Index: net/third_party/nss/ssl/sslsnce.c |
diff --git a/net/third_party/nss/ssl/sslsnce.c b/net/third_party/nss/ssl/sslsnce.c |
index 3856c13166fba9da8935823508c0de042f9d6eee..e3f749e577b5969abac744c2df985abe903556f5 100644 |
--- a/net/third_party/nss/ssl/sslsnce.c |
+++ b/net/third_party/nss/ssl/sslsnce.c |
@@ -1,23 +1,23 @@ |
-/* This file implements the SERVER Session ID cache. |
+/* This file implements the SERVER Session ID cache. |
* NOTE: The contents of this file are NOT used by the client. |
* |
* This Source Code Form is subject to the terms of the Mozilla Public |
* License, v. 2.0. If a copy of the MPL was not distributed with this |
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
-/* Note: ssl_FreeSID() in sslnonce.c gets used for both client and server |
+/* Note: ssl_FreeSID() in sslnonce.c gets used for both client and server |
* cache sids! |
* |
* About record locking among different server processes: |
* |
- * All processes that are part of the same conceptual server (serving on |
- * the same address and port) MUST share a common SSL session cache. |
+ * All processes that are part of the same conceptual server (serving on |
+ * the same address and port) MUST share a common SSL session cache. |
* This code makes the content of the shared cache accessible to all |
* processes on the same "server". This code works on Unix and Win32 only. |
* |
* We use NSPR anonymous shared memory and move data to & from shared memory. |
* We must do explicit locking of the records for all reads and writes. |
- * The set of Cache entries are divided up into "sets" of 128 entries. |
+ * The set of Cache entries are divided up into "sets" of 128 entries. |
* Each set is protected by a lock. There may be one or more sets protected |
* by each lock. That is, locks to sets are 1:N. |
* There is one lock for the entire cert cache. |
@@ -44,7 +44,7 @@ |
*/ |
#include "seccomon.h" |
-#if defined(XP_UNIX) || defined(XP_WIN32) || defined (XP_OS2) || defined(XP_BEOS) |
+#if defined(XP_UNIX) || defined(XP_WIN32) || defined(XP_OS2) || defined(XP_BEOS) |
#include "cert.h" |
#include "ssl.h" |
@@ -78,7 +78,7 @@ |
#include "win32err.h" |
#endif |
-#endif |
+#endif |
#include <sys/types.h> |
#define SET_ERROR_CODE /* reminder */ |
@@ -88,146 +88,146 @@ |
/* |
** Format of a cache entry in the shared memory. |
-*/ |
+*/ |
struct sidCacheEntryStr { |
-/* 16 */ PRIPv6Addr addr; /* client's IP address */ |
-/* 4 */ PRUint32 creationTime; |
-/* 4 */ PRUint32 lastAccessTime; |
-/* 4 */ PRUint32 expirationTime; |
-/* 2 */ PRUint16 version; |
-/* 1 */ PRUint8 valid; |
-/* 1 */ PRUint8 sessionIDLength; |
-/* 32 */ PRUint8 sessionID[SSL3_SESSIONID_BYTES]; |
-/* 2 */ PRUint16 authAlgorithm; |
-/* 2 */ PRUint16 authKeyBits; |
-/* 2 */ PRUint16 keaType; |
-/* 2 */ PRUint16 keaKeyBits; |
-/* 72 - common header total */ |
+ /* 16 */ PRIPv6Addr addr; /* client's IP address */ |
+ /* 4 */ PRUint32 creationTime; |
+ /* 4 */ PRUint32 lastAccessTime; |
+ /* 4 */ PRUint32 expirationTime; |
+ /* 2 */ PRUint16 version; |
+ /* 1 */ PRUint8 valid; |
+ /* 1 */ PRUint8 sessionIDLength; |
+ /* 32 */ PRUint8 sessionID[SSL3_SESSIONID_BYTES]; |
+ /* 2 */ PRUint16 authAlgorithm; |
+ /* 2 */ PRUint16 authKeyBits; |
+ /* 2 */ PRUint16 keaType; |
+ /* 2 */ PRUint16 keaKeyBits; |
+ /* 72 - common header total */ |
union { |
- struct { |
-/* 64 */ PRUint8 masterKey[SSL_MAX_MASTER_KEY_BYTES]; |
-/* 32 */ PRUint8 cipherArg[SSL_MAX_CYPHER_ARG_BYTES]; |
- |
-/* 1 */ PRUint8 cipherType; |
-/* 1 */ PRUint8 masterKeyLen; |
-/* 1 */ PRUint8 keyBits; |
-/* 1 */ PRUint8 secretKeyBits; |
-/* 1 */ PRUint8 cipherArgLen; |
+ struct { |
+ /* 64 */ PRUint8 masterKey[SSL_MAX_MASTER_KEY_BYTES]; |
+ /* 32 */ PRUint8 cipherArg[SSL_MAX_CYPHER_ARG_BYTES]; |
+ |
+ /* 1 */ PRUint8 cipherType; |
+ /* 1 */ PRUint8 masterKeyLen; |
+ /* 1 */ PRUint8 keyBits; |
+ /* 1 */ PRUint8 secretKeyBits; |
+ /* 1 */ PRUint8 cipherArgLen; |
/*101 */} ssl2; |
- struct { |
-/* 2 */ ssl3CipherSuite cipherSuite; |
-/* 2 */ PRUint16 compression; /* SSLCompressionMethod */ |
+struct { |
+ /* 2 */ ssl3CipherSuite cipherSuite; |
+ /* 2 */ PRUint16 compression; /* SSLCompressionMethod */ |
-/* 54 */ ssl3SidKeys keys; /* keys, wrapped as needed. */ |
+ /* 54 */ ssl3SidKeys keys; /* keys, wrapped as needed. */ |
-/* 4 */ PRUint32 masterWrapMech; |
-/* 4 */ SSL3KEAType exchKeyType; |
-/* 4 */ PRInt32 certIndex; |
-/* 4 */ PRInt32 srvNameIndex; |
-/* 32 */ PRUint8 srvNameHash[SHA256_LENGTH]; /* SHA256 name hash */ |
+ /* 4 */ PRUint32 masterWrapMech; |
+ /* 4 */ SSL3KEAType exchKeyType; |
+ /* 4 */ PRInt32 certIndex; |
+ /* 4 */ PRInt32 srvNameIndex; |
+ /* 32 */ PRUint8 srvNameHash[SHA256_LENGTH]; /* SHA256 name hash */ |
/*108 */} ssl3; |
+ |
/* force sizeof(sidCacheEntry) to be a multiple of cache line size */ |
- struct { |
-/*120 */ PRUint8 filler[120]; /* 72+120==192, a multiple of 16 */ |
- } forceSize; |
+struct { |
+ /*120 */ PRUint8 filler[120]; /* 72+120==192, a multiple of 16 */ |
+} forceSize; |
} u; |
}; |
typedef struct sidCacheEntryStr sidCacheEntry; |
/* The length of this struct is supposed to be a power of 2, e.g. 4KB */ |
struct certCacheEntryStr { |
- PRUint16 certLength; /* 2 */ |
- PRUint16 sessionIDLength; /* 2 */ |
- PRUint8 sessionID[SSL3_SESSIONID_BYTES]; /* 32 */ |
- PRUint8 cert[SSL_MAX_CACHED_CERT_LEN]; /* 4060 */ |
-}; /* total 4096 */ |
+ PRUint16 certLength; /* 2 */ |
+ PRUint16 sessionIDLength; /* 2 */ |
+ PRUint8 sessionID[SSL3_SESSIONID_BYTES]; /* 32 */ |
+ PRUint8 cert[SSL_MAX_CACHED_CERT_LEN]; /* 4060 */ |
+}; /* total 4096 */ |
typedef struct certCacheEntryStr certCacheEntry; |
struct sidCacheLockStr { |
- PRUint32 timeStamp; |
- sslMutex mutex; |
- sslPID pid; |
+ PRUint32 timeStamp; |
+ sslMutex mutex; |
+ sslPID pid; |
}; |
typedef struct sidCacheLockStr sidCacheLock; |
struct sidCacheSetStr { |
- PRIntn next; |
+ PRIntn next; |
}; |
typedef struct sidCacheSetStr sidCacheSet; |
struct encKeyCacheEntryStr { |
- PRUint8 bytes[512]; |
- PRInt32 length; |
+ PRUint8 bytes[512]; |
+ PRInt32 length; |
}; |
typedef struct encKeyCacheEntryStr encKeyCacheEntry; |
-#define SSL_MAX_DNS_HOST_NAME 1024 |
+#define SSL_MAX_DNS_HOST_NAME 1024 |
struct srvNameCacheEntryStr { |
- PRUint16 type; /* 2 */ |
- PRUint16 nameLen; /* 2 */ |
- PRUint8 name[SSL_MAX_DNS_HOST_NAME + 12]; /* 1034 */ |
- PRUint8 nameHash[SHA256_LENGTH]; /* 32 */ |
- /* 1072 */ |
+ PRUint16 type; /* 2 */ |
+ PRUint16 nameLen; /* 2 */ |
+ PRUint8 name[SSL_MAX_DNS_HOST_NAME + 12]; /* 1034 */ |
+ PRUint8 nameHash[SHA256_LENGTH]; /* 32 */ |
+ /* 1072 */ |
}; |
typedef struct srvNameCacheEntryStr srvNameCacheEntry; |
- |
struct cacheDescStr { |
- PRUint32 cacheMemSize; |
+ PRUint32 cacheMemSize; |
- PRUint32 numSIDCacheLocks; |
- PRUint32 numSIDCacheSets; |
- PRUint32 numSIDCacheSetsPerLock; |
+ PRUint32 numSIDCacheLocks; |
+ PRUint32 numSIDCacheSets; |
+ PRUint32 numSIDCacheSetsPerLock; |
- PRUint32 numSIDCacheEntries; |
- PRUint32 sidCacheSize; |
+ PRUint32 numSIDCacheEntries; |
+ PRUint32 sidCacheSize; |
- PRUint32 numCertCacheEntries; |
- PRUint32 certCacheSize; |
+ PRUint32 numCertCacheEntries; |
+ PRUint32 certCacheSize; |
- PRUint32 numKeyCacheEntries; |
- PRUint32 keyCacheSize; |
+ PRUint32 numKeyCacheEntries; |
+ PRUint32 keyCacheSize; |
- PRUint32 numSrvNameCacheEntries; |
- PRUint32 srvNameCacheSize; |
+ PRUint32 numSrvNameCacheEntries; |
+ PRUint32 srvNameCacheSize; |
- PRUint32 ssl2Timeout; |
- PRUint32 ssl3Timeout; |
+ PRUint32 ssl2Timeout; |
+ PRUint32 ssl3Timeout; |
- PRUint32 numSIDCacheLocksInitialized; |
+ PRUint32 numSIDCacheLocksInitialized; |
/* These values are volatile, and are accessed through sharedCache-> */ |
- PRUint32 nextCertCacheEntry; /* certCacheLock protects */ |
- PRBool stopPolling; |
- PRBool everInherited; |
+ PRUint32 nextCertCacheEntry; /* certCacheLock protects */ |
+ PRBool stopPolling; |
+ PRBool everInherited; |
/* The private copies of these values are pointers into shared mem */ |
/* The copies of these values in shared memory are merely offsets */ |
- sidCacheLock * sidCacheLocks; |
- sidCacheLock * keyCacheLock; |
- sidCacheLock * certCacheLock; |
- sidCacheLock * srvNameCacheLock; |
- sidCacheSet * sidCacheSets; |
- sidCacheEntry * sidCacheData; |
- certCacheEntry * certCacheData; |
- SSLWrappedSymWrappingKey * keyCacheData; |
- PRUint8 * ticketKeyNameSuffix; |
- encKeyCacheEntry * ticketEncKey; |
- encKeyCacheEntry * ticketMacKey; |
- PRUint32 * ticketKeysValid; |
- srvNameCacheEntry * srvNameCacheData; |
+ sidCacheLock *sidCacheLocks; |
+ sidCacheLock *keyCacheLock; |
+ sidCacheLock *certCacheLock; |
+ sidCacheLock *srvNameCacheLock; |
+ sidCacheSet *sidCacheSets; |
+ sidCacheEntry *sidCacheData; |
+ certCacheEntry *certCacheData; |
+ SSLWrappedSymWrappingKey *keyCacheData; |
+ PRUint8 *ticketKeyNameSuffix; |
+ encKeyCacheEntry *ticketEncKey; |
+ encKeyCacheEntry *ticketMacKey; |
+ PRUint32 *ticketKeysValid; |
+ srvNameCacheEntry *srvNameCacheData; |
/* Only the private copies of these pointers are valid */ |
- char * cacheMem; |
- struct cacheDescStr * sharedCache; /* shared copy of this struct */ |
- PRFileMap * cacheMemMap; |
- PRThread * poller; |
- PRUint32 mutexTimeout; |
- PRBool shared; |
+ char *cacheMem; |
+ struct cacheDescStr *sharedCache; /* shared copy of this struct */ |
+ PRFileMap *cacheMemMap; |
+ PRThread *poller; |
+ PRUint32 mutexTimeout; |
+ PRBool shared; |
}; |
typedef struct cacheDescStr cacheDesc; |
@@ -235,48 +235,45 @@ static cacheDesc globalCache; |
static const char envVarName[] = { SSL_ENV_VAR_NAME }; |
-static PRBool isMultiProcess = PR_FALSE; |
- |
+static PRBool isMultiProcess = PR_FALSE; |
-#define DEF_SID_CACHE_ENTRIES 10000 |
+#define DEF_SID_CACHE_ENTRIES 10000 |
#define DEF_CERT_CACHE_ENTRIES 250 |
#define MIN_CERT_CACHE_ENTRIES 125 /* the effective size in old releases. */ |
-#define DEF_KEY_CACHE_ENTRIES 250 |
-#define DEF_NAME_CACHE_ENTRIES 1000 |
+#define DEF_KEY_CACHE_ENTRIES 250 |
+#define DEF_NAME_CACHE_ENTRIES 1000 |
-#define SID_CACHE_ENTRIES_PER_SET 128 |
-#define SID_ALIGNMENT 16 |
+#define SID_CACHE_ENTRIES_PER_SET 128 |
+#define SID_ALIGNMENT 16 |
-#define DEF_SSL2_TIMEOUT 100 /* seconds */ |
-#define MAX_SSL2_TIMEOUT 100 /* seconds */ |
-#define MIN_SSL2_TIMEOUT 5 /* seconds */ |
+#define DEF_SSL2_TIMEOUT 100 /* seconds */ |
+#define MAX_SSL2_TIMEOUT 100 /* seconds */ |
+#define MIN_SSL2_TIMEOUT 5 /* seconds */ |
-#define DEF_SSL3_TIMEOUT 86400L /* 24 hours */ |
-#define MAX_SSL3_TIMEOUT 86400L /* 24 hours */ |
