE);
-    if (session_ticket->ticket.len > 0) {
-        rv = SECITEM_CopyItem(NULL, &sid->u.ssl3.sessionTicket.ticket,
-            &session_ticket->ticket);
-        if (rv != SECSuccess) {
-            UNLOCK_CACHE;
-            return rv;
-        }
-    } else {
-        sid->u.ssl3.sessionTicket.ticket.data = NULL;
-        sid->u.ssl3.sessionTicket.ticket.len = 0;
+    PORT_Assert(!sid->u.ssl3.locked.sessionTicket.ticket.data);
+
+    /* Do a shallow copy, moving the ticket data. */
+    sid->u.ssl3.locked.sessionTicket = *newSessionTicket;
+    newSessionTicket->ticket.data = NULL;
+    newSessionTicket->ticket.len = 0;
+
+    if (sid->u.ssl3.lock) {
+        PR_RWLock_Unlock(sid->u.ssl3.lock);
     }
-    sid->u.ssl3.sessionTicket.received_timestamp =
-        session_ticket->received_timestamp;
-    sid->u.ssl3.sessionTicket.ticket_lifetime_hint =
-        session_ticket->ticket_lifetime_hint;
-
-    UNLOCK_CACHE;
-    return SECSuccess;
 }