| OLD | NEW |
|---|
| 1 /* This file implements the SERVER Session ID cache. | 1 /* This file implements the SERVER Session ID cache. |
| 2 * NOTE: The contents of this file are NOT used by the client. | 2 * NOTE: The contents of this file are NOT used by the client. |
| 3 * | 3 * |
| 4 * This Source Code Form is subject to the terms of the Mozilla Public | 4 * This Source Code Form is subject to the terms of the Mozilla Public |
| 5 * License, v. 2.0. If a copy of the MPL was not distributed with this | 5 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 7 | 7 |
| 8 /* Note: ssl_FreeSID() in sslnonce.c gets used for both client and server | 8 /* Note: ssl_FreeSID() in sslnonce.c gets used for both client and server |
| 9 * cache sids! | 9 * cache sids! |
| 10 * | 10 * |
| (...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 113 /* 1 */ PRUint8 masterKeyLen; | 113 /* 1 */ PRUint8 masterKeyLen; |
| 114 /* 1 */ PRUint8 keyBits; | 114 /* 1 */ PRUint8 keyBits; |
| 115 /* 1 */ PRUint8 secretKeyBits; | 115 /* 1 */ PRUint8 secretKeyBits; |
| 116 /* 1 */ PRUint8 cipherArgLen; | 116 /* 1 */ PRUint8 cipherArgLen; |
| 117 /*101 */} ssl2; | 117 /*101 */} ssl2; |
| 118 | 118 |
| 119 struct { | 119 struct { |
| 120 /* 2 */ ssl3CipherSuite cipherSuite; | 120 /* 2 */ ssl3CipherSuite cipherSuite; |
| 121 /* 2 */ PRUint16 compression; /* SSLCompressionMethod */ | 121 /* 2 */ PRUint16 compression; /* SSLCompressionMethod */ |
| 122 | 122 |
| 123 /* 52 */ ssl3SidKeys keys;» /* keys, wrapped as needed. */ | 123 /* 54 */ ssl3SidKeys keys;» /* keys, wrapped as needed. */ |
| 124 | 124 |
| 125 /* 4 */ PRUint32 masterWrapMech; | 125 /* 4 */ PRUint32 masterWrapMech; |
| 126 /* 4 */ SSL3KEAType exchKeyType; | 126 /* 4 */ SSL3KEAType exchKeyType; |
| 127 /* 4 */ PRInt32 certIndex; | 127 /* 4 */ PRInt32 certIndex; |
| 128 /* 4 */ PRInt32 srvNameIndex; | 128 /* 4 */ PRInt32 srvNameIndex; |
| 129 /* 32 */ PRUint8 srvNameHash[SHA256_LENGTH]; /* SHA256 name hash */ | 129 /* 32 */ PRUint8 srvNameHash[SHA256_LENGTH]; /* SHA256 name hash */ |
| 130 /*104 */} ssl3; | 130 /*108 */} ssl3; |
| 131 /* force sizeof(sidCacheEntry) to be a multiple of cache line size */ | 131 /* force sizeof(sidCacheEntry) to be a multiple of cache line size */ |
| 132 struct { | 132 struct { |
| 133 /*120 */ PRUint8 filler[120]; /* 72+120==192, a multiple of 16 */ | 133 /*120 */ PRUint8 filler[120]; /* 72+120==192, a multiple of 16 */ |
| 134 } forceSize; | 134 } forceSize; |
| 135 } u; | 135 } u; |
| 136 }; | 136 }; |
| 137 typedef struct sidCacheEntryStr sidCacheEntry; | 137 typedef struct sidCacheEntryStr sidCacheEntry; |
| 138 | 138 |
| 139 /* The length of this struct is supposed to be a power of 2, e.g. 4KB */ | 139 /* The length of this struct is supposed to be a power of 2, e.g. 4KB */ |
| 140 struct certCacheEntryStr { | 140 struct certCacheEntryStr { |
| (...skipping 359 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 500 /* This is an SSL v3 session */ | 500 /* This is an SSL v3 session */ |
| 501 | 501 |
| 502 to->u.ssl3.cipherSuite = from->u.ssl3.cipherSuite; | 502 to->u.ssl3.cipherSuite = from->u.ssl3.cipherSuite; |
| 503 to->u.ssl3.compression = (PRUint16)from->u.ssl3.compression; | 503 to->u.ssl3.compression = (PRUint16)from->u.ssl3.compression; |