-#define MIN_SSL3_TIMEOUT 5 /* seconds */ |
+#define DEF_SSL3_TIMEOUT 86400L /* 24 hours */ |
+#define MAX_SSL3_TIMEOUT 86400L /* 24 hours */ |
+#define MIN_SSL3_TIMEOUT 5 /* seconds */ |
#if defined(AIX) || defined(LINUX) || defined(NETBSD) || defined(OPENBSD) |
-#define MAX_SID_CACHE_LOCKS 8 /* two FDs per lock */ |
+#define MAX_SID_CACHE_LOCKS 8 /* two FDs per lock */ |
#elif defined(OSF1) |
-#define MAX_SID_CACHE_LOCKS 16 /* one FD per lock */ |
+#define MAX_SID_CACHE_LOCKS 16 /* one FD per lock */ |
#else |
#define MAX_SID_CACHE_LOCKS 256 |
#endif |
-#define SID_HOWMANY(val, size) (((val) + ((size) - 1)) / (size)) |
-#define SID_ROUNDUP(val, size) ((size) * SID_HOWMANY((val), (size))) |
- |
+#define SID_HOWMANY(val, size) (((val) + ((size)-1)) / (size)) |
+#define SID_ROUNDUP(val, size) ((size)*SID_HOWMANY((val), (size))) |
static sslPID myPid; |
-static PRUint32 ssl_max_sid_cache_locks = MAX_SID_CACHE_LOCKS; |
+static PRUint32 ssl_max_sid_cache_locks = MAX_SID_CACHE_LOCKS; |
/* forward static function declarations */ |
-static PRUint32 SIDindex(cacheDesc *cache, const PRIPv6Addr *addr, PRUint8 *s, |
+static PRUint32 SIDindex(cacheDesc *cache, const PRIPv6Addr *addr, PRUint8 *s, |
unsigned nl); |
static SECStatus LaunchLockPoller(cacheDesc *cache); |
static SECStatus StopLockPoller(cacheDesc *cache); |
- |
struct inheritanceStr { |
PRUint32 cacheMemSize; |
PRUint32 fmStrLen; |
@@ -296,29 +293,28 @@ typedef struct inheritanceStr inheritance; |
#endif /* XP_UNIX || XP_BEOS */ |
- |
/************************************************************************/ |
static PRUint32 |
LockSidCacheLock(sidCacheLock *lock, PRUint32 now) |
{ |
- SECStatus rv = sslMutex_Lock(&lock->mutex); |
+ SECStatus rv = sslMutex_Lock(&lock->mutex); |
if (rv != SECSuccess) |
- return 0; |
+ return 0; |
if (!now) |
- now = ssl_Time(); |
+ now = ssl_Time(); |
lock->timeStamp = now; |
- lock->pid = myPid; |
+ lock->pid = myPid; |
return now; |
} |
static SECStatus |
UnlockSidCacheLock(sidCacheLock *lock) |
{ |
- SECStatus rv; |
+ SECStatus rv; |
lock->pid = 0; |
- rv = sslMutex_Unlock(&lock->mutex); |
+ rv = sslMutex_Unlock(&lock->mutex); |
return rv; |
} |
@@ -326,8 +322,8 @@ UnlockSidCacheLock(sidCacheLock *lock) |
static PRUint32 |
LockSet(cacheDesc *cache, PRUint32 set, PRUint32 now) |
{ |
- PRUint32 lockNum = set % cache->numSIDCacheLocks; |
- sidCacheLock * lock = cache->sidCacheLocks + lockNum; |
+ PRUint32 lockNum = set % cache->numSIDCacheLocks; |
+ sidCacheLock *lock = cache->sidCacheLocks + lockNum; |
return LockSidCacheLock(lock, now); |
} |
@@ -335,28 +331,27 @@ LockSet(cacheDesc *cache, PRUint32 set, PRUint32 now) |
static SECStatus |
UnlockSet(cacheDesc *cache, PRUint32 set) |
{ |
- PRUint32 lockNum = set % cache->numSIDCacheLocks; |
- sidCacheLock * lock = cache->sidCacheLocks + lockNum; |
+ PRUint32 lockNum = set % cache->numSIDCacheLocks; |
+ sidCacheLock *lock = cache->sidCacheLocks + lockNum; |
return UnlockSidCacheLock(lock); |
} |
/************************************************************************/ |
- |
/* Put a certificate in the cache. Update the cert index in the sce. |
*/ |
static PRUint32 |
-CacheCert(cacheDesc * cache, CERTCertificate *cert, sidCacheEntry *sce) |
+CacheCert(cacheDesc *cache, CERTCertificate *cert, sidCacheEntry *sce) |
{ |
- PRUint32 now; |
- certCacheEntry cce; |
+ PRUint32 now; |
+ certCacheEntry cce; |
if ((cert->derCert.len > SSL_MAX_CACHED_CERT_LEN) || |
(cert->derCert.len <= 0) || |
- (cert->derCert.data == NULL)) { |
- PORT_SetError(SEC_ERROR_INVALID_ARGS); |
- return 0; |
+ (cert->derCert.data == NULL)) { |
+ PORT_SetError(SEC_ERROR_INVALID_ARGS); |
+ return 0; |
} |
cce.sessionIDLength = sce->sessionIDLength; |
@@ -369,24 +364,23 @@ CacheCert(cacheDesc * cache, CERTCertificate *cert, sidCacheEntry *sce) |
now = LockSidCacheLock(cache->certCacheLock, 0); |
if (now) { |
- /* Find where to place the next cert cache entry. */ |
- cacheDesc * sharedCache = cache->sharedCache; |
- PRUint32 ndx = sharedCache->nextCertCacheEntry; |
+ /* Find where to place the next cert cache entry. */ |
+ cacheDesc *sharedCache = cache->sharedCache; |
+ PRUint32 ndx = sharedCache->nextCertCacheEntry; |
- /* write the entry */ |
- cache->certCacheData[ndx] = cce; |
+ /* write the entry */ |
+ cache->certCacheData[ndx] = cce; |
- /* remember where we put it. */ |
- sce->u.ssl3.certIndex = ndx; |
+ /* remember where we put it. */ |
+ sce->u.ssl3.certIndex = ndx; |
- /* update the "next" cache entry index */ |
- sharedCache->nextCertCacheEntry = |
- (ndx + 1) % cache->numCertCacheEntries; |
+ /* update the "next" cache entry index */ |
+ sharedCache->nextCertCacheEntry = |
+ (ndx + 1) % cache->numCertCacheEntries; |
- UnlockSidCacheLock(cache->certCacheLock); |
+ UnlockSidCacheLock(cache->certCacheLock); |
} |
return now; |
- |
} |
/* Server configuration hash tables need to account the SECITEM.type |
@@ -395,9 +389,9 @@ static PLHashNumber |
Get32BitNameHash(const SECItem *name) |
{ |
PLHashNumber rv = SECITEM_Hash(name); |
- |
+ |
PRUint8 *rvc = (PRUint8 *)&rv; |
- rvc[ name->len % sizeof(rv) ] ^= name->type; |
+ rvc[name->len % sizeof(rv)] ^= name->type; |
return rv; |
} |
@@ -405,16 +399,16 @@ Get32BitNameHash(const SECItem *name) |
/* Put a name in the cache. Update the cert index in the sce. |
*/ |
static PRUint32 |
-CacheSrvName(cacheDesc * cache, SECItem *name, sidCacheEntry *sce) |
+CacheSrvName(cacheDesc *cache, SECItem *name, sidCacheEntry *sce) |
{ |
- PRUint32 now; |
- PRUint32 ndx; |
- srvNameCacheEntry snce; |
+ PRUint32 now; |
+ PRUint32 ndx; |
+ srvNameCacheEntry snce; |
if (!name || name->len <= 0 || |
name->len > SSL_MAX_DNS_HOST_NAME) { |
- PORT_SetError(SEC_ERROR_INVALID_ARGS); |
- return 0; |
+ PORT_SetError(SEC_ERROR_INVALID_ARGS); |
+ return 0; |
} |
snce.type = name->type; |
@@ -423,7 +417,7 @@ CacheSrvName(cacheDesc * cache, SECItem *name, sidCacheEntry *sce) |
#ifdef NO_PKCS11_BYPASS |
HASH_HashBuf(HASH_AlgSHA256, snce.nameHash, name->data, name->len); |
#else |
- SHA256_HashBuf(snce.nameHash, (unsigned char*)name->data, |
+ SHA256_HashBuf(snce.nameHash, (unsigned char *)name->data, |
name->len); |
#endif |
/* get index of the next name */ |
@@ -441,7 +435,7 @@ CacheSrvName(cacheDesc * cache, SECItem *name, sidCacheEntry *sce) |
/* Copy hash into sid hash */ |
PORT_Memcpy(sce->u.ssl3.srvNameHash, snce.nameHash, SHA256_LENGTH); |
} |
- UnlockSidCacheLock(cache->srvNameCacheLock); |
+ UnlockSidCacheLock(cache->srvNameCacheLock); |
} |
return now; |
} |
@@ -449,72 +443,73 @@ CacheSrvName(cacheDesc * cache, SECItem *name, sidCacheEntry *sce) |
/* |
** Convert local SID to shared memory one |
*/ |
-static void |
+static void |
ConvertFromSID(sidCacheEntry *to, sslSessionID *from) |
{ |
- to->valid = 1; |
+ to->valid = 1; |
to->version = from->version; |
- to->addr = from->addr; |
- to->creationTime = from->creationTime; |
- to->lastAccessTime = from->lastAccessTime; |
- to->expirationTime = from->expirationTime; |
- to->authAlgorithm = from->authAlgorithm; |
- to->authKeyBits = from->authKeyBits; |
- to->keaType = from->keaType; |
- to->keaKeyBits = from->keaKeyBits; |
+ to->addr = from->addr; |
+ to->creationTime = from->creationTime; |
+ to->lastAccessTime = from->lastAccessTime; |
+ to->expirationTime = from->expirationTime; |
+ to->authAlgorithm = from->authAlgorithm; |
+ to->authKeyBits = from->authKeyBits; |
+ to->keaType = from->keaType; |
+ to->keaKeyBits = from->keaKeyBits; |
if (from->version < SSL_LIBRARY_VERSION_3_0) { |
- if ((from->u.ssl2.masterKey.len > SSL_MAX_MASTER_KEY_BYTES) || |
- (from->u.ssl2.cipherArg.len > SSL_MAX_CYPHER_ARG_BYTES)) { |
- SSL_DBG(("%d: SSL: masterKeyLen=%d cipherArgLen=%d", |
- myPid, from->u.ssl2.masterKey.len, |
- from->u.ssl2.cipherArg.len)); |
- to->valid = 0; |
- return; |
- } |
- |
- to->u.ssl2.cipherType = from->u.ssl2.cipherType; |
- to->u.ssl2.masterKeyLen = from->u.ssl2.masterKey.len; |
- to->u.ssl2.cipherArgLen = from->u.ssl2.cipherArg.len; |
- to->u.ssl2.keyBits = from->u.ssl2.keyBits; |
- to->u.ssl2.secretKeyBits = from->u.ssl2.secretKeyBits; |
- to->sessionIDLength = SSL2_SESSIONID_BYTES; |
- PORT_Memcpy(to->sessionID, from->u.ssl2.sessionID, SSL2_SESSIONID_BYTES); |
- PORT_Memcpy(to->u.ssl2.masterKey, from->u.ssl2.masterKey.data, |
- from->u.ssl2.masterKey.len); |
- PORT_Memcpy(to->u.ssl2.cipherArg, from->u.ssl2.cipherArg.data, |
- from->u.ssl2.cipherArg.len); |
+ if ((from->u.ssl2.masterKey.len > SSL_MAX_MASTER_KEY_BYTES) || |
+ (from->u.ssl2.cipherArg.len > SSL_MAX_CYPHER_ARG_BYTES)) { |
+ SSL_DBG(("%d: SSL: masterKeyLen=%d cipherArgLen=%d", |
+ myPid, from->u.ssl2.masterKey.len, |
+ from->u.ssl2.cipherArg.len)); |
+ to->valid = 0; |
+ return; |
+ } |
+ |
+ to->u.ssl2.cipherType = from->u.ssl2.cipherType; |
+ to->u.ssl2.masterKeyLen = from->u.ssl2.masterKey.len; |
+ to->u.ssl2.cipherArgLen = from->u.ssl2.cipherArg.len; |
+ to->u.ssl2.keyBits = from->u.ssl2.keyBits; |
+ to->u.ssl2.secretKeyBits = from->u.ssl2.secretKeyBits; |
+ to->sessionIDLength = SSL2_SESSIONID_BYTES; |
+ PORT_Memcpy(to->sessionID, from->u.ssl2.sessionID, SSL2_SESSIONID_BYTES); |
+ PORT_Memcpy(to->u.ssl2.masterKey, from->u.ssl2.masterKey.data, |
+ from->u.ssl2.masterKey.len); |
+ PORT_Memcpy(to->u.ssl2.cipherArg, from->u.ssl2.cipherArg.data, |
+ from->u.ssl2.cipherArg.len); |
#ifdef DEBUG |
- PORT_Memset(to->u.ssl2.masterKey+from->u.ssl2.masterKey.len, 0, |
- sizeof(to->u.ssl2.masterKey) - from->u.ssl2.masterKey.len); |
- PORT_Memset(to->u.ssl2.cipherArg+from->u.ssl2.cipherArg.len, 0, |
- sizeof(to->u.ssl2.cipherArg) - from->u.ssl2.cipherArg.len); |
+ PORT_Memset(to->u.ssl2.masterKey + from->u.ssl2.masterKey.len, 0, |
+ sizeof(to->u.ssl2.masterKey) - from->u.ssl2.masterKey.len); |
+ PORT_Memset(to->u.ssl2.cipherArg + from->u.ssl2.cipherArg.len, 0, |
+ sizeof(to->u.ssl2.cipherArg) - from->u.ssl2.cipherArg.len); |
#endif |
- SSL_TRC(8, ("%d: SSL: ConvertSID: masterKeyLen=%d cipherArgLen=%d " |
- "time=%d addr=0x%08x%08x%08x%08x cipherType=%d", myPid, |
- to->u.ssl2.masterKeyLen, to->u.ssl2.cipherArgLen, |
- to->creationTime, to->addr.pr_s6_addr32[0], |
- to->addr.pr_s6_addr32[1], to->addr.pr_s6_addr32[2], |
- to->addr.pr_s6_addr32[3], to->u.ssl2.cipherType)); |
+ SSL_TRC(8, ("%d: SSL: ConvertSID: masterKeyLen=%d cipherArgLen=%d " |
+ "time=%d addr=0x%08x%08x%08x%08x cipherType=%d", |
+ myPid, |
+ to->u.ssl2.masterKeyLen, to->u.ssl2.cipherArgLen, |
+ to->creationTime, to->addr.pr_s6_addr32[0], |
+ to->addr.pr_s6_addr32[1], to->addr.pr_s6_addr32[2], |
