OLD | NEW |
1 /* This file implements the SERVER Session ID cache. | 1 /* This file implements the SERVER Session ID cache. |
2 * NOTE: The contents of this file are NOT used by the client. | 2 * NOTE: The contents of this file are NOT used by the client. |
3 * | 3 * |
4 * This Source Code Form is subject to the terms of the Mozilla Public | 4 * This Source Code Form is subject to the terms of the Mozilla Public |
5 * License, v. 2.0. If a copy of the MPL was not distributed with this | 5 * License, v. 2.0. If a copy of the MPL was not distributed with this |
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
7 | 7 |
8 /* Note: ssl_FreeSID() in sslnonce.c gets used for both client and server | 8 /* Note: ssl_FreeSID() in sslnonce.c gets used for both client and server |
9 * cache sids! | 9 * cache sids! |
10 * | 10 * |
(...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
113 /* 1 */ PRUint8 masterKeyLen; | 113 /* 1 */ PRUint8 masterKeyLen; |
114 /* 1 */ PRUint8 keyBits; | 114 /* 1 */ PRUint8 keyBits; |
115 /* 1 */ PRUint8 secretKeyBits; | 115 /* 1 */ PRUint8 secretKeyBits; |
116 /* 1 */ PRUint8 cipherArgLen; | 116 /* 1 */ PRUint8 cipherArgLen; |
117 /*101 */} ssl2; | 117 /*101 */} ssl2; |
118 | 118 |
119 struct { | 119 struct { |
120 /* 2 */ ssl3CipherSuite cipherSuite; | 120 /* 2 */ ssl3CipherSuite cipherSuite; |
121 /* 2 */ PRUint16 compression; /* SSLCompressionMethod */ | 121 /* 2 */ PRUint16 compression; /* SSLCompressionMethod */ |
122 | 122 |
123 /* 52 */ ssl3SidKeys keys;» /* keys, wrapped as needed. */ | 123 /* 54 */ ssl3SidKeys keys;» /* keys, wrapped as needed. */ |
124 | 124 |
125 /* 4 */ PRUint32 masterWrapMech; | 125 /* 4 */ PRUint32 masterWrapMech; |
126 /* 4 */ SSL3KEAType exchKeyType; | 126 /* 4 */ SSL3KEAType exchKeyType; |
127 /* 4 */ PRInt32 certIndex; | 127 /* 4 */ PRInt32 certIndex; |
128 /* 4 */ PRInt32 srvNameIndex; | 128 /* 4 */ PRInt32 srvNameIndex; |
129 /* 32 */ PRUint8 srvNameHash[SHA256_LENGTH]; /* SHA256 name hash */ | 129 /* 32 */ PRUint8 srvNameHash[SHA256_LENGTH]; /* SHA256 name hash */ |
130 /*104 */} ssl3; | 130 /*108 */} ssl3; |
131 /* force sizeof(sidCacheEntry) to be a multiple of cache line size */ | 131 /* force sizeof(sidCacheEntry) to be a multiple of cache line size */ |
132 struct { | 132 struct { |
133 /*120 */ PRUint8 filler[120]; /* 72+120==192, a multiple of 16 */ | 133 /*120 */ PRUint8 filler[120]; /* 72+120==192, a multiple of 16 */ |
134 } forceSize; | 134 } forceSize; |
135 } u; | 135 } u; |
136 }; | 136 }; |
137 typedef struct sidCacheEntryStr sidCacheEntry; | 137 typedef struct sidCacheEntryStr sidCacheEntry; |
138 | 138 |
139 /* The length of this struct is supposed to be a power of 2, e.g. 4KB */ | 139 /* The length of this struct is supposed to be a power of 2, e.g. 4KB */ |
140 struct certCacheEntryStr { | 140 struct certCacheEntryStr { |
(...skipping 359 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
500 /* This is an SSL v3 session */ | 500 /* This is an SSL v3 session */ |
501 | 501 |
502 to->u.ssl3.cipherSuite = from->u.ssl3.cipherSuite; | 502 to->u.ssl3.cipherSuite = from->u.ssl3.cipherSuite; |