| 504 to->u.ssl3.keys = from->u.ssl3.keys; | 504 to->u.ssl3.keys = from->u.ssl3.keys; |
| 505 to->u.ssl3.masterWrapMech = from->u.ssl3.masterWrapMech; | 505 to->u.ssl3.masterWrapMech = from->u.ssl3.masterWrapMech; |
| 506 to->u.ssl3.exchKeyType = from->u.ssl3.exchKeyType; | 506 to->u.ssl3.exchKeyType = from->u.ssl3.exchKeyType; |
| 507 to->sessionIDLength = from->u.ssl3.sessionIDLength; | 507 to->sessionIDLength = from->u.ssl3.sessionIDLength; |
| 508 to->u.ssl3.certIndex = -1; | 508 to->u.ssl3.certIndex = -1; |
| 509 to->u.ssl3.srvNameIndex = -1; | 509 to->u.ssl3.srvNameIndex = -1; |
| 510 | |
| 511 PORT_Memcpy(to->sessionID, from->u.ssl3.sessionID, | 510 PORT_Memcpy(to->sessionID, from->u.ssl3.sessionID, |
| 512 to->sessionIDLength); | 511 to->sessionIDLength); |
| 513 | 512 |
| 514 SSL_TRC(8, ("%d: SSL3: ConvertSID: time=%d addr=0x%08x%08x%08x%08x " | 513 SSL_TRC(8, ("%d: SSL3: ConvertSID: time=%d addr=0x%08x%08x%08x%08x " |
| 515 "cipherSuite=%d", | 514 "cipherSuite=%d", |
| 516 myPid, to->creationTime, to->addr.pr_s6_addr32[0], | 515 myPid, to->creationTime, to->addr.pr_s6_addr32[0], |
| 517 to->addr.pr_s6_addr32[1], to->addr.pr_s6_addr32[2], | 516 to->addr.pr_s6_addr32[1], to->addr.pr_s6_addr32[2], |
| 518 to->addr.pr_s6_addr32[3], to->u.ssl3.cipherSuite)); | 517 to->addr.pr_s6_addr32[3], to->u.ssl3.cipherSuite)); |
| 519 } | 518 } |
| 520 } | 519 } |
| (...skipping 109 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 630 to->creationTime = from->creationTime; | 629 to->creationTime = from->creationTime; |
| 631 to->lastAccessTime = from->lastAccessTime; | 630 to->lastAccessTime = from->lastAccessTime; |
| 632 to->expirationTime = from->expirationTime; | 631 to->expirationTime = from->expirationTime; |
| 633 to->cached = in_server_cache; | 632 to->cached = in_server_cache; |
| 634 to->addr = from->addr; | 633 to->addr = from->addr; |
| 635 to->references = 1; | 634 to->references = 1; |
| 636 to->authAlgorithm = from->authAlgorithm; | 635 to->authAlgorithm = from->authAlgorithm; |
| 637 to->authKeyBits = from->authKeyBits; | 636 to->authKeyBits = from->authKeyBits; |
| 638 to->keaType = from->keaType; | 637 to->keaType = from->keaType; |
| 639 to->keaKeyBits = from->keaKeyBits; | 638 to->keaKeyBits = from->keaKeyBits; |
| 640 | 639 |
| 641 return to; | 640 return to; |
| 642 | 641 |
| 643 loser: | 642 loser: |
| 644 if (to) { | 643 if (to) { |
| 645 if (version < SSL_LIBRARY_VERSION_3_0) { | 644 if (version < SSL_LIBRARY_VERSION_3_0) { |
| 646 if (to->u.ssl2.masterKey.data) | 645 if (to->u.ssl2.masterKey.data) |
| 647 PORT_Free(to->u.ssl2.masterKey.data); | 646 PORT_Free(to->u.ssl2.masterKey.data); |
| 648 if (to->u.ssl2.cipherArg.data) | 647 if (to->u.ssl2.cipherArg.data) |
| 649 PORT_Free(to->u.ssl2.cipherArg.data); | 648 PORT_Free(to->u.ssl2.cipherArg.data); |
| 650 } else { | 649 } else { |
| (...skipping 570 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1221 memcpy(cacheMem, cache, sizeof *cache); | 1220 memcpy(cacheMem, cache, sizeof *cache); |
| 1222 | 1221 |
| 1223 /* save private copies of these values */ | 1222 /* save private copies of these values */ |