+ to->addr.pr_s6_addr32[3], to->u.ssl2.cipherType)); |
} else { |
- /* This is an SSL v3 session */ |
- |
- to->u.ssl3.cipherSuite = from->u.ssl3.cipherSuite; |
- to->u.ssl3.compression = (PRUint16)from->u.ssl3.compression; |
- to->u.ssl3.keys = from->u.ssl3.keys; |
- to->u.ssl3.masterWrapMech = from->u.ssl3.masterWrapMech; |
- to->u.ssl3.exchKeyType = from->u.ssl3.exchKeyType; |
- to->sessionIDLength = from->u.ssl3.sessionIDLength; |
- to->u.ssl3.certIndex = -1; |
- to->u.ssl3.srvNameIndex = -1; |
- PORT_Memcpy(to->sessionID, from->u.ssl3.sessionID, |
- to->sessionIDLength); |
- |
- SSL_TRC(8, ("%d: SSL3: ConvertSID: time=%d addr=0x%08x%08x%08x%08x " |
- "cipherSuite=%d", |
- myPid, to->creationTime, to->addr.pr_s6_addr32[0], |
- to->addr.pr_s6_addr32[1], to->addr.pr_s6_addr32[2], |
- to->addr.pr_s6_addr32[3], to->u.ssl3.cipherSuite)); |
+ /* This is an SSL v3 session */ |
+ |
+ to->u.ssl3.cipherSuite = from->u.ssl3.cipherSuite; |
+ to->u.ssl3.compression = (PRUint16)from->u.ssl3.compression; |
+ to->u.ssl3.keys = from->u.ssl3.keys; |
+ to->u.ssl3.masterWrapMech = from->u.ssl3.masterWrapMech; |
+ to->u.ssl3.exchKeyType = from->u.ssl3.exchKeyType; |
+ to->sessionIDLength = from->u.ssl3.sessionIDLength; |
+ to->u.ssl3.certIndex = -1; |
+ to->u.ssl3.srvNameIndex = -1; |
+ PORT_Memcpy(to->sessionID, from->u.ssl3.sessionID, |
+ to->sessionIDLength); |
+ |
+ SSL_TRC(8, ("%d: SSL3: ConvertSID: time=%d addr=0x%08x%08x%08x%08x " |
+ "cipherSuite=%d", |
+ myPid, to->creationTime, to->addr.pr_s6_addr32[0], |
+ to->addr.pr_s6_addr32[1], to->addr.pr_s6_addr32[2], |
+ to->addr.pr_s6_addr32[3], to->u.ssl3.cipherSuite)); |
} |
} |
@@ -523,144 +518,142 @@ ConvertFromSID(sidCacheEntry *to, sslSessionID *from) |
** This is only called from ServerSessionIDLookup(). |
*/ |
static sslSessionID * |
-ConvertToSID(sidCacheEntry * from, |
- certCacheEntry * pcce, |
+ConvertToSID(sidCacheEntry *from, |
+ certCacheEntry *pcce, |
srvNameCacheEntry *psnce, |
- CERTCertDBHandle * dbHandle) |
+ CERTCertDBHandle *dbHandle) |
{ |
sslSessionID *to; |
PRUint16 version = from->version; |
to = PORT_ZNew(sslSessionID); |
if (!to) { |
- return 0; |
+ return 0; |
} |
if (version < SSL_LIBRARY_VERSION_3_0) { |
- /* This is an SSL v2 session */ |
- to->u.ssl2.masterKey.data = |
- (unsigned char*) PORT_Alloc(from->u.ssl2.masterKeyLen); |
- if (!to->u.ssl2.masterKey.data) { |
- goto loser; |
- } |
- if (from->u.ssl2.cipherArgLen) { |
- to->u.ssl2.cipherArg.data = |
- (unsigned char*)PORT_Alloc(from->u.ssl2.cipherArgLen); |
- if (!to->u.ssl2.cipherArg.data) { |
- goto loser; |
- } |
- PORT_Memcpy(to->u.ssl2.cipherArg.data, from->u.ssl2.cipherArg, |
- from->u.ssl2.cipherArgLen); |
- } |
- |
- to->u.ssl2.cipherType = from->u.ssl2.cipherType; |
- to->u.ssl2.masterKey.len = from->u.ssl2.masterKeyLen; |
- to->u.ssl2.cipherArg.len = from->u.ssl2.cipherArgLen; |
- to->u.ssl2.keyBits = from->u.ssl2.keyBits; |
- to->u.ssl2.secretKeyBits = from->u.ssl2.secretKeyBits; |
-/* to->sessionIDLength = SSL2_SESSIONID_BYTES; */ |
- PORT_Memcpy(to->u.ssl2.sessionID, from->sessionID, SSL2_SESSIONID_BYTES); |
- PORT_Memcpy(to->u.ssl2.masterKey.data, from->u.ssl2.masterKey, |
- from->u.ssl2.masterKeyLen); |
- |
- SSL_TRC(8, ("%d: SSL: ConvertToSID: masterKeyLen=%d cipherArgLen=%d " |
- "time=%d addr=0x%08x%08x%08x%08x cipherType=%d", |
- myPid, to->u.ssl2.masterKey.len, |
- to->u.ssl2.cipherArg.len, to->creationTime, |
- to->addr.pr_s6_addr32[0], to->addr.pr_s6_addr32[1], |
- to->addr.pr_s6_addr32[2], to->addr.pr_s6_addr32[3], |
- to->u.ssl2.cipherType)); |
+ /* This is an SSL v2 session */ |
+ to->u.ssl2.masterKey.data = |
+ (unsigned char *)PORT_Alloc(from->u.ssl2.masterKeyLen); |
+ if (!to->u.ssl2.masterKey.data) { |
+ goto loser; |
+ } |
+ if (from->u.ssl2.cipherArgLen) { |
+ to->u.ssl2.cipherArg.data = |
+ (unsigned char *)PORT_Alloc(from->u.ssl2.cipherArgLen); |
+ if (!to->u.ssl2.cipherArg.data) { |
+ goto loser; |
+ } |
+ PORT_Memcpy(to->u.ssl2.cipherArg.data, from->u.ssl2.cipherArg, |
+ from->u.ssl2.cipherArgLen); |
+ } |
+ |
+ to->u.ssl2.cipherType = from->u.ssl2.cipherType; |
+ to->u.ssl2.masterKey.len = from->u.ssl2.masterKeyLen; |
+ to->u.ssl2.cipherArg.len = from->u.ssl2.cipherArgLen; |
+ to->u.ssl2.keyBits = from->u.ssl2.keyBits; |
+ to->u.ssl2.secretKeyBits = from->u.ssl2.secretKeyBits; |
+ /* to->sessionIDLength = SSL2_SESSIONID_BYTES; */ |
+ PORT_Memcpy(to->u.ssl2.sessionID, from->sessionID, SSL2_SESSIONID_BYTES); |
+ PORT_Memcpy(to->u.ssl2.masterKey.data, from->u.ssl2.masterKey, |
+ from->u.ssl2.masterKeyLen); |
+ |
+ SSL_TRC(8, ("%d: SSL: ConvertToSID: masterKeyLen=%d cipherArgLen=%d " |
+ "time=%d addr=0x%08x%08x%08x%08x cipherType=%d", |
+ myPid, to->u.ssl2.masterKey.len, |
+ to->u.ssl2.cipherArg.len, to->creationTime, |
+ to->addr.pr_s6_addr32[0], to->addr.pr_s6_addr32[1], |
+ to->addr.pr_s6_addr32[2], to->addr.pr_s6_addr32[3], |
+ to->u.ssl2.cipherType)); |
} else { |
- /* This is an SSL v3 session */ |
- |
- to->u.ssl3.sessionIDLength = from->sessionIDLength; |
- to->u.ssl3.cipherSuite = from->u.ssl3.cipherSuite; |
- to->u.ssl3.compression = (SSLCompressionMethod)from->u.ssl3.compression; |
- to->u.ssl3.keys = from->u.ssl3.keys; |
- to->u.ssl3.masterWrapMech = from->u.ssl3.masterWrapMech; |
- to->u.ssl3.exchKeyType = from->u.ssl3.exchKeyType; |
- if (from->u.ssl3.srvNameIndex != -1 && psnce) { |
+ /* This is an SSL v3 session */ |
+ |
+ to->u.ssl3.sessionIDLength = from->sessionIDLength; |
+ to->u.ssl3.cipherSuite = from->u.ssl3.cipherSuite; |
+ to->u.ssl3.compression = (SSLCompressionMethod)from->u.ssl3.compression; |
+ to->u.ssl3.keys = from->u.ssl3.keys; |
+ to->u.ssl3.masterWrapMech = from->u.ssl3.masterWrapMech; |
+ to->u.ssl3.exchKeyType = from->u.ssl3.exchKeyType; |
+ if (from->u.ssl3.srvNameIndex != -1 && psnce) { |
SECItem name; |
SECStatus rv; |
- name.type = psnce->type; |
- name.len = psnce->nameLen; |
- name.data = psnce->name; |
+ name.type = psnce->type; |
+ name.len = psnce->nameLen; |
+ name.data = psnce->name; |
rv = SECITEM_CopyItem(NULL, &to->u.ssl3.srvName, &name); |
if (rv != SECSuccess) { |
goto loser; |
} |
} |
- PORT_Memcpy(to->u.ssl3.sessionID, from->sessionID, from->sessionIDLength); |
+ PORT_Memcpy(to->u.ssl3.sessionID, from->sessionID, from->sessionIDLength); |
- /* the portions of the SID that are only restored on the client |
- * are set to invalid values on the server. |
- */ |
- to->u.ssl3.clientWriteKey = NULL; |
- to->u.ssl3.serverWriteKey = NULL; |
+ /* the portions of the SID that are only restored on the client |
+ * are set to invalid values on the server. |
+ */ |
+ to->u.ssl3.clientWriteKey = NULL; |
+ to->u.ssl3.serverWriteKey = NULL; |
- to->urlSvrName = NULL; |
+ to->urlSvrName = NULL; |
- to->u.ssl3.masterModuleID = (SECMODModuleID)-1; /* invalid value */ |
- to->u.ssl3.masterSlotID = (CK_SLOT_ID)-1; /* invalid value */ |
- to->u.ssl3.masterWrapIndex = 0; |
- to->u.ssl3.masterWrapSeries = 0; |
- to->u.ssl3.masterValid = PR_FALSE; |
+ to->u.ssl3.masterModuleID = (SECMODModuleID)-1; /* invalid value */ |
+ to->u.ssl3.masterSlotID = (CK_SLOT_ID)-1; /* invalid value */ |
+ to->u.ssl3.masterWrapIndex = 0; |
+ to->u.ssl3.masterWrapSeries = 0; |
+ to->u.ssl3.masterValid = PR_FALSE; |
- to->u.ssl3.clAuthModuleID = (SECMODModuleID)-1; /* invalid value */ |
- to->u.ssl3.clAuthSlotID = (CK_SLOT_ID)-1; /* invalid value */ |
- to->u.ssl3.clAuthSeries = 0; |
- to->u.ssl3.clAuthValid = PR_FALSE; |
+ to->u.ssl3.clAuthModuleID = (SECMODModuleID)-1; /* invalid value */ |
+ to->u.ssl3.clAuthSlotID = (CK_SLOT_ID)-1; /* invalid value */ |
+ to->u.ssl3.clAuthSeries = 0; |
+ to->u.ssl3.clAuthValid = PR_FALSE; |
- if (from->u.ssl3.certIndex != -1 && pcce) { |
- SECItem derCert; |
+ if (from->u.ssl3.certIndex != -1 && pcce) { |
+ SECItem derCert; |
- derCert.len = pcce->certLength; |
- derCert.data = pcce->cert; |
+ derCert.len = pcce->certLength; |
+ derCert.data = pcce->cert; |
- to->peerCert = CERT_NewTempCertificate(dbHandle, &derCert, NULL, |
- PR_FALSE, PR_TRUE); |
- if (to->peerCert == NULL) |
- goto loser; |
- } |
+ to->peerCert = CERT_NewTempCertificate(dbHandle, &derCert, NULL, |
+ PR_FALSE, PR_TRUE); |
+ if (to->peerCert == NULL) |
+ goto loser; |
+ } |
} |
- to->version = from->version; |
- to->creationTime = from->creationTime; |
- to->lastAccessTime = from->lastAccessTime; |
- to->expirationTime = from->expirationTime; |
- to->cached = in_server_cache; |
- to->addr = from->addr; |
- to->references = 1; |
- to->authAlgorithm = from->authAlgorithm; |
- to->authKeyBits = from->authKeyBits; |
- to->keaType = from->keaType; |
- to->keaKeyBits = from->keaKeyBits; |
+ to->version = from->version; |
+ to->creationTime = from->creationTime; |
+ to->lastAccessTime = from->lastAccessTime; |
+ to->expirationTime = from->expirationTime; |
+ to->cached = in_server_cache; |
+ to->addr = from->addr; |
+ to->references = 1; |
+ to->authAlgorithm = from->authAlgorithm; |
+ to->authKeyBits = from->authKeyBits; |
+ to->keaType = from->keaType; |
+ to->keaKeyBits = from->keaKeyBits; |
return to; |
- loser: |
+loser: |
if (to) { |
- if (version < SSL_LIBRARY_VERSION_3_0) { |
- if (to->u.ssl2.masterKey.data) |
- PORT_Free(to->u.ssl2.masterKey.data); |
- if (to->u.ssl2.cipherArg.data) |
- PORT_Free(to->u.ssl2.cipherArg.data); |
- } else { |
+ if (version < SSL_LIBRARY_VERSION_3_0) { |
+ if (to->u.ssl2.masterKey.data) |
+ PORT_Free(to->u.ssl2.masterKey.data); |
+ if (to->u.ssl2.cipherArg.data) |
+ PORT_Free(to->u.ssl2.cipherArg.data); |
+ } else { |
SECITEM_FreeItem(&to->u.ssl3.srvName, PR_FALSE); |
} |
- PORT_Free(to); |
+ PORT_Free(to); |
} |
return NULL; |
} |
- |
- |
/* |
** Perform some mumbo jumbo on the ip-address and the session-id value to |
** compute a hash value. |
*/ |
-static PRUint32 |
+static PRUint32 |
SIDindex(cacheDesc *cache, const PRIPv6Addr *addr, PRUint8 *s, unsigned nl) |
{ |
PRUint32 rv; |
@@ -668,18 +661,16 @@ SIDindex(cacheDesc *cache, const PRIPv6Addr *addr, PRUint8 *s, unsigned nl) |
memset(x, 0, sizeof x); |
if (nl > sizeof x) |
- nl = sizeof x; |
+ nl = sizeof x; |
memcpy(x, s, nl); |
rv = (addr->pr_s6_addr32[0] ^ addr->pr_s6_addr32[1] ^ |
- addr->pr_s6_addr32[2] ^ addr->pr_s6_addr32[3] ^ |
- x[0] ^ x[1] ^ x[2] ^ x[3] ^ x[4] ^ x[5] ^ x[6] ^ x[7]) |
- % cache->numSIDCacheSets; |
+ addr->pr_s6_addr32[2] ^ addr->pr_s6_addr32[3] ^ |
+ x[0] ^ x[1] ^ x[2] ^ x[3] ^ x[4] ^ x[5] ^ x[6] ^ x[7]) % |
+ cache->numSIDCacheSets; |
return rv; |
} |
- |
- |
/* |