503 to->u.ssl3.compression = (PRUint16)from->u.ssl3.compression; | 503 to->u.ssl3.compression = (PRUint16)from->u.ssl3.compression; |
504 to->u.ssl3.keys = from->u.ssl3.keys; | 504 to->u.ssl3.keys = from->u.ssl3.keys; |
505 to->u.ssl3.masterWrapMech = from->u.ssl3.masterWrapMech; | 505 to->u.ssl3.masterWrapMech = from->u.ssl3.masterWrapMech; |
506 to->u.ssl3.exchKeyType = from->u.ssl3.exchKeyType; | 506 to->u.ssl3.exchKeyType = from->u.ssl3.exchKeyType; |
507 to->sessionIDLength = from->u.ssl3.sessionIDLength; | 507 to->sessionIDLength = from->u.ssl3.sessionIDLength; |
508 to->u.ssl3.certIndex = -1; | 508 to->u.ssl3.certIndex = -1; |
509 to->u.ssl3.srvNameIndex = -1; | 509 to->u.ssl3.srvNameIndex = -1; |
510 | |
511 PORT_Memcpy(to->sessionID, from->u.ssl3.sessionID, | 510 PORT_Memcpy(to->sessionID, from->u.ssl3.sessionID, |
512 to->sessionIDLength); | 511 to->sessionIDLength); |
513 | 512 |
514 SSL_TRC(8, ("%d: SSL3: ConvertSID: time=%d addr=0x%08x%08x%08x%08x " | 513 SSL_TRC(8, ("%d: SSL3: ConvertSID: time=%d addr=0x%08x%08x%08x%08x " |
515 "cipherSuite=%d", | 514 "cipherSuite=%d", |
516 myPid, to->creationTime, to->addr.pr_s6_addr32[0], | 515 myPid, to->creationTime, to->addr.pr_s6_addr32[0], |
517 to->addr.pr_s6_addr32[1], to->addr.pr_s6_addr32[2], | 516 to->addr.pr_s6_addr32[1], to->addr.pr_s6_addr32[2], |
518 to->addr.pr_s6_addr32[3], to->u.ssl3.cipherSuite)); | 517 to->addr.pr_s6_addr32[3], to->u.ssl3.cipherSuite)); |
519 } | 518 } |
520 } | 519 } |
(...skipping 109 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
630 to->creationTime = from->creationTime; | 629 to->creationTime = from->creationTime; |
631 to->lastAccessTime = from->lastAccessTime; | 630 to->lastAccessTime = from->lastAccessTime; |
632 to->expirationTime = from->expirationTime; | 631 to->expirationTime = from->expirationTime; |
633 to->cached = in_server_cache; | 632 to->cached = in_server_cache; |
634 to->addr = from->addr; | 633 to->addr = from->addr; |
635 to->references = 1; | 634 to->references = 1; |
636 to->authAlgorithm = from->authAlgorithm; | 635 to->authAlgorithm = from->authAlgorithm; |
637 to->authKeyBits = from->authKeyBits; | 636 to->authKeyBits = from->authKeyBits; |
638 to->keaType = from->keaType; | 637 to->keaType = from->keaType; |
639 to->keaKeyBits = from->keaKeyBits; | 638 to->keaKeyBits = from->keaKeyBits; |
640 | 639 |
641 return to; | 640 return to; |
642 | 641 |
643 loser: | 642 loser: |
644 if (to) { | 643 if (to) { |
645 if (version < SSL_LIBRARY_VERSION_3_0) { | 644 if (version < SSL_LIBRARY_VERSION_3_0) { |
646 if (to->u.ssl2.masterKey.data) | 645 if (to->u.ssl2.masterKey.data) |
647 PORT_Free(to->u.ssl2.masterKey.data); | 646 PORT_Free(to->u.ssl2.masterKey.data); |
648 if (to->u.ssl2.cipherArg.data) | 647 if (to->u.ssl2.cipherArg.data) |
649 PORT_Free(to->u.ssl2.cipherArg.data); | 648 PORT_Free(to->u.ssl2.cipherArg.data); |
650 } else { | 649 } else { |
(...skipping 570 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1221 memcpy(cacheMem, cache, sizeof *cache); | 1220 memcpy(cacheMem, cache, sizeof *cache); |
1222 | 1221 |