| 1224 cache->cacheMemMap = cacheMemMap; | 1223 cache->cacheMemMap = cacheMemMap; |
| 1225 cache->cacheMem = cacheMem; | 1224 cache->cacheMem = cacheMem; |
| 1226 cache->sharedCache = (cacheDesc *)cacheMem; | 1225 cache->sharedCache = (cacheDesc *)cacheMem; |
| 1227 | 1226 |
| 1228 /* Fix pointers in our private copy of cache descriptor to point to | 1227 /* Fix pointers in our private copy of cache descriptor to point to |
| 1229 ** spaces in shared memory | 1228 ** spaces in shared memory |
| 1230 */ | 1229 */ |
| 1231 ptr = (ptrdiff_t)cache->cacheMem; | 1230 cache->sidCacheLocks = (sidCacheLock *) |
| 1232 *(ptrdiff_t *)(&cache->sidCacheLocks) += ptr; | 1231 (cache->cacheMem + (ptrdiff_t)cache->sidCacheLocks); |
| 1233 *(ptrdiff_t *)(&cache->keyCacheLock ) += ptr; | 1232 cache->keyCacheLock = (sidCacheLock *) |
| 1234 *(ptrdiff_t *)(&cache->certCacheLock) += ptr; | 1233 (cache->cacheMem + (ptrdiff_t)cache->keyCacheLock); |
| 1235 *(ptrdiff_t *)(&cache->srvNameCacheLock) += ptr; | 1234 cache->certCacheLock = (sidCacheLock *) |
| 1236 *(ptrdiff_t *)(&cache->sidCacheSets ) += ptr; | 1235 (cache->cacheMem + (ptrdiff_t)cache->certCacheLock); |
| 1237 *(ptrdiff_t *)(&cache->sidCacheData ) += ptr; | 1236 cache->srvNameCacheLock = (sidCacheLock *) |
| 1238 *(ptrdiff_t *)(&cache->certCacheData) += ptr; | 1237 (cache->cacheMem + (ptrdiff_t)cache->srvNameCacheLock); |
| 1239 *(ptrdiff_t *)(&cache->keyCacheData ) += ptr; | 1238 cache->sidCacheSets = (sidCacheSet *) |
| 1240 *(ptrdiff_t *)(&cache->ticketKeyNameSuffix) += ptr; | 1239 (cache->cacheMem + (ptrdiff_t)cache->sidCacheSets); |
| 1241 *(ptrdiff_t *)(&cache->ticketEncKey ) += ptr; | 1240 cache->sidCacheData = (sidCacheEntry *) |
| 1242 *(ptrdiff_t *)(&cache->ticketMacKey ) += ptr; | 1241 (cache->cacheMem + (ptrdiff_t)cache->sidCacheData); |
| 1243 *(ptrdiff_t *)(&cache->ticketKeysValid) += ptr; | 1242 cache->certCacheData = (certCacheEntry *) |
| 1244 *(ptrdiff_t *)(&cache->srvNameCacheData) += ptr; | 1243 (cache->cacheMem + (ptrdiff_t)cache->certCacheData); |
| 1244 cache->keyCacheData = (SSLWrappedSymWrappingKey *) |
| 1245 (cache->cacheMem + (ptrdiff_t)cache->keyCacheData); |
| 1246 cache->ticketKeyNameSuffix = (PRUint8 *) |
| 1247 (cache->cacheMem + (ptrdiff_t)cache->ticketKeyNameSuffix); |
| 1248 cache->ticketEncKey = (encKeyCacheEntry *) |
| 1249 (cache->cacheMem + (ptrdiff_t)cache->ticketEncKey); |
| 1250 cache->ticketMacKey = (encKeyCacheEntry *) |
| 1251 (cache->cacheMem + (ptrdiff_t)cache->ticketMacKey); |
| 1252 cache->ticketKeysValid = (PRUint32 *) |
| 1253 (cache->cacheMem + (ptrdiff_t)cache->ticketKeysValid); |
| 1254 cache->srvNameCacheData = (srvNameCacheEntry *) |
| 1255 (cache->cacheMem + (ptrdiff_t)cache->srvNameCacheData); |
| 1245 | 1256 |
| 1246 /* initialize the locks */ | 1257 /* initialize the locks */ |
| 1247 init_time = ssl_Time(); | 1258 init_time = ssl_Time(); |
| 1248 pLock = cache->sidCacheLocks; | 1259 pLock = cache->sidCacheLocks; |
| 1249 for (locks_to_initialize = cache->numSIDCacheLocks + 3; | 1260 for (locks_to_initialize = cache->numSIDCacheLocks + 3; |
| 1250 locks_initialized < locks_to_initialize; | 1261 locks_initialized < locks_to_initialize; |