** Look something up in the cache. This will invalidate old entries |
** in the process. Caller has locked the cache set! |
@@ -688,45 +679,45 @@ SIDindex(cacheDesc *cache, const PRIPv6Addr *addr, PRUint8 *s, unsigned nl) |
static sidCacheEntry * |
FindSID(cacheDesc *cache, PRUint32 setNum, PRUint32 now, |
const PRIPv6Addr *addr, unsigned char *sessionID, |
- unsigned sessionIDLength) |
+ unsigned sessionIDLength) |
{ |
- PRUint32 ndx = cache->sidCacheSets[setNum].next; |
- int i; |
+ PRUint32 ndx = cache->sidCacheSets[setNum].next; |
+ int i; |
- sidCacheEntry * set = cache->sidCacheData + |
- (setNum * SID_CACHE_ENTRIES_PER_SET); |
+ sidCacheEntry *set = cache->sidCacheData + |
+ (setNum * SID_CACHE_ENTRIES_PER_SET); |
for (i = SID_CACHE_ENTRIES_PER_SET; i > 0; --i) { |
- sidCacheEntry * sce; |
- |
- ndx = (ndx - 1) % SID_CACHE_ENTRIES_PER_SET; |
- sce = set + ndx; |
- |
- if (!sce->valid) |
- continue; |
- |
- if (now > sce->expirationTime) { |
- /* SessionID has timed out. Invalidate the entry. */ |
- SSL_TRC(7, ("%d: timed out sid entry addr=%08x%08x%08x%08x now=%x " |
- "time+=%x", |
- myPid, sce->addr.pr_s6_addr32[0], |
- sce->addr.pr_s6_addr32[1], sce->addr.pr_s6_addr32[2], |
- sce->addr.pr_s6_addr32[3], now, |
- sce->expirationTime )); |
- sce->valid = 0; |
- continue; |
- } |
- |
- /* |
- ** Next, examine specific session-id/addr data to see if the cache |
- ** entry matches our addr+session-id value |
- */ |
- if (sessionIDLength == sce->sessionIDLength && |
- !memcmp(&sce->addr, addr, sizeof(PRIPv6Addr)) && |
- !memcmp(sce->sessionID, sessionID, sessionIDLength)) { |
- /* Found it */ |
- return sce; |
- } |
+ sidCacheEntry *sce; |
+ |
+ ndx = (ndx - 1) % SID_CACHE_ENTRIES_PER_SET; |
+ sce = set + ndx; |
+ |
+ if (!sce->valid) |
+ continue; |
+ |
+ if (now > sce->expirationTime) { |
+ /* SessionID has timed out. Invalidate the entry. */ |
+ SSL_TRC(7, ("%d: timed out sid entry addr=%08x%08x%08x%08x now=%x " |
+ "time+=%x", |
+ myPid, sce->addr.pr_s6_addr32[0], |
+ sce->addr.pr_s6_addr32[1], sce->addr.pr_s6_addr32[2], |
+ sce->addr.pr_s6_addr32[3], now, |
+ sce->expirationTime)); |
+ sce->valid = 0; |
+ continue; |
+ } |
+ |
+ /* |
+ ** Next, examine specific session-id/addr data to see if the cache |
+ ** entry matches our addr+session-id value |
+ */ |
+ if (sessionIDLength == sce->sessionIDLength && |
+ !memcmp(&sce->addr, addr, sizeof(PRIPv6Addr)) && |
+ !memcmp(sce->sessionID, sessionID, sessionIDLength)) { |
+ /* Found it */ |
+ return sce; |
+ } |
} |
PORT_SetError(SSL_ERROR_SESSION_NOT_FOUND); |
@@ -736,49 +727,49 @@ FindSID(cacheDesc *cache, PRUint32 setNum, PRUint32 now, |
/************************************************************************/ |
/* This is the primary function for finding entries in the server's sid cache. |
- * Although it is static, this function is called via the global function |
+ * Although it is static, this function is called via the global function |
* pointer ssl_sid_lookup. |
*/ |
static sslSessionID * |
ServerSessionIDLookup(const PRIPv6Addr *addr, |
- unsigned char *sessionID, |
- unsigned int sessionIDLength, |
- CERTCertDBHandle * dbHandle) |
+ unsigned char *sessionID, |
+ unsigned int sessionIDLength, |
+ CERTCertDBHandle *dbHandle) |
{ |
- sslSessionID * sid = 0; |
- sidCacheEntry * psce; |
- certCacheEntry *pcce = 0; |
+ sslSessionID *sid = 0; |
+ sidCacheEntry *psce; |
+ certCacheEntry *pcce = 0; |
srvNameCacheEntry *psnce = 0; |
- cacheDesc * cache = &globalCache; |
- PRUint32 now; |
- PRUint32 set; |
- PRInt32 cndx; |
- sidCacheEntry sce; |
- certCacheEntry cce; |
+ cacheDesc *cache = &globalCache; |
+ PRUint32 now; |
+ PRUint32 set; |
+ PRInt32 cndx; |
+ sidCacheEntry sce; |
+ certCacheEntry cce; |
srvNameCacheEntry snce; |
set = SIDindex(cache, addr, sessionID, sessionIDLength); |
now = LockSet(cache, set, 0); |
if (!now) |
- return NULL; |
+ return NULL; |
psce = FindSID(cache, set, now, addr, sessionID, sessionIDLength); |
if (psce) { |
- if (psce->version >= SSL_LIBRARY_VERSION_3_0) { |
- if ((cndx = psce->u.ssl3.certIndex) != -1) { |
- |
+ if (psce->version >= SSL_LIBRARY_VERSION_3_0) { |
+ if ((cndx = psce->u.ssl3.certIndex) != -1) { |
+ |
PRUint32 gotLock = LockSidCacheLock(cache->certCacheLock, now); |
if (gotLock) { |
pcce = &cache->certCacheData[cndx]; |
- |
+ |
/* See if the cert's session ID matches the sce cache. */ |
if ((pcce->sessionIDLength == psce->sessionIDLength) && |
- !PORT_Memcmp(pcce->sessionID, psce->sessionID, |
+ !PORT_Memcmp(pcce->sessionID, psce->sessionID, |
pcce->sessionIDLength)) { |
cce = *pcce; |
} else { |
- /* The cert doesen't match the SID cache entry, |
- ** so invalidate the SID cache entry. |
+ /* The cert doesen't match the SID cache entry, |
+ ** so invalidate the SID cache entry. |
*/ |
psce->valid = 0; |
psce = 0; |
@@ -799,13 +790,13 @@ ServerSessionIDLookup(const PRIPv6Addr *addr, |
now); |
if (gotLock) { |
psnce = &cache->srvNameCacheData[cndx]; |
- |
- if (!PORT_Memcmp(psnce->nameHash, psce->u.ssl3.srvNameHash, |
+ |
+ if (!PORT_Memcmp(psnce->nameHash, psce->u.ssl3.srvNameHash, |
SHA256_LENGTH)) { |
snce = *psnce; |
} else { |
- /* The name doesen't match the SID cache entry, |
- ** so invalidate the SID cache entry. |
+ /* The name doesen't match the SID cache entry, |
+ ** so invalidate the SID cache entry. |
*/ |
psce->valid = 0; |
psce = 0; |
@@ -820,80 +811,80 @@ ServerSessionIDLookup(const PRIPv6Addr *addr, |
psce = 0; |
psnce = 0; |
} |
- |
} |
} |
- if (psce) { |
- psce->lastAccessTime = now; |
- sce = *psce; /* grab a copy while holding the lock */ |
- } |
+ if (psce) { |
+ psce->lastAccessTime = now; |
+ sce = *psce; /* grab a copy while holding the lock */ |
+ } |
} |
UnlockSet(cache, set); |
if (psce) { |
- /* sce conains a copy of the cache entry. |
- ** Convert shared memory format to local format |
- */ |
- sid = ConvertToSID(&sce, pcce ? &cce : 0, psnce ? &snce : 0, dbHandle); |
+ /* sce conains a copy of the cache entry. |
+ ** Convert shared memory format to local format |
+ */ |
+ sid = ConvertToSID(&sce, pcce ? &cce : 0, psnce ? &snce : 0, dbHandle); |
} |
return sid; |
} |
/* |
-** Place a sid into the cache, if it isn't already there. |
+** Place a sid into the cache, if it isn't already there. |
*/ |
-static void |
+static void |
ServerSessionIDCache(sslSessionID *sid) |
{ |
sidCacheEntry sce; |
- PRUint32 now = 0; |
- PRUint16 version = sid->version; |
- cacheDesc * cache = &globalCache; |
+ PRUint32 now = 0; |
+ PRUint16 version = sid->version; |
+ cacheDesc *cache = &globalCache; |
if ((version >= SSL_LIBRARY_VERSION_3_0) && |
- (sid->u.ssl3.sessionIDLength == 0)) { |
- return; |
+ (sid->u.ssl3.sessionIDLength == 0)) { |
+ return; |
} |
if (sid->cached == never_cached || sid->cached == invalid_cache) { |
- PRUint32 set; |
- |
- PORT_Assert(sid->creationTime != 0); |
- if (!sid->creationTime) |
- sid->lastAccessTime = sid->creationTime = ssl_Time(); |
- if (version < SSL_LIBRARY_VERSION_3_0) { |
- /* override caller's expiration time, which uses client timeout |
- * duration, not server timeout duration. |
- */ |
- sid->expirationTime = sid->creationTime + cache->ssl2Timeout; |
- SSL_TRC(8, ("%d: SSL: CacheMT: cached=%d addr=0x%08x%08x%08x%08x time=%x " |
- "cipher=%d", myPid, sid->cached, |
- sid->addr.pr_s6_addr32[0], sid->addr.pr_s6_addr32[1], |
- sid->addr.pr_s6_addr32[2], sid->addr.pr_s6_addr32[3], |
- sid->creationTime, sid->u.ssl2.cipherType)); |
- PRINT_BUF(8, (0, "sessionID:", sid->u.ssl2.sessionID, |
- SSL2_SESSIONID_BYTES)); |
- PRINT_BUF(8, (0, "masterKey:", sid->u.ssl2.masterKey.data, |
- sid->u.ssl2.masterKey.len)); |
- PRINT_BUF(8, (0, "cipherArg:", sid->u.ssl2.cipherArg.data, |
- sid->u.ssl2.cipherArg.len)); |
- |
- } else { |
- /* override caller's expiration time, which uses client timeout |
- * duration, not server timeout duration. |
- */ |
- sid->expirationTime = sid->creationTime + cache->ssl3Timeout; |
- SSL_TRC(8, ("%d: SSL: CacheMT: cached=%d addr=0x%08x%08x%08x%08x time=%x " |
- "cipherSuite=%d", myPid, sid->cached, |
- sid->addr.pr_s6_addr32[0], sid->addr.pr_s6_addr32[1], |
- sid->addr.pr_s6_addr32[2], sid->addr.pr_s6_addr32[3], |
- sid->creationTime, sid->u.ssl3.cipherSuite)); |
- PRINT_BUF(8, (0, "sessionID:", sid->u.ssl3.sessionID, |
- sid->u.ssl3.sessionIDLength)); |
- } |
- |
- ConvertFromSID(&sce, sid); |
- |
- if (version >= SSL_LIBRARY_VERSION_3_0) { |
+ PRUint32 set; |
+ |
+ PORT_Assert(sid->creationTime != 0); |
+ if (!sid->creationTime) |
+ sid->lastAccessTime = sid->creationTime = ssl_Time(); |
+ if (version < SSL_LIBRARY_VERSION_3_0) { |
+ /* override caller's expiration time, which uses client timeout |
+ * duration, not server timeout duration. |
+ */ |
+ sid->expirationTime = sid->creationTime + cache->ssl2Timeout; |
+ SSL_TRC(8, ("%d: SSL: CacheMT: cached=%d addr=0x%08x%08x%08x%08x time=%x " |
+ "cipher=%d", |
+ myPid, sid->cached, |
+ sid->addr.pr_s6_addr32[0], sid->addr.pr_s6_addr32[1], |
+ sid->addr.pr_s6_addr32[2], sid->addr.pr_s6_addr32[3], |
+ sid->creationTime, sid->u.ssl2.cipherType)); |
+ PRINT_BUF(8, (0, "sessionID:", sid->u.ssl2.sessionID, |
+ SSL2_SESSIONID_BYTES)); |
+ PRINT_BUF(8, (0, "masterKey:", sid->u.ssl2.masterKey.data, |
+ sid->u.ssl2.masterKey.len)); |
+ PRINT_BUF(8, (0, "cipherArg:", sid->u.ssl2.cipherArg.data, |
+ sid->u.ssl2.cipherArg.len)); |
+ } else { |
+ /* override caller's expiration time, which uses client timeout |
+ * duration, not server timeout duration. |
+ */ |
+ sid->expirationTime = sid->creationTime + cache->ssl3Timeout; |
+ SSL_TRC(8, ("%d: SSL: CacheMT: cached=%d addr=0x%08x%08x%08x%08x time=%x " |
+ "cipherSuite=%d", |
+ myPid, sid->cached, |
+ sid->addr.pr_s6_addr32[0], sid->addr.pr_s6_addr32[1], |
+ sid->addr.pr_s6_addr32[2], sid->addr.pr_s6_addr32[3], |
+ sid->creationTime, sid->u.ssl3.cipherSuite)); |
+ PRINT_BUF(8, (0, "sessionID:", sid->u.ssl3.sessionID, |
+ sid->u.ssl3.sessionIDLength)); |
+ } |
+ |
+ ConvertFromSID(&sce, sid); |
+ |
+ if (version >= SSL_LIBRARY_VERSION_3_0) { |
SECItem *name = &sid->u.ssl3.srvName; |
if (name->len && name->data) { |
now = CacheSrvName(cache, name, &sce); |
@@ -901,80 +892,82 @@ ServerSessionIDCache(sslSessionID *sid) |
if (sid->peerCert != NULL) { |
now = CacheCert(cache, sid->peerCert, &sce); |
} |
- } |
+ } |
- set = SIDindex(cache, &sce.addr, sce.sessionID, sce.sessionIDLength); |
- now = LockSet(cache, set, now); |
- if (now) { |
- PRUint32 next = cache->sidCacheSets[set].next; |
- PRUint32 ndx = set * SID_CACHE_ENTRIES_PER_SET + next; |
+ set = SIDindex(cache, &sce.addr, sce.sessionID, sce.sessionIDLength); |