1223 /* save private copies of these values */ | 1222 /* save private copies of these values */ |
1224 cache->cacheMemMap = cacheMemMap; | 1223 cache->cacheMemMap = cacheMemMap; |
1225 cache->cacheMem = cacheMem; | 1224 cache->cacheMem = cacheMem; |
1226 cache->sharedCache = (cacheDesc *)cacheMem; | 1225 cache->sharedCache = (cacheDesc *)cacheMem; |
1227 | 1226 |
1228 /* Fix pointers in our private copy of cache descriptor to point to | 1227 /* Fix pointers in our private copy of cache descriptor to point to |
1229 ** spaces in shared memory | 1228 ** spaces in shared memory |
1230 */ | 1229 */ |
1231 ptr = (ptrdiff_t)cache->cacheMem; | 1230 cache->sidCacheLocks = (sidCacheLock *) |
1232 *(ptrdiff_t *)(&cache->sidCacheLocks) += ptr; | 1231 (cache->cacheMem + (ptrdiff_t)cache->sidCacheLocks); |
1233 *(ptrdiff_t *)(&cache->keyCacheLock ) += ptr; | 1232 cache->keyCacheLock = (sidCacheLock *) |
1234 *(ptrdiff_t *)(&cache->certCacheLock) += ptr; | 1233 (cache->cacheMem + (ptrdiff_t)cache->keyCacheLock); |
1235 *(ptrdiff_t *)(&cache->srvNameCacheLock) += ptr; | 1234 cache->certCacheLock = (sidCacheLock *) |
1236 *(ptrdiff_t *)(&cache->sidCacheSets ) += ptr; | 1235 (cache->cacheMem + (ptrdiff_t)cache->certCacheLock); |
1237 *(ptrdiff_t *)(&cache->sidCacheData ) += ptr; | 1236 cache->srvNameCacheLock = (sidCacheLock *) |
1238 *(ptrdiff_t *)(&cache->certCacheData) += ptr; | 1237 (cache->cacheMem + (ptrdiff_t)cache->srvNameCacheLock); |
1239 *(ptrdiff_t *)(&cache->keyCacheData ) += ptr; | 1238 cache->sidCacheSets = (sidCacheSet *) |
1240 *(ptrdiff_t *)(&cache->ticketKeyNameSuffix) += ptr; | 1239 (cache->cacheMem + (ptrdiff_t)cache->sidCacheSets); |
1241 *(ptrdiff_t *)(&cache->ticketEncKey ) += ptr; | 1240 cache->sidCacheData = (sidCacheEntry *) |
1242 *(ptrdiff_t *)(&cache->ticketMacKey ) += ptr; | 1241 (cache->cacheMem + (ptrdiff_t)cache->sidCacheData); |
1243 *(ptrdiff_t *)(&cache->ticketKeysValid) += ptr; | 1242 cache->certCacheData = (certCacheEntry *) |
1244 *(ptrdiff_t *)(&cache->srvNameCacheData) += ptr; | 1243 (cache->cacheMem + (ptrdiff_t)cache->certCacheData); |
| 1244 cache->keyCacheData = (SSLWrappedSymWrappingKey *) |
| 1245 (cache->cacheMem + (ptrdiff_t)cache->keyCacheData); |
| 1246 cache->ticketKeyNameSuffix = (PRUint8 *) |
| 1247 (cache->cacheMem + (ptrdiff_t)cache->ticketKeyNameSuffix); |
| 1248 cache->ticketEncKey = (encKeyCacheEntry *) |
| 1249 (cache->cacheMem + (ptrdiff_t)cache->ticketEncKey); |
| 1250 cache->ticketMacKey = (encKeyCacheEntry *) |
| 1251 (cache->cacheMem + (ptrdiff_t)cache->ticketMacKey); |
| 1252 cache->ticketKeysValid = (PRUint32 *) |
| 1253 (cache->cacheMem + (ptrdiff_t)cache->ticketKeysValid); |
| 1254 cache->srvNameCacheData = (srvNameCacheEntry *) |
| 1255 (cache->cacheMem + (ptrdiff_t)cache->srvNameCacheData); |
1245 | 1256 |
1246 /* initialize the locks */ | 1257 /* initialize the locks */ |
1247 init_time = ssl_Time(); | 1258 init_time = ssl_Time(); |
1248 pLock = cache->sidCacheLocks; | 1259 pLock = cache->sidCacheLocks; |
1249 for (locks_to_initialize = cache->numSIDCacheLocks + 3; | 1260 for (locks_to_initialize = cache->numSIDCacheLocks + 3; |