| 1251 ++locks_initialized, ++pLock ) { | 1262 ++locks_initialized, ++pLock ) { |
| 1252 | 1263 |
| 1253 SECStatus err = sslMutex_Init(&pLock->mutex, shared); | 1264 SECStatus err = sslMutex_Init(&pLock->mutex, shared); |
| 1254 if (err) { | 1265 if (err) { |
| (...skipping 222 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1477 } | 1488 } |
| 1478 } | 1489 } |
| 1479 | 1490 |
| 1480 SECStatus | 1491 SECStatus |
| 1481 SSL_InheritMPServerSIDCacheInstance(cacheDesc *cache, const char * envString) | 1492 SSL_InheritMPServerSIDCacheInstance(cacheDesc *cache, const char * envString) |
| 1482 { | 1493 { |
| 1483 unsigned char * decoString = NULL; | 1494 unsigned char * decoString = NULL; |
| 1484 char * fmString = NULL; | 1495 char * fmString = NULL; |
| 1485 char * myEnvString = NULL; | 1496 char * myEnvString = NULL; |
| 1486 unsigned int decoLen; | 1497 unsigned int decoLen; |
| 1487 ptrdiff_t ptr; | |
| 1488 inheritance inherit; | 1498 inheritance inherit; |
| 1489 cacheDesc my; | 1499 cacheDesc my; |
| 1490 #ifdef WINNT | 1500 #ifdef WINNT |
| 1491 sidCacheLock* newLocks; | 1501 sidCacheLock* newLocks; |
| 1492 int locks_initialized = 0; | 1502 int locks_initialized = 0; |
| 1493 int locks_to_initialize = 0; | 1503 int locks_to_initialize = 0; |
| 1494 #endif | 1504 #endif |
| 1495 SECStatus status = ssl_Init(); | 1505 SECStatus status = ssl_Init(); |
| 1496 | 1506 |
| 1497 if (status != SECSuccess) { | 1507 if (status != SECSuccess) { |
| (...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1573 ** cache->cacheMem computed just above. So, we copy cache into | 1583 ** cache->cacheMem computed just above. So, we copy cache into |
| 1574 ** the automatic variable "my", to preserve the variables while | 1584 ** the automatic variable "my", to preserve the variables while |
| 1575 ** cache is overwritten. | 1585 ** cache is overwritten. |
| 1576 */ | 1586 */ |
| 1577 my = *cache; /* save values computed above. */ | 1587 my = *cache; /* save values computed above. */ |
| 1578 memcpy(cache, cache->sharedCache, sizeof *cache); /* overwrite */ | 1588 memcpy(cache, cache->sharedCache, sizeof *cache); /* overwrite */ |
| 1579 | 1589 |
| 1580 /* Fix pointers in our private copy of cache descriptor to point to | 1590 /* Fix pointers in our private copy of cache descriptor to point to |
| 1581 ** spaces in shared memory, whose address is now in "my". | 1591 ** spaces in shared memory, whose address is now in "my". |
| 1582 */ | 1592 */ |
| 1583 ptr = (ptrdiff_t)my.cacheMem; | 1593 cache->sidCacheLocks = (sidCacheLock *) |
| 1584 *(ptrdiff_t *)(&cache->sidCacheLocks) += ptr; | 1594 (my.cacheMem + (ptrdiff_t)cache->sidCacheLocks); |
| 1585 *(ptrdiff_t *)(&cache->keyCacheLock ) += ptr; | 1595 cache->keyCacheLock = (sidCacheLock *) |
| 1586 *(ptrdiff_t *)(&cache->certCacheLock) += ptr; | 1596 (my.cacheMem + (ptrdiff_t)cache->keyCacheLock); |
| 1587 *(ptrdiff_t *)(&cache->srvNameCacheLock) += ptr; | 1597 cache->certCacheLock = (sidCacheLock *) |
| 1588 *(ptrdiff_t *)(&cache->sidCacheSets ) += ptr; | 1598 (my.cacheMem + (ptrdiff_t)cache->certCacheLock); |
| 1589 *(ptrdiff_t *)(&cache->sidCacheData ) += ptr; | 1599 cache->srvNameCacheLock = (sidCacheLock *) |