+ now = LockSet(cache, set, now); |
+ if (now) { |
+ PRUint32 next = cache->sidCacheSets[set].next; |
+ PRUint32 ndx = set * SID_CACHE_ENTRIES_PER_SET + next; |
- /* Write out new cache entry */ |
- cache->sidCacheData[ndx] = sce; |
+ /* Write out new cache entry */ |
+ cache->sidCacheData[ndx] = sce; |
- cache->sidCacheSets[set].next = |
- (next + 1) % SID_CACHE_ENTRIES_PER_SET; |
+ cache->sidCacheSets[set].next = |
+ (next + 1) % SID_CACHE_ENTRIES_PER_SET; |
- UnlockSet(cache, set); |
- sid->cached = in_server_cache; |
- } |
+ UnlockSet(cache, set); |
+ sid->cached = in_server_cache; |
+ } |
} |
} |
/* |
** Although this is static, it is called from ssl via global function pointer |
-** ssl_sid_uncache. This invalidates the referenced cache entry. |
+** ssl_sid_uncache. This invalidates the referenced cache entry. |
*/ |
-static void |
+static void |
ServerSessionIDUncache(sslSessionID *sid) |
{ |
- cacheDesc * cache = &globalCache; |
- PRUint8 * sessionID; |
- unsigned int sessionIDLength; |
- PRErrorCode err; |
- PRUint32 set; |
- PRUint32 now; |
+ cacheDesc *cache = &globalCache; |
+ PRUint8 *sessionID; |
+ unsigned int sessionIDLength; |
+ PRErrorCode err; |
+ PRUint32 set; |
+ PRUint32 now; |
sidCacheEntry *psce; |
- if (sid == NULL) |
- return; |
- |
- /* Uncaching a SID should never change the error code. |
+ if (sid == NULL) |
+ return; |
+ |
+ /* Uncaching a SID should never change the error code. |
** So save it here and restore it before exiting. |
*/ |
err = PR_GetError(); |
if (sid->version < SSL_LIBRARY_VERSION_3_0) { |
- sessionID = sid->u.ssl2.sessionID; |
- sessionIDLength = SSL2_SESSIONID_BYTES; |
- SSL_TRC(8, ("%d: SSL: UncacheMT: valid=%d addr=0x%08x%08x%08x%08x time=%x " |
- "cipher=%d", myPid, sid->cached, |
- sid->addr.pr_s6_addr32[0], sid->addr.pr_s6_addr32[1], |
- sid->addr.pr_s6_addr32[2], sid->addr.pr_s6_addr32[3], |
- sid->creationTime, sid->u.ssl2.cipherType)); |
- PRINT_BUF(8, (0, "sessionID:", sessionID, sessionIDLength)); |
- PRINT_BUF(8, (0, "masterKey:", sid->u.ssl2.masterKey.data, |
- sid->u.ssl2.masterKey.len)); |
- PRINT_BUF(8, (0, "cipherArg:", sid->u.ssl2.cipherArg.data, |
- sid->u.ssl2.cipherArg.len)); |
+ sessionID = sid->u.ssl2.sessionID; |
+ sessionIDLength = SSL2_SESSIONID_BYTES; |
+ SSL_TRC(8, ("%d: SSL: UncacheMT: valid=%d addr=0x%08x%08x%08x%08x time=%x " |
+ "cipher=%d", |
+ myPid, sid->cached, |
+ sid->addr.pr_s6_addr32[0], sid->addr.pr_s6_addr32[1], |
+ sid->addr.pr_s6_addr32[2], sid->addr.pr_s6_addr32[3], |
+ sid->creationTime, sid->u.ssl2.cipherType)); |
+ PRINT_BUF(8, (0, "sessionID:", sessionID, sessionIDLength)); |
+ PRINT_BUF(8, (0, "masterKey:", sid->u.ssl2.masterKey.data, |
+ sid->u.ssl2.masterKey.len)); |
+ PRINT_BUF(8, (0, "cipherArg:", sid->u.ssl2.cipherArg.data, |
+ sid->u.ssl2.cipherArg.len)); |
} else { |
- sessionID = sid->u.ssl3.sessionID; |
- sessionIDLength = sid->u.ssl3.sessionIDLength; |
- SSL_TRC(8, ("%d: SSL3: UncacheMT: valid=%d addr=0x%08x%08x%08x%08x time=%x " |
- "cipherSuite=%d", myPid, sid->cached, |
- sid->addr.pr_s6_addr32[0], sid->addr.pr_s6_addr32[1], |
- sid->addr.pr_s6_addr32[2], sid->addr.pr_s6_addr32[3], |
- sid->creationTime, sid->u.ssl3.cipherSuite)); |
- PRINT_BUF(8, (0, "sessionID:", sessionID, sessionIDLength)); |
+ sessionID = sid->u.ssl3.sessionID; |
+ sessionIDLength = sid->u.ssl3.sessionIDLength; |
+ SSL_TRC(8, ("%d: SSL3: UncacheMT: valid=%d addr=0x%08x%08x%08x%08x time=%x " |
+ "cipherSuite=%d", |
+ myPid, sid->cached, |
+ sid->addr.pr_s6_addr32[0], sid->addr.pr_s6_addr32[1], |
+ sid->addr.pr_s6_addr32[2], sid->addr.pr_s6_addr32[3], |
+ sid->creationTime, sid->u.ssl3.cipherSuite)); |
+ PRINT_BUF(8, (0, "sessionID:", sessionID, sessionIDLength)); |
} |
set = SIDindex(cache, &sid->addr, sessionID, sessionIDLength); |
now = LockSet(cache, set, 0); |
if (now) { |
- psce = FindSID(cache, set, now, &sid->addr, sessionID, sessionIDLength); |
- if (psce) { |
- psce->valid = 0; |
- } |
- UnlockSet(cache, set); |
+ psce = FindSID(cache, set, now, &sid->addr, sessionID, sessionIDLength); |
+ if (psce) { |
+ psce->valid = 0; |
+ } |
+ UnlockSet(cache, set); |
} |
sid->cached = invalid_cache; |
PORT_SetError(err); |
@@ -985,7 +978,8 @@ ServerSessionIDUncache(sslSessionID *sid) |
#define INCL_DOSPROCESS |
#include <os2.h> |
-long gettid(void) |
+long |
+gettid(void) |
{ |
PTIB ptib; |
PPIB ppib; |
@@ -1000,59 +994,59 @@ CloseCache(cacheDesc *cache) |
int locks_initialized = cache->numSIDCacheLocksInitialized; |
if (cache->cacheMem) { |
- if (cache->sharedCache) { |
- sidCacheLock *pLock = cache->sidCacheLocks; |
- for (; locks_initialized > 0; --locks_initialized, ++pLock ) { |
- /* If everInherited is true, this shared cache was (and may |
- ** still be) in use by multiple processes. We do not wish to |
- ** destroy the mutexes while they are still in use, but we do |
- ** want to free mutex resources associated with this process. |
- */ |
- sslMutex_Destroy(&pLock->mutex, |
- cache->sharedCache->everInherited); |
- } |
- } |
- if (cache->shared) { |
- PR_MemUnmap(cache->cacheMem, cache->cacheMemSize); |
- } else { |
- PORT_Free(cache->cacheMem); |
- } |
- cache->cacheMem = NULL; |
+ if (cache->sharedCache) { |
+ sidCacheLock *pLock = cache->sidCacheLocks; |
+ for (; locks_initialized > 0; --locks_initialized, ++pLock) { |
+ /* If everInherited is true, this shared cache was (and may |
+ ** still be) in use by multiple processes. We do not wish to |
+ ** destroy the mutexes while they are still in use, but we do |
+ ** want to free mutex resources associated with this process. |
+ */ |
+ sslMutex_Destroy(&pLock->mutex, |
+ cache->sharedCache->everInherited); |
+ } |
+ } |
+ if (cache->shared) { |
+ PR_MemUnmap(cache->cacheMem, cache->cacheMemSize); |
+ } else { |
+ PORT_Free(cache->cacheMem); |
+ } |
+ cache->cacheMem = NULL; |
} |
if (cache->cacheMemMap) { |
- PR_CloseFileMap(cache->cacheMemMap); |
- cache->cacheMemMap = NULL; |
+ PR_CloseFileMap(cache->cacheMemMap); |
+ cache->cacheMemMap = NULL; |
} |
memset(cache, 0, sizeof *cache); |
} |
static SECStatus |
InitCache(cacheDesc *cache, int maxCacheEntries, int maxCertCacheEntries, |
- int maxSrvNameCacheEntries, PRUint32 ssl2_timeout, |
+ int maxSrvNameCacheEntries, PRUint32 ssl2_timeout, |
PRUint32 ssl3_timeout, const char *directory, PRBool shared) |
{ |
- ptrdiff_t ptr; |
+ ptrdiff_t ptr; |
sidCacheLock *pLock; |
- char * cacheMem; |
- PRFileMap * cacheMemMap; |
- char * cfn = NULL; /* cache file name */ |
- int locks_initialized = 0; |
- int locks_to_initialize = 0; |
- PRUint32 init_time; |
- |
- if ( (!cache) || (maxCacheEntries < 0) || (!directory) ) { |
+ char *cacheMem; |
+ PRFileMap *cacheMemMap; |
+ char *cfn = NULL; /* cache file name */ |
+ int locks_initialized = 0; |
+ int locks_to_initialize = 0; |
+ PRUint32 init_time; |
+ |
+ if ((!cache) || (maxCacheEntries < 0) || (!directory)) { |
PORT_SetError(SEC_ERROR_INVALID_ARGS); |
return SECFailure; |
} |
if (cache->cacheMem) { |
- /* Already done */ |
- return SECSuccess; |
+ /* Already done */ |
+ return SECSuccess; |
} |
/* make sure loser can clean up properly */ |
cache->shared = shared; |
- cache->cacheMem = cacheMem = NULL; |
+ cache->cacheMem = cacheMem = NULL; |
cache->cacheMemMap = cacheMemMap = NULL; |
cache->sharedCache = (cacheDesc *)0; |
@@ -1063,71 +1057,71 @@ InitCache(cacheDesc *cache, int maxCacheEntries, int maxCertCacheEntries, |
cache->poller = NULL; |
cache->mutexTimeout = 0; |
- cache->numSIDCacheEntries = maxCacheEntries ? maxCacheEntries |
+ cache->numSIDCacheEntries = maxCacheEntries ? maxCacheEntries |
: DEF_SID_CACHE_ENTRIES; |
- cache->numSIDCacheSets = |
- SID_HOWMANY(cache->numSIDCacheEntries, SID_CACHE_ENTRIES_PER_SET); |
+ cache->numSIDCacheSets = |
+ SID_HOWMANY(cache->numSIDCacheEntries, SID_CACHE_ENTRIES_PER_SET); |
- cache->numSIDCacheEntries = |
- cache->numSIDCacheSets * SID_CACHE_ENTRIES_PER_SET; |
+ cache->numSIDCacheEntries = |
+ cache->numSIDCacheSets * SID_CACHE_ENTRIES_PER_SET; |
- cache->numSIDCacheLocks = |
- PR_MIN(cache->numSIDCacheSets, ssl_max_sid_cache_locks); |
+ cache->numSIDCacheLocks = |
+ PR_MIN(cache->numSIDCacheSets, ssl_max_sid_cache_locks); |
- cache->numSIDCacheSetsPerLock = |
- SID_HOWMANY(cache->numSIDCacheSets, cache->numSIDCacheLocks); |
+ cache->numSIDCacheSetsPerLock = |
+ SID_HOWMANY(cache->numSIDCacheSets, cache->numSIDCacheLocks); |
- cache->numCertCacheEntries = (maxCertCacheEntries > 0) ? |
- maxCertCacheEntries : 0; |
- cache->numSrvNameCacheEntries = (maxSrvNameCacheEntries >= 0) ? |
- maxSrvNameCacheEntries : DEF_NAME_CACHE_ENTRIES; |
+ cache->numCertCacheEntries = (maxCertCacheEntries > 0) ? maxCertCacheEntries |
+ : 0; |
+ cache->numSrvNameCacheEntries = (maxSrvNameCacheEntries >= 0) ? maxSrvNameCacheEntries |
+ : DEF_NAME_CACHE_ENTRIES; |
/* compute size of shared memory, and offsets of all pointers */ |
ptr = 0; |
- cache->cacheMem = (char *)ptr; |
+ cache->cacheMem = (char *)ptr; |
ptr += SID_ROUNDUP(sizeof(cacheDesc), SID_ALIGNMENT); |
cache->sidCacheLocks = (sidCacheLock *)ptr; |
- cache->keyCacheLock = cache->sidCacheLocks + cache->numSIDCacheLocks; |
- cache->certCacheLock = cache->keyCacheLock + 1; |
- cache->srvNameCacheLock = cache->certCacheLock + 1; |
+ cache->keyCacheLock = cache->sidCacheLocks + cache->numSIDCacheLocks; |
+ cache->certCacheLock = cache->keyCacheLock + 1; |
+ cache->srvNameCacheLock = cache->certCacheLock + 1; |
ptr = (ptrdiff_t)(cache->srvNameCacheLock + 1); |
ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT); |
- cache->sidCacheSets = (sidCacheSet *)ptr; |
+ cache->sidCacheSets = (sidCacheSet *)ptr; |
ptr = (ptrdiff_t)(cache->sidCacheSets + cache->numSIDCacheSets); |
ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT); |
- cache->sidCacheData = (sidCacheEntry *)ptr; |
+ cache->sidCacheData = (sidCacheEntry *)ptr; |
ptr = (ptrdiff_t)(cache->sidCacheData + cache->numSIDCacheEntries); |
ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT); |
cache->certCacheData = (certCacheEntry *)ptr; |
- cache->sidCacheSize = |
- (char *)cache->certCacheData - (char *)cache->sidCacheData; |
+ cache->sidCacheSize = |
+ (char *)cache->certCacheData - (char *)cache->sidCacheData; |
if (cache->numCertCacheEntries < MIN_CERT_CACHE_ENTRIES) { |
/* This is really a poor way to computer this! */ |
cache->numCertCacheEntries = cache->sidCacheSize / sizeof(certCacheEntry); |
if (cache->numCertCacheEntries < MIN_CERT_CACHE_ENTRIES) |
- cache->numCertCacheEntries = MIN_CERT_CACHE_ENTRIES; |