1250 locks_initialized < locks_to_initialize; | 1261 locks_initialized < locks_to_initialize; |
1251 ++locks_initialized, ++pLock ) { | 1262 ++locks_initialized, ++pLock ) { |
1252 | 1263 |
1253 SECStatus err = sslMutex_Init(&pLock->mutex, shared); | 1264 SECStatus err = sslMutex_Init(&pLock->mutex, shared); |
1254 if (err) { | 1265 if (err) { |
(...skipping 222 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1477 } | 1488 } |
1478 } | 1489 } |
1479 | 1490 |
1480 SECStatus | 1491 SECStatus |
1481 SSL_InheritMPServerSIDCacheInstance(cacheDesc *cache, const char * envString) | 1492 SSL_InheritMPServerSIDCacheInstance(cacheDesc *cache, const char * envString) |
1482 { | 1493 { |
1483 unsigned char * decoString = NULL; | 1494 unsigned char * decoString = NULL; |
1484 char * fmString = NULL; | 1495 char * fmString = NULL; |
1485 char * myEnvString = NULL; | 1496 char * myEnvString = NULL; |
1486 unsigned int decoLen; | 1497 unsigned int decoLen; |
1487 ptrdiff_t ptr; | |
1488 inheritance inherit; | 1498 inheritance inherit; |
1489 cacheDesc my; | 1499 cacheDesc my; |
1490 #ifdef WINNT | 1500 #ifdef WINNT |
1491 sidCacheLock* newLocks; | 1501 sidCacheLock* newLocks; |
1492 int locks_initialized = 0; | 1502 int locks_initialized = 0; |
1493 int locks_to_initialize = 0; | 1503 int locks_to_initialize = 0; |
1494 #endif | 1504 #endif |
1495 SECStatus status = ssl_Init(); | 1505 SECStatus status = ssl_Init(); |
1496 | 1506 |
1497 if (status != SECSuccess) { | 1507 if (status != SECSuccess) { |
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1573 ** cache->cacheMem computed just above. So, we copy cache into | 1583 ** cache->cacheMem computed just above. So, we copy cache into |
1574 ** the automatic variable "my", to preserve the variables while | 1584 ** the automatic variable "my", to preserve the variables while |
1575 ** cache is overwritten. | 1585 ** cache is overwritten. |
1576 */ | 1586 */ |
1577 my = *cache; /* save values computed above. */ | 1587 my = *cache; /* save values computed above. */ |
1578 memcpy(cache, cache->sharedCache, sizeof *cache); /* overwrite */ | 1588 memcpy(cache, cache->sharedCache, sizeof *cache); /* overwrite */ |
1579 | 1589 |
1580 /* Fix pointers in our private copy of cache descriptor to point to | 1590 /* Fix pointers in our private copy of cache descriptor to point to |
1581 ** spaces in shared memory, whose address is now in "my". | 1591 ** spaces in shared memory, whose address is now in "my". |
1582 */ | 1592 */ |
1583 ptr = (ptrdiff_t)my.cacheMem; | 1593 cache->sidCacheLocks = (sidCacheLock *) |
1584 *(ptrdiff_t *)(&cache->sidCacheLocks) += ptr; | 1594 (my.cacheMem + (ptrdiff_t)cache->sidCacheLocks); |
1585 *(ptrdiff_t *)(&cache->keyCacheLock ) += ptr; | 1595 cache->keyCacheLock = (sidCacheLock *) |
1586 *(ptrdiff_t *)(&cache->certCacheLock) += ptr; | 1596 (my.cacheMem + (ptrdiff_t)cache->keyCacheLock); |
1587 *(ptrdiff_t *)(&cache->srvNameCacheLock) += ptr; | 1597 cache->certCacheLock = (sidCacheLock *) |
1588 *(ptrdiff_t *)(&cache->sidCacheSets ) += ptr; | 1598 (my.cacheMem + (ptrdiff_t)cache->certCacheLock); |