| 1590 *(ptrdiff_t *)(&cache->certCacheData) += ptr; | 1600 (my.cacheMem + (ptrdiff_t)cache->srvNameCacheLock); |
| 1591 *(ptrdiff_t *)(&cache->keyCacheData ) += ptr; | 1601 cache->sidCacheSets = (sidCacheSet *) |
| 1592 *(ptrdiff_t *)(&cache->ticketKeyNameSuffix) += ptr; | 1602 (my.cacheMem + (ptrdiff_t)cache->sidCacheSets); |
| 1593 *(ptrdiff_t *)(&cache->ticketEncKey ) += ptr; | 1603 cache->sidCacheData = (sidCacheEntry *) |
| 1594 *(ptrdiff_t *)(&cache->ticketMacKey ) += ptr; | 1604 (my.cacheMem + (ptrdiff_t)cache->sidCacheData); |
| 1595 *(ptrdiff_t *)(&cache->ticketKeysValid) += ptr; | 1605 cache->certCacheData = (certCacheEntry *) |
| 1596 *(ptrdiff_t *)(&cache->srvNameCacheData) += ptr; | 1606 (my.cacheMem + (ptrdiff_t)cache->certCacheData); |
| 1607 cache->keyCacheData = (SSLWrappedSymWrappingKey *) |
| 1608 (my.cacheMem + (ptrdiff_t)cache->keyCacheData); |
| 1609 cache->ticketKeyNameSuffix = (PRUint8 *) |
| 1610 (my.cacheMem + (ptrdiff_t)cache->ticketKeyNameSuffix); |
| 1611 cache->ticketEncKey = (encKeyCacheEntry *) |
| 1612 (my.cacheMem + (ptrdiff_t)cache->ticketEncKey); |
| 1613 cache->ticketMacKey = (encKeyCacheEntry *) |
| 1614 (my.cacheMem + (ptrdiff_t)cache->ticketMacKey); |
| 1615 cache->ticketKeysValid = (PRUint32 *) |
| 1616 (my.cacheMem + (ptrdiff_t)cache->ticketKeysValid); |
| 1617 cache->srvNameCacheData = (srvNameCacheEntry *) |
| 1618 (my.cacheMem + (ptrdiff_t)cache->srvNameCacheData); |
| 1597 | 1619 |
| 1598 cache->cacheMemMap = my.cacheMemMap; | 1620 cache->cacheMemMap = my.cacheMemMap; |
| 1599 cache->cacheMem = my.cacheMem; | 1621 cache->cacheMem = my.cacheMem; |
| 1600 cache->sharedCache = (cacheDesc *)cache->cacheMem; | 1622 cache->sharedCache = (cacheDesc *)cache->cacheMem; |
| 1601 | 1623 |
| 1602 #ifdef WINNT | 1624 #ifdef WINNT |
| 1603 /* On Windows NT we need to "fix" the sidCacheLocks here to support fibers | 1625 /* On Windows NT we need to "fix" the sidCacheLocks here to support fibers |
| 1604 ** When NT fibers are used in a multi-process server, a second level of | 1626 ** When NT fibers are used in a multi-process server, a second level of |
| 1605 ** locking is needed to prevent a deadlock, in case a fiber acquires the | 1627 ** locking is needed to prevent a deadlock, in case a fiber acquires the |
| 1606 ** cross-process mutex, yields, and another fiber is later scheduled on | 1628 ** cross-process mutex, yields, and another fiber is later scheduled on |
| (...skipping 596 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2203 } | 2225 } |
| 2204 | 2226 |
| 2205 SECStatus | 2227 SECStatus |
| 2206 SSL_SetMaxServerCacheLocks(PRUint32 maxLocks) | 2228 SSL_SetMaxServerCacheLocks(PRUint32 maxLocks) |
| 2207 { | 2229 { |
| 2208 PR_ASSERT(!"SSL servers are not supported on this platform. (SSL_SetMaxServe
rCacheLocks)"); | 2230 PR_ASSERT(!"SSL servers are not supported on this platform. (SSL_SetMaxServe
rCacheLocks)"); |
| 2209 return SECFailure; | 2231 return SECFailure; |
| 2210 } | 2232 } |
| 2211 | 2233 |
| 2212 #endif /* XP_UNIX || XP_WIN32 */ | 2234 #endif /* XP_UNIX || XP_WIN32 */ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1511123006:
Uprev NSS (in libssl) to NSS 3.21 (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master