+ cache->numCertCacheEntries = MIN_CERT_CACHE_ENTRIES; |
} |
ptr = (ptrdiff_t)(cache->certCacheData + cache->numCertCacheEntries); |
ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT); |
- cache->keyCacheData = (SSLWrappedSymWrappingKey *)ptr; |
- cache->certCacheSize = |
- (char *)cache->keyCacheData - (char *)cache->certCacheData; |
+ cache->keyCacheData = (SSLWrappedSymWrappingKey *)ptr; |
+ cache->certCacheSize = |
+ (char *)cache->keyCacheData - (char *)cache->certCacheData; |
cache->numKeyCacheEntries = kt_kea_size * SSL_NUM_WRAP_MECHS; |
ptr = (ptrdiff_t)(cache->keyCacheData + cache->numKeyCacheEntries); |
ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT); |
- cache->keyCacheSize = (char *)ptr - (char *)cache->keyCacheData; |
+ cache->keyCacheSize = (char *)ptr - (char *)cache->keyCacheData; |
cache->ticketKeyNameSuffix = (PRUint8 *)ptr; |
ptr = (ptrdiff_t)(cache->ticketKeyNameSuffix + |
- SESS_TICKET_KEY_VAR_NAME_LEN); |
+ SESS_TICKET_KEY_VAR_NAME_LEN); |
ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT); |
cache->ticketEncKey = (encKeyCacheEntry *)ptr; |
@@ -1150,66 +1144,66 @@ InitCache(cacheDesc *cache, int maxCacheEntries, int maxCertCacheEntries, |
cache->cacheMemSize = ptr; |
- if (ssl2_timeout) { |
- if (ssl2_timeout > MAX_SSL2_TIMEOUT) { |
- ssl2_timeout = MAX_SSL2_TIMEOUT; |
- } |
- if (ssl2_timeout < MIN_SSL2_TIMEOUT) { |
- ssl2_timeout = MIN_SSL2_TIMEOUT; |
- } |
- cache->ssl2Timeout = ssl2_timeout; |
+ if (ssl2_timeout) { |
+ if (ssl2_timeout > MAX_SSL2_TIMEOUT) { |
+ ssl2_timeout = MAX_SSL2_TIMEOUT; |
+ } |
+ if (ssl2_timeout < MIN_SSL2_TIMEOUT) { |
+ ssl2_timeout = MIN_SSL2_TIMEOUT; |
+ } |
+ cache->ssl2Timeout = ssl2_timeout; |
} else { |
- cache->ssl2Timeout = DEF_SSL2_TIMEOUT; |
+ cache->ssl2Timeout = DEF_SSL2_TIMEOUT; |
} |
- if (ssl3_timeout) { |
- if (ssl3_timeout > MAX_SSL3_TIMEOUT) { |
- ssl3_timeout = MAX_SSL3_TIMEOUT; |
- } |
- if (ssl3_timeout < MIN_SSL3_TIMEOUT) { |
- ssl3_timeout = MIN_SSL3_TIMEOUT; |
- } |
- cache->ssl3Timeout = ssl3_timeout; |
+ if (ssl3_timeout) { |
+ if (ssl3_timeout > MAX_SSL3_TIMEOUT) { |
+ ssl3_timeout = MAX_SSL3_TIMEOUT; |
+ } |
+ if (ssl3_timeout < MIN_SSL3_TIMEOUT) { |
+ ssl3_timeout = MIN_SSL3_TIMEOUT; |
+ } |
+ cache->ssl3Timeout = ssl3_timeout; |
} else { |
- cache->ssl3Timeout = DEF_SSL3_TIMEOUT; |
+ cache->ssl3Timeout = DEF_SSL3_TIMEOUT; |
} |
if (shared) { |
- /* Create file names */ |
+ /* Create file names */ |
#if defined(XP_UNIX) || defined(XP_BEOS) |
- /* there's some confusion here about whether PR_OpenAnonFileMap wants |
- ** a directory name or a file name for its first argument. |
- cfn = PR_smprintf("%s/.sslsvrcache.%d", directory, myPid); |
- */ |
- cfn = PR_smprintf("%s", directory); |
+ /* there's some confusion here about whether PR_OpenAnonFileMap wants |
+ ** a directory name or a file name for its first argument. |
+ cfn = PR_smprintf("%s/.sslsvrcache.%d", directory, myPid); |
+ */ |
+ cfn = PR_smprintf("%s", directory); |
#elif defined(XP_WIN32) |
- cfn = PR_smprintf("%s/svrcache_%d_%x.ssl", directory, myPid, |
- GetCurrentThreadId()); |
+ cfn = PR_smprintf("%s/svrcache_%d_%x.ssl", directory, myPid, |
+ GetCurrentThreadId()); |
#elif defined(XP_OS2) |
- cfn = PR_smprintf("%s/svrcache_%d_%x.ssl", directory, myPid, |
- gettid()); |
+ cfn = PR_smprintf("%s/svrcache_%d_%x.ssl", directory, myPid, |
+ gettid()); |
#else |
#error "Don't know how to create file name for this platform!" |
#endif |
- if (!cfn) { |
- goto loser; |
- } |
+ if (!cfn) { |
+ goto loser; |
+ } |
- /* Create cache */ |
- cacheMemMap = PR_OpenAnonFileMap(cfn, cache->cacheMemSize, |
- PR_PROT_READWRITE); |
+ /* Create cache */ |
+ cacheMemMap = PR_OpenAnonFileMap(cfn, cache->cacheMemSize, |
+ PR_PROT_READWRITE); |
- PR_smprintf_free(cfn); |
- if(!cacheMemMap) { |
- goto loser; |
- } |
+ PR_smprintf_free(cfn); |
+ if (!cacheMemMap) { |
+ goto loser; |
+ } |
cacheMem = PR_MemMap(cacheMemMap, 0, cache->cacheMemSize); |
} else { |
cacheMem = PORT_Alloc(cache->cacheMemSize); |
} |
- |
- if (! cacheMem) { |
+ |
+ if (!cacheMem) { |
goto loser; |
} |
@@ -1221,53 +1215,40 @@ InitCache(cacheDesc *cache, int maxCacheEntries, int maxCertCacheEntries, |
/* save private copies of these values */ |
cache->cacheMemMap = cacheMemMap; |
- cache->cacheMem = cacheMem; |
+ cache->cacheMem = cacheMem; |
cache->sharedCache = (cacheDesc *)cacheMem; |
- /* Fix pointers in our private copy of cache descriptor to point to |
- ** spaces in shared memory |
+ /* Fix pointers in our private copy of cache descriptor to point to |
+ ** spaces in shared memory |
*/ |
- cache->sidCacheLocks = (sidCacheLock *) |
- (cache->cacheMem + (ptrdiff_t)cache->sidCacheLocks); |
- cache->keyCacheLock = (sidCacheLock *) |
- (cache->cacheMem + (ptrdiff_t)cache->keyCacheLock); |
- cache->certCacheLock = (sidCacheLock *) |
- (cache->cacheMem + (ptrdiff_t)cache->certCacheLock); |
- cache->srvNameCacheLock = (sidCacheLock *) |
- (cache->cacheMem + (ptrdiff_t)cache->srvNameCacheLock); |
- cache->sidCacheSets = (sidCacheSet *) |
- (cache->cacheMem + (ptrdiff_t)cache->sidCacheSets); |
- cache->sidCacheData = (sidCacheEntry *) |
- (cache->cacheMem + (ptrdiff_t)cache->sidCacheData); |
- cache->certCacheData = (certCacheEntry *) |
- (cache->cacheMem + (ptrdiff_t)cache->certCacheData); |
- cache->keyCacheData = (SSLWrappedSymWrappingKey *) |
- (cache->cacheMem + (ptrdiff_t)cache->keyCacheData); |
- cache->ticketKeyNameSuffix = (PRUint8 *) |
- (cache->cacheMem + (ptrdiff_t)cache->ticketKeyNameSuffix); |
- cache->ticketEncKey = (encKeyCacheEntry *) |
- (cache->cacheMem + (ptrdiff_t)cache->ticketEncKey); |
- cache->ticketMacKey = (encKeyCacheEntry *) |
- (cache->cacheMem + (ptrdiff_t)cache->ticketMacKey); |
- cache->ticketKeysValid = (PRUint32 *) |
- (cache->cacheMem + (ptrdiff_t)cache->ticketKeysValid); |
- cache->srvNameCacheData = (srvNameCacheEntry *) |
- (cache->cacheMem + (ptrdiff_t)cache->srvNameCacheData); |
+ cache->sidCacheLocks = (sidCacheLock *)(cache->cacheMem + (ptrdiff_t)cache->sidCacheLocks); |
+ cache->keyCacheLock = (sidCacheLock *)(cache->cacheMem + (ptrdiff_t)cache->keyCacheLock); |
+ cache->certCacheLock = (sidCacheLock *)(cache->cacheMem + (ptrdiff_t)cache->certCacheLock); |
+ cache->srvNameCacheLock = (sidCacheLock *)(cache->cacheMem + (ptrdiff_t)cache->srvNameCacheLock); |
+ cache->sidCacheSets = (sidCacheSet *)(cache->cacheMem + (ptrdiff_t)cache->sidCacheSets); |
+ cache->sidCacheData = (sidCacheEntry *)(cache->cacheMem + (ptrdiff_t)cache->sidCacheData); |
+ cache->certCacheData = (certCacheEntry *)(cache->cacheMem + (ptrdiff_t)cache->certCacheData); |
+ cache->keyCacheData = (SSLWrappedSymWrappingKey *)(cache->cacheMem + (ptrdiff_t)cache->keyCacheData); |
+ cache->ticketKeyNameSuffix = (PRUint8 *)(cache->cacheMem + (ptrdiff_t)cache->ticketKeyNameSuffix); |
+ cache->ticketEncKey = (encKeyCacheEntry *)(cache->cacheMem + (ptrdiff_t)cache->ticketEncKey); |
+ cache->ticketMacKey = (encKeyCacheEntry *)(cache->cacheMem + (ptrdiff_t)cache->ticketMacKey); |
+ cache->ticketKeysValid = (PRUint32 *)(cache->cacheMem + (ptrdiff_t)cache->ticketKeysValid); |
+ cache->srvNameCacheData = (srvNameCacheEntry *)(cache->cacheMem + (ptrdiff_t)cache->srvNameCacheData); |
/* initialize the locks */ |
init_time = ssl_Time(); |
pLock = cache->sidCacheLocks; |
for (locks_to_initialize = cache->numSIDCacheLocks + 3; |
- locks_initialized < locks_to_initialize; |
- ++locks_initialized, ++pLock ) { |
- |
- SECStatus err = sslMutex_Init(&pLock->mutex, shared); |
- if (err) { |
- cache->numSIDCacheLocksInitialized = locks_initialized; |
- goto loser; |
- } |
+ locks_initialized < locks_to_initialize; |
+ ++locks_initialized, ++pLock) { |
+ |
+ SECStatus err = sslMutex_Init(&pLock->mutex, shared); |
+ if (err) { |
+ cache->numSIDCacheLocksInitialized = locks_initialized; |
+ goto loser; |
+ } |
pLock->timeStamp = init_time; |
- pLock->pid = 0; |
+ pLock->pid = 0; |
} |
cache->numSIDCacheLocksInitialized = locks_initialized; |
@@ -1294,8 +1275,8 @@ SSL_SetMaxServerCacheLocks(PRUint32 maxLocks) |
** the maximum, other than trial and error. |
*/ |
if (maxLocks < 3) { |
- PORT_SetError(SEC_ERROR_INVALID_ARGS); |
- return SECFailure; |
+ PORT_SetError(SEC_ERROR_INVALID_ARGS); |
+ return SECFailure; |
} |
ssl_max_sid_cache_locks = maxLocks - 2; |
/* The extra two are the cert cache lock and the key cache lock. */ |
@@ -1305,12 +1286,12 @@ SSL_SetMaxServerCacheLocks(PRUint32 maxLocks) |
static SECStatus |
ssl_ConfigServerSessionIDCacheInstanceWithOpt(cacheDesc *cache, |
PRUint32 ssl2_timeout, |
- PRUint32 ssl3_timeout, |
- const char * directory, |
+ PRUint32 ssl3_timeout, |
+ const char *directory, |
PRBool shared, |
- int maxCacheEntries, |
- int maxCertCacheEntries, |
- int maxSrvNameCacheEntries) |
+ int maxCacheEntries, |
+ int maxCertCacheEntries, |
+ int maxSrvNameCacheEntries) |
{ |
SECStatus rv; |
@@ -1320,52 +1301,52 @@ ssl_ConfigServerSessionIDCacheInstanceWithOpt(cacheDesc *cache, |
rv = ssl_Init(); |
if (rv != SECSuccess) { |
- return rv; |
+ return rv; |
} |
myPid = SSL_GETPID(); |
if (!directory) { |
- directory = DEFAULT_CACHE_DIRECTORY; |
+ directory = DEFAULT_CACHE_DIRECTORY; |
} |
rv = InitCache(cache, maxCacheEntries, maxCertCacheEntries, |
- maxSrvNameCacheEntries, ssl2_timeout, ssl3_timeout, |
+ maxSrvNameCacheEntries, ssl2_timeout, ssl3_timeout, |
directory, shared); |
if (rv) { |
- SET_ERROR_CODE |
- return SECFailure; |
+ SET_ERROR_CODE |
+ return SECFailure; |
} |
- ssl_sid_lookup = ServerSessionIDLookup; |
- ssl_sid_cache = ServerSessionIDCache; |
+ ssl_sid_lookup = ServerSessionIDLookup; |
+ ssl_sid_cache = ServerSessionIDCache; |
ssl_sid_uncache = ServerSessionIDUncache; |
return SECSuccess; |
} |
SECStatus |
-SSL_ConfigServerSessionIDCacheInstance( cacheDesc *cache, |
- int maxCacheEntries, |
- PRUint32 ssl2_timeout, |
- PRUint32 ssl3_timeout, |
- const char * directory, PRBool shared) |
+SSL_ConfigServerSessionIDCacheInstance(cacheDesc *cache, |
+ int maxCacheEntries, |
+ PRUint32 ssl2_timeout, |
+ PRUint32 ssl3_timeout, |
+ const char *directory, PRBool shared) |
{ |
return ssl_ConfigServerSessionIDCacheInstanceWithOpt(cache, |
ssl2_timeout, |
ssl3_timeout, |
directory, |
shared, |
- maxCacheEntries, |
+ maxCacheEntries, |
-1, -1); |
} |
SECStatus |
-SSL_ConfigServerSessionIDCache( int maxCacheEntries, |
- PRUint32 ssl2_timeout, |
- PRUint32 ssl3_timeout, |
- const char * directory) |
+SSL_ConfigServerSessionIDCache(int maxCacheEntries, |
+ PRUint32 ssl2_timeout, |
+ PRUint32 ssl3_timeout, |
+ const char *directory) |
{ |
ssl_InitSessionCacheLocks(); |
- return SSL_ConfigServerSessionIDCacheInstance(&globalCache, |
- maxCacheEntries, ssl2_timeout, ssl3_timeout, directory, PR_FALSE); |
+ return SSL_ConfigServerSessionIDCacheInstance(&globalCache, |
+ maxCacheEntries, ssl2_timeout, ssl3_timeout, directory, PR_FALSE); |
} |
SECStatus |
@@ -1390,49 +1371,49 @@ SSL_ShutdownServerSessionIDCache(void) |
* if the cache will be shared by multiple processes. |
*/ |
static SECStatus |
-ssl_ConfigMPServerSIDCacheWithOpt( PRUint32 ssl2_timeout, |
- PRUint32 ssl3_timeout, |
- const char * directory, |
- int maxCacheEntries, |
- int maxCertCacheEntries, |
- int maxSrvNameCacheEntries) |
+ssl_ConfigMPServerSIDCacheWithOpt(PRUint32 ssl2_timeout, |
+ PRUint32 ssl3_timeout, |
+ const char *directory, |
+ int maxCacheEntries, |
+ int maxCertCacheEntries, |
+ int maxSrvNameCacheEntries) |
{ |
- char * envValue; |
- char * inhValue; |
- cacheDesc * cache = &globalCache; |
- PRUint32 fmStrLen; |
- SECStatus result; |
- PRStatus prStatus; |
- SECStatus putEnvFailed; |
+ char *envValue; |
+ char *inhValue; |
+ cacheDesc *cache = &globalCache; |
+ PRUint32 fmStrLen; |
+ SECStatus result; |
+ PRStatus prStatus; |
+ SECStatus putEnvFailed; |
inheritance inherit; |
- char fmString[PR_FILEMAP_STRING_BUFSIZE]; |
+ char fmString[PR_FILEMAP_STRING_BUFSIZE]; |
isMultiProcess = PR_TRUE; |
result = ssl_ConfigServerSessionIDCacheInstanceWithOpt(cache, |
- ssl2_timeout, ssl3_timeout, directory, PR_TRUE, |
- maxCacheEntries, maxCacheEntries, maxSrvNameCacheEntries); |
- if (result != SECSuccess) |
+ ssl2_timeout, ssl3_timeout, directory, PR_TRUE, |
+ maxCacheEntries, maxCacheEntries, maxSrvNameCacheEntries); |
+ if (result != SECSuccess) |
return result; |
- prStatus = PR_ExportFileMapAsString(cache->cacheMemMap, |
+ prStatus = PR_ExportFileMapAsString(cache->cacheMemMap, |
sizeof fmString, fmString); |
if ((prStatus != PR_SUCCESS) || !(fmStrLen = strlen(fmString))) { |
- SET_ERROR_CODE |
- return SECFailure; |
+ SET_ERROR_CODE |
+ return SECFailure; |
} |
- inherit.cacheMemSize = cache->cacheMemSize; |
- inherit.fmStrLen = fmStrLen; |
+ inherit.cacheMemSize = cache->cacheMemSize; |
+ inherit.fmStrLen = fmStrLen; |
inhValue = BTOA_DataToAscii((unsigned char *)&inherit, sizeof inherit); |
if (!inhValue || !strlen(inhValue)) { |
- SET_ERROR_CODE |
- return SECFailure; |
+ SET_ERROR_CODE |
+ return SECFailure; |
} |
envValue = PR_smprintf("%s,%s", inhValue, fmString); |
if (!envValue || !strlen(envValue)) { |
- SET_ERROR_CODE |
- return SECFailure; |
+ SET_ERROR_CODE |
+ return SECFailure; |
} |
PORT_Free(inhValue); |
@@ -1454,10 +1435,10 @@ ssl_ConfigMPServerSIDCacheWithOpt( PRUint32 ssl2_timeout, |
* if the cache will be shared by multiple processes. |
*/ |
SECStatus |
-SSL_ConfigMPServerSIDCache( int maxCacheEntries, |
- PRUint32 ssl2_timeout, |
- PRUint32 ssl3_timeout, |
- const char * directory) |
+SSL_ConfigMPServerSIDCache(int maxCacheEntries, |
+ PRUint32 ssl2_timeout, |
+ PRUint32 ssl3_timeout, |
+ const char *directory) |
{ |
return ssl_ConfigMPServerSIDCacheWithOpt(ssl2_timeout, |
ssl3_timeout, |
@@ -1468,44 +1449,44 @@ SSL_ConfigMPServerSIDCache( int maxCacheEntries, |
SECStatus |
SSL_ConfigServerSessionIDCacheWithOpt( |
- PRUint32 ssl2_timeout, |
- PRUint32 ssl3_timeout, |
- const char * directory, |
- int maxCacheEntries, |
- int maxCertCacheEntries, |
- int maxSrvNameCacheEntries, |
- PRBool enableMPCache) |
+ PRUint32 ssl2_timeout, |
+ PRUint32 ssl3_timeout, |
+ const char *directory, |
+ int maxCacheEntries, |
+ int maxCertCacheEntries, |
+ int maxSrvNameCacheEntries, |
+ PRBool enableMPCache) |
{ |
if (!enableMPCache) { |
ssl_InitSessionCacheLocks(); |
- return ssl_ConfigServerSessionIDCacheInstanceWithOpt(&globalCache, |
- ssl2_timeout, ssl3_timeout, directory, PR_FALSE, |
- maxCacheEntries, maxCertCacheEntries, maxSrvNameCacheEntries); |
+ return ssl_ConfigServerSessionIDCacheInstanceWithOpt(&globalCache, |
+ ssl2_timeout, ssl3_timeout, directory, PR_FALSE, |
+ maxCacheEntries, maxCertCacheEntries, maxSrvNameCacheEntries); |
} else { |
return ssl_ConfigMPServerSIDCacheWithOpt(ssl2_timeout, ssl3_timeout, |
- directory, maxCacheEntries, maxCertCacheEntries, |
+ directory, maxCacheEntries, maxCertCacheEntries, |
maxSrvNameCacheEntries); |
} |
} |
SECStatus |
-SSL_InheritMPServerSIDCacheInstance(cacheDesc *cache, const char * envString) |
+SSL_InheritMPServerSIDCacheInstance(cacheDesc *cache, const char *envString) |
{ |
- unsigned char * decoString = NULL; |
- char * fmString = NULL; |
- char * myEnvString = NULL; |
- unsigned int decoLen; |
- inheritance inherit; |
- cacheDesc my; |
+ unsigned char *decoString = NULL; |
+ char *fmString = NULL; |
+ char *myEnvString = NULL; |
+ unsigned int decoLen; |
+ inheritance inherit; |
+ cacheDesc my; |
#ifdef WINNT |
- sidCacheLock* newLocks; |
- int locks_initialized = 0; |
- int locks_to_initialize = 0; |
+ sidCacheLock *newLocks; |
+ int locks_initialized = 0; |
+ int locks_to_initialize = 0; |
#endif |
- SECStatus status = ssl_Init(); |
+ SECStatus status = ssl_Init(); |
if (status != SECSuccess) { |
- return status; |
+ return status; |
} |
myPid = SSL_GETPID(); |
@@ -1515,110 +1496,97 @@ SSL_InheritMPServerSIDCacheInstance(cacheDesc *cache, const char * envString) |
** If not, we'll set it below. |
*/ |
if (isMultiProcess) { |
- if (cache && cache->sharedCache) { |
- cache->sharedCache->everInherited = PR_TRUE; |
- } |
- return SECSuccess; /* already done. */ |
+ if (cache && cache->sharedCache) { |
+ cache->sharedCache->everInherited = PR_TRUE; |
+ } |
+ return SECSuccess; /* already done. */ |
} |
ssl_InitSessionCacheLocks(); |
- ssl_sid_lookup = ServerSessionIDLookup; |
- ssl_sid_cache = ServerSessionIDCache; |
+ ssl_sid_lookup = ServerSessionIDLookup; |
+ ssl_sid_cache = ServerSessionIDCache; |
ssl_sid_uncache = ServerSessionIDUncache; |
if (!envString) { |
- envString = getenv(envVarName); |
- if (!envString) { |
- SET_ERROR_CODE |
- return SECFailure; |
- } |
+ envString = PR_GetEnvSecure(envVarName); |
+ if (!envString) { |
+ SET_ERROR_CODE |
+ return SECFailure; |
+ } |
} |
myEnvString = PORT_Strdup(envString); |
- if (!myEnvString) |
- return SECFailure; |
+ if (!myEnvString) |
+ return SECFailure; |
fmString = strchr(myEnvString, ','); |
- if (!fmString) |
- goto loser; |
+ if (!fmString) |
+ goto loser; |
*fmString++ = 0; |
decoString = ATOB_AsciiToData(myEnvString, &decoLen); |
if (!decoString) { |
- SET_ERROR_CODE |
- goto loser; |
+ SET_ERROR_CODE |
+ goto loser; |
} |
if (decoLen != sizeof inherit) { |
- SET_ERROR_CODE |
- goto loser; |
+ SET_ERROR_CODE |
+ goto loser; |
} |
PORT_Memcpy(&inherit, decoString, sizeof inherit); |
- if (strlen(fmString) != inherit.fmStrLen ) { |
- goto loser; |
+ if (strlen(fmString) != inherit.fmStrLen) { |
+ goto loser; |
} |
memset(cache, 0, sizeof *cache); |
- cache->cacheMemSize = inherit.cacheMemSize; |
+ cache->cacheMemSize = inherit.cacheMemSize; |
/* Create cache */ |
cache->cacheMemMap = PR_ImportFileMapFromString(fmString); |
- if(! cache->cacheMemMap) { |
- goto loser; |
+ if (!cache->cacheMemMap) { |
+ goto loser; |
} |
cache->cacheMem = PR_MemMap(cache->cacheMemMap, 0, cache->cacheMemSize); |
- if (! cache->cacheMem) { |
- goto loser; |
+ if (!cache->cacheMem) { |
+ goto loser; |
} |
- cache->sharedCache = (cacheDesc *)cache->cacheMem; |
+ cache->sharedCache = (cacheDesc *)cache->cacheMem; |
if (cache->sharedCache->cacheMemSize != cache->cacheMemSize) { |
- SET_ERROR_CODE |
- goto loser; |
+ SET_ERROR_CODE |
+ goto loser; |
} |
- /* We're now going to overwrite the local cache instance with the |
- ** shared copy of the cache struct, then update several values in |
- ** the local cache using the values for cache->cacheMemMap and |
- ** cache->cacheMem computed just above. So, we copy cache into |
+ /* We're now going to overwrite the local cache instance with the |
+ ** shared copy of the cache struct, then update several values in |
+ ** the local cache using the values for cache->cacheMemMap and |
+ ** cache->cacheMem computed just above. So, we copy cache into |
** the automatic variable "my", to preserve the variables while |
** cache is overwritten. |
*/ |
- my = *cache; /* save values computed above. */ |
+ my = *cache; /* save values computed above. */ |
memcpy(cache, cache->sharedCache, sizeof *cache); /* overwrite */ |
- /* Fix pointers in our private copy of cache descriptor to point to |
+ /* Fix pointers in our private copy of cache descriptor to point to |
** spaces in shared memory, whose address is now in "my". |
*/ |
- cache->sidCacheLocks = (sidCacheLock *) |
- (my.cacheMem + (ptrdiff_t)cache->sidCacheLocks); |
- cache->keyCacheLock = (sidCacheLock *) |
- (my.cacheMem + (ptrdiff_t)cache->keyCacheLock); |
- cache->certCacheLock = (sidCacheLock *) |
- (my.cacheMem + (ptrdiff_t)cache->certCacheLock); |
- cache->srvNameCacheLock = (sidCacheLock *) |
- (my.cacheMem + (ptrdiff_t)cache->srvNameCacheLock); |
- cache->sidCacheSets = (sidCacheSet *) |
- (my.cacheMem + (ptrdiff_t)cache->sidCacheSets); |
- cache->sidCacheData = (sidCacheEntry *) |
- (my.cacheMem + (ptrdiff_t)cache->sidCacheData); |
- cache->certCacheData = (certCacheEntry *) |
- (my.cacheMem + (ptrdiff_t)cache->certCacheData); |
- cache->keyCacheData = (SSLWrappedSymWrappingKey *) |
- (my.cacheMem + (ptrdiff_t)cache->keyCacheData); |
- cache->ticketKeyNameSuffix = (PRUint8 *) |
- (my.cacheMem + (ptrdiff_t)cache->ticketKeyNameSuffix); |
- cache->ticketEncKey = (encKeyCacheEntry *) |
- (my.cacheMem + (ptrdiff_t)cache->ticketEncKey); |
- cache->ticketMacKey = (encKeyCacheEntry *) |
- (my.cacheMem + (ptrdiff_t)cache->ticketMacKey); |
- cache->ticketKeysValid = (PRUint32 *) |
- (my.cacheMem + (ptrdiff_t)cache->ticketKeysValid); |
- cache->srvNameCacheData = (srvNameCacheEntry *) |
- (my.cacheMem + (ptrdiff_t)cache->srvNameCacheData); |
+ cache->sidCacheLocks = (sidCacheLock *)(my.cacheMem + (ptrdiff_t)cache->sidCacheLocks); |
+ cache->keyCacheLock = (sidCacheLock *)(my.cacheMem + (ptrdiff_t)cache->keyCacheLock); |
+ cache->certCacheLock = (sidCacheLock *)(my.cacheMem + (ptrdiff_t)cache->certCacheLock); |
+ cache->srvNameCacheLock = (sidCacheLock *)(my.cacheMem + (ptrdiff_t)cache->srvNameCacheLock); |
+ cache->sidCacheSets = (sidCacheSet *)(my.cacheMem + (ptrdiff_t)cache->sidCacheSets); |
+ cache->sidCacheData = (sidCacheEntry *)(my.cacheMem + (ptrdiff_t)cache->sidCacheData); |
+ cache->certCacheData = (certCacheEntry *)(my.cacheMem + (ptrdiff_t)cache->certCacheData); |