1589 *(ptrdiff_t *)(&cache->sidCacheData ) += ptr; | 1599 cache->srvNameCacheLock = (sidCacheLock *) |
1590 *(ptrdiff_t *)(&cache->certCacheData) += ptr; | 1600 (my.cacheMem + (ptrdiff_t)cache->srvNameCacheLock); |
1591 *(ptrdiff_t *)(&cache->keyCacheData ) += ptr; | 1601 cache->sidCacheSets = (sidCacheSet *) |
1592 *(ptrdiff_t *)(&cache->ticketKeyNameSuffix) += ptr; | 1602 (my.cacheMem + (ptrdiff_t)cache->sidCacheSets); |
1593 *(ptrdiff_t *)(&cache->ticketEncKey ) += ptr; | 1603 cache->sidCacheData = (sidCacheEntry *) |
1594 *(ptrdiff_t *)(&cache->ticketMacKey ) += ptr; | 1604 (my.cacheMem + (ptrdiff_t)cache->sidCacheData); |
1595 *(ptrdiff_t *)(&cache->ticketKeysValid) += ptr; | 1605 cache->certCacheData = (certCacheEntry *) |
1596 *(ptrdiff_t *)(&cache->srvNameCacheData) += ptr; | 1606 (my.cacheMem + (ptrdiff_t)cache->certCacheData); |
| 1607 cache->keyCacheData = (SSLWrappedSymWrappingKey *) |
| 1608 (my.cacheMem + (ptrdiff_t)cache->keyCacheData); |
| 1609 cache->ticketKeyNameSuffix = (PRUint8 *) |
| 1610 (my.cacheMem + (ptrdiff_t)cache->ticketKeyNameSuffix); |
| 1611 cache->ticketEncKey = (encKeyCacheEntry *) |
| 1612 (my.cacheMem + (ptrdiff_t)cache->ticketEncKey); |
| 1613 cache->ticketMacKey = (encKeyCacheEntry *) |
| 1614 (my.cacheMem + (ptrdiff_t)cache->ticketMacKey); |
| 1615 cache->ticketKeysValid = (PRUint32 *) |
| 1616 (my.cacheMem + (ptrdiff_t)cache->ticketKeysValid); |
| 1617 cache->srvNameCacheData = (srvNameCacheEntry *) |
| 1618 (my.cacheMem + (ptrdiff_t)cache->srvNameCacheData); |
1597 | 1619 |
1598 cache->cacheMemMap = my.cacheMemMap; | 1620 cache->cacheMemMap = my.cacheMemMap; |
1599 cache->cacheMem = my.cacheMem; | 1621 cache->cacheMem = my.cacheMem; |
1600 cache->sharedCache = (cacheDesc *)cache->cacheMem; | 1622 cache->sharedCache = (cacheDesc *)cache->cacheMem; |
1601 | 1623 |
1602 #ifdef WINNT | 1624 #ifdef WINNT |
1603 /* On Windows NT we need to "fix" the sidCacheLocks here to support fibers | 1625 /* On Windows NT we need to "fix" the sidCacheLocks here to support fibers |
1604 ** When NT fibers are used in a multi-process server, a second level of | 1626 ** When NT fibers are used in a multi-process server, a second level of |
1605 ** locking is needed to prevent a deadlock, in case a fiber acquires the | 1627 ** locking is needed to prevent a deadlock, in case a fiber acquires the |
1606 ** cross-process mutex, yields, and another fiber is later scheduled on | 1628 ** cross-process mutex, yields, and another fiber is later scheduled on |
(...skipping 596 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2203 } | 2225 } |
2204 | 2226 |
2205 SECStatus | 2227 SECStatus |
2206 SSL_SetMaxServerCacheLocks(PRUint32 maxLocks) | 2228 SSL_SetMaxServerCacheLocks(PRUint32 maxLocks) |
2207 { | 2229 { |
2208 PR_ASSERT(!"SSL servers are not supported on this platform. (SSL_SetMaxServe
rCacheLocks)"); | 2230 PR_ASSERT(!"SSL servers are not supported on this platform. (SSL_SetMaxServe
rCacheLocks)"); |
2209 return SECFailure; | 2231 return SECFailure; |
2210 } | 2232 } |
2211 | 2233 |
2212 #endif /* XP_UNIX || XP_WIN32 */ | 2234 #endif /* XP_UNIX || XP_WIN32 */ |
OLD | NEW |