+ cache->keyCacheData = (SSLWrappedSymWrappingKey *)(my.cacheMem + (ptrdiff_t)cache->keyCacheData); |
+ cache->ticketKeyNameSuffix = (PRUint8 *)(my.cacheMem + (ptrdiff_t)cache->ticketKeyNameSuffix); |
+ cache->ticketEncKey = (encKeyCacheEntry *)(my.cacheMem + (ptrdiff_t)cache->ticketEncKey); |
+ cache->ticketMacKey = (encKeyCacheEntry *)(my.cacheMem + (ptrdiff_t)cache->ticketMacKey); |
+ cache->ticketKeysValid = (PRUint32 *)(my.cacheMem + (ptrdiff_t)cache->ticketKeysValid); |
+ cache->srvNameCacheData = (srvNameCacheEntry *)(my.cacheMem + (ptrdiff_t)cache->srvNameCacheData); |
cache->cacheMemMap = my.cacheMemMap; |
- cache->cacheMem = my.cacheMem; |
+ cache->cacheMem = my.cacheMem; |
cache->sharedCache = (cacheDesc *)cache->cacheMem; |
#ifdef WINNT |
@@ -1633,34 +1601,34 @@ SSL_InheritMPServerSIDCacheInstance(cacheDesc *cache, const char * envString) |
** copies of sidCacheLocks before modifying the sslMutex with our own |
** PRLock |
*/ |
- |
+ |
/* note from jpierre : this should be free'd in child processes when |
- ** a function is added to delete the SSL session cache in the future. |
+ ** a function is added to delete the SSL session cache in the future. |
*/ |
locks_to_initialize = cache->numSIDCacheLocks + 3; |
newLocks = PORT_NewArray(sidCacheLock, locks_to_initialize); |
if (!newLocks) |
- goto loser; |
+ goto loser; |
/* copy the old locks */ |
- memcpy(newLocks, cache->sidCacheLocks, |
+ memcpy(newLocks, cache->sidCacheLocks, |
locks_to_initialize * sizeof(sidCacheLock)); |
cache->sidCacheLocks = newLocks; |
- /* fix the locks */ |
+ /* fix the locks */ |
for (; locks_initialized < locks_to_initialize; ++locks_initialized) { |
/* now, make a local PRLock in this sslMutex for this child process */ |
- SECStatus err; |
+ SECStatus err; |
err = sslMutex_2LevelInit(&newLocks[locks_initialized].mutex); |
- if (err != SECSuccess) { |
- cache->numSIDCacheLocksInitialized = locks_initialized; |
- goto loser; |
- } |
+ if (err != SECSuccess) { |
+ cache->numSIDCacheLocksInitialized = locks_initialized; |
+ goto loser; |
+ } |
} |
cache->numSIDCacheLocksInitialized = locks_initialized; |
/* also fix the key and cert cache which use the last 2 lock entries */ |
- cache->keyCacheLock = cache->sidCacheLocks + cache->numSIDCacheLocks; |
- cache->certCacheLock = cache->keyCacheLock + 1; |
- cache->srvNameCacheLock = cache->certCacheLock + 1; |
+ cache->keyCacheLock = cache->sidCacheLocks + cache->numSIDCacheLocks; |
+ cache->certCacheLock = cache->keyCacheLock + 1; |
+ cache->srvNameCacheLock = cache->certCacheLock + 1; |
#endif |
PORT_Free(myEnvString); |
@@ -1674,112 +1642,112 @@ SSL_InheritMPServerSIDCacheInstance(cacheDesc *cache, const char * envString) |
loser: |
PORT_Free(myEnvString); |
- if (decoString) |
- PORT_Free(decoString); |
+ if (decoString) |
+ PORT_Free(decoString); |
CloseCache(cache); |
return SECFailure; |
} |
SECStatus |
-SSL_InheritMPServerSIDCache(const char * envString) |
+SSL_InheritMPServerSIDCache(const char *envString) |
{ |
return SSL_InheritMPServerSIDCacheInstance(&globalCache, envString); |
} |
#if defined(XP_UNIX) || defined(XP_BEOS) |
-#define SID_LOCK_EXPIRATION_TIMEOUT 30 /* seconds */ |
+#define SID_LOCK_EXPIRATION_TIMEOUT 30 /* seconds */ |
static void |
-LockPoller(void * arg) |
+LockPoller(void *arg) |
{ |
- cacheDesc * cache = (cacheDesc *)arg; |
- cacheDesc * sharedCache = cache->sharedCache; |
- sidCacheLock * pLock; |
+ cacheDesc *cache = (cacheDesc *)arg; |
+ cacheDesc *sharedCache = cache->sharedCache; |
+ sidCacheLock *pLock; |
PRIntervalTime timeout; |
- PRUint32 now; |
- PRUint32 then; |
- int locks_polled = 0; |
- int locks_to_poll = cache->numSIDCacheLocks + 2; |
- PRUint32 expiration = cache->mutexTimeout; |
+ PRUint32 now; |
+ PRUint32 then; |
+ int locks_polled = 0; |
+ int locks_to_poll = cache->numSIDCacheLocks + 2; |
+ PRUint32 expiration = cache->mutexTimeout; |
timeout = PR_SecondsToInterval(expiration); |
- while(!sharedCache->stopPolling) { |
- PR_Sleep(timeout); |
- if (sharedCache->stopPolling) |
- break; |
- |
- now = ssl_Time(); |
- then = now - expiration; |
- for (pLock = cache->sidCacheLocks, locks_polled = 0; |
- locks_to_poll > locks_polled && !sharedCache->stopPolling; |
- ++locks_polled, ++pLock ) { |
- pid_t pid; |
- |
- if (pLock->timeStamp < then && |
- pLock->timeStamp != 0 && |
- (pid = pLock->pid) != 0) { |
- |
- /* maybe we should try the lock? */ |
- int result = kill(pid, 0); |
- if (result < 0 && errno == ESRCH) { |
- SECStatus rv; |
- /* No process exists by that pid any more. |
- ** Treat this mutex as abandoned. |
- */ |
- pLock->timeStamp = now; |
- pLock->pid = 0; |
- rv = sslMutex_Unlock(&pLock->mutex); |
- if (rv != SECSuccess) { |
- /* Now what? */ |
- } |
- } |
- } |
- } /* end of loop over locks */ |
- } /* end of entire polling loop */ |
+ while (!sharedCache->stopPolling) { |
+ PR_Sleep(timeout); |
+ if (sharedCache->stopPolling) |
+ break; |
+ |
+ now = ssl_Time(); |
+ then = now - expiration; |
+ for (pLock = cache->sidCacheLocks, locks_polled = 0; |
+ locks_to_poll > locks_polled && !sharedCache->stopPolling; |
+ ++locks_polled, ++pLock) { |
+ pid_t pid; |
+ |
+ if (pLock->timeStamp < then && |
+ pLock->timeStamp != 0 && |
+ (pid = pLock->pid) != 0) { |
+ |
+ /* maybe we should try the lock? */ |
+ int result = kill(pid, 0); |
+ if (result < 0 && errno == ESRCH) { |
+ SECStatus rv; |
+ /* No process exists by that pid any more. |
+ ** Treat this mutex as abandoned. |
+ */ |
+ pLock->timeStamp = now; |
+ pLock->pid = 0; |
+ rv = sslMutex_Unlock(&pLock->mutex); |
+ if (rv != SECSuccess) { |
+ /* Now what? */ |
+ } |
+ } |
+ } |
+ } /* end of loop over locks */ |
+ } /* end of entire polling loop */ |
} |
/* Launch thread to poll cache for expired locks */ |
-static SECStatus |
+static SECStatus |
LaunchLockPoller(cacheDesc *cache) |
{ |
- const char * timeoutString; |
- PRThread * pollerThread; |
+ const char *timeoutString; |
+ PRThread *pollerThread; |
cache->mutexTimeout = SID_LOCK_EXPIRATION_TIMEOUT; |
- timeoutString = getenv("NSS_SSL_SERVER_CACHE_MUTEX_TIMEOUT"); |
+ timeoutString = PR_GetEnvSecure("NSS_SSL_SERVER_CACHE_MUTEX_TIMEOUT"); |
if (timeoutString) { |
- long newTime = strtol(timeoutString, 0, 0); |
- if (newTime == 0) |
- return SECSuccess; /* application doesn't want poller thread */ |
- if (newTime > 0) |
- cache->mutexTimeout = (PRUint32)newTime; |
- /* if error (newTime < 0) ignore it and use default */ |
+ long newTime = strtol(timeoutString, 0, 0); |
+ if (newTime == 0) |
+ return SECSuccess; /* application doesn't want poller thread */ |
+ if (newTime > 0) |
+ cache->mutexTimeout = (PRUint32)newTime; |
+ /* if error (newTime < 0) ignore it and use default */ |
} |
- pollerThread = |
- PR_CreateThread(PR_USER_THREAD, LockPoller, cache, PR_PRIORITY_NORMAL, |
- PR_GLOBAL_THREAD, PR_JOINABLE_THREAD, 0); |
+ pollerThread = |
+ PR_CreateThread(PR_USER_THREAD, LockPoller, cache, PR_PRIORITY_NORMAL, |
+ PR_GLOBAL_THREAD, PR_JOINABLE_THREAD, 0); |
if (!pollerThread) { |
- return SECFailure; |
+ return SECFailure; |
} |
cache->poller = pollerThread; |
return SECSuccess; |
} |
/* Stop the thread that polls cache for expired locks */ |
-static SECStatus |
+static SECStatus |
StopLockPoller(cacheDesc *cache) |
{ |
if (!cache->poller) { |
- return SECSuccess; |
+ return SECSuccess; |
} |
cache->sharedCache->stopPolling = PR_TRUE; |
if (PR_Interrupt(cache->poller) != PR_SUCCESS) { |
- return SECFailure; |
+ return SECFailure; |
} |
if (PR_JoinThread(cache->poller) != PR_SUCCESS) { |
- return SECFailure; |
+ return SECFailure; |
} |
cache->poller = NULL; |
return SECSuccess; |
@@ -1790,58 +1758,58 @@ StopLockPoller(cacheDesc *cache) |
* Code dealing with shared wrapped symmetric wrapping keys below * |
************************************************************************/ |
-/* If now is zero, it implies that the lock is not held, and must be |
-** aquired here. |
+/* If now is zero, it implies that the lock is not held, and must be |
+** aquired here. |
*/ |
static PRBool |
-getSvrWrappingKey(PRInt32 symWrapMechIndex, |
- SSL3KEAType exchKeyType, |
- SSLWrappedSymWrappingKey *wswk, |
- cacheDesc * cache, |
- PRUint32 lockTime) |
+getSvrWrappingKey(PRInt32 symWrapMechIndex, |
+ SSL3KEAType exchKeyType, |
+ SSLWrappedSymWrappingKey *wswk, |
+ cacheDesc *cache, |
+ PRUint32 lockTime) |
{ |
- PRUint32 ndx = (exchKeyType * SSL_NUM_WRAP_MECHS) + symWrapMechIndex; |
- SSLWrappedSymWrappingKey * pwswk = cache->keyCacheData + ndx; |
- PRUint32 now = 0; |
- PRBool rv = PR_FALSE; |
+ PRUint32 ndx = (exchKeyType * SSL_NUM_WRAP_MECHS) + symWrapMechIndex; |
+ SSLWrappedSymWrappingKey *pwswk = cache->keyCacheData + ndx; |
+ PRUint32 now = 0; |
+ PRBool rv = PR_FALSE; |
if (!cache->cacheMem) { /* cache is uninitialized */ |
- PORT_SetError(SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED); |
- return rv; |
+ PORT_SetError(SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED); |
+ return rv; |
} |
if (!lockTime) { |
- lockTime = now = LockSidCacheLock(cache->keyCacheLock, now); |
- if (!lockTime) { |
- return rv; |
- } |
+ lockTime = now = LockSidCacheLock(cache->keyCacheLock, now); |
+ if (!lockTime) { |
+ return rv; |
+ } |
} |
- if (pwswk->exchKeyType == exchKeyType && |
- pwswk->symWrapMechIndex == symWrapMechIndex && |
- pwswk->wrappedSymKeyLen != 0) { |
- *wswk = *pwswk; |
- rv = PR_TRUE; |
+ if (pwswk->exchKeyType == exchKeyType && |
+ pwswk->symWrapMechIndex == symWrapMechIndex && |
+ pwswk->wrappedSymKeyLen != 0) { |
+ *wswk = *pwswk; |
+ rv = PR_TRUE; |
} |
if (now) { |
- UnlockSidCacheLock(cache->keyCacheLock); |
+ UnlockSidCacheLock(cache->keyCacheLock); |
} |
return rv; |
} |
PRBool |
-ssl_GetWrappingKey( PRInt32 symWrapMechIndex, |
- SSL3KEAType exchKeyType, |
- SSLWrappedSymWrappingKey *wswk) |
+ssl_GetWrappingKey(PRInt32 symWrapMechIndex, |
+ SSL3KEAType exchKeyType, |
+ SSLWrappedSymWrappingKey *wswk) |
{ |
PRBool rv; |
- PORT_Assert( (unsigned)exchKeyType < kt_kea_size); |
- PORT_Assert( (unsigned)symWrapMechIndex < SSL_NUM_WRAP_MECHS); |
+ PORT_Assert((unsigned)exchKeyType < kt_kea_size); |
+ PORT_Assert((unsigned)symWrapMechIndex < SSL_NUM_WRAP_MECHS); |
if ((unsigned)exchKeyType < kt_kea_size && |
(unsigned)symWrapMechIndex < SSL_NUM_WRAP_MECHS) { |
- rv = getSvrWrappingKey(symWrapMechIndex, exchKeyType, wswk, |
- &globalCache, 0); |
+ rv = getSvrWrappingKey(symWrapMechIndex, exchKeyType, wswk, |
+ &globalCache, 0); |
} else { |
- rv = PR_FALSE; |
+ rv = PR_FALSE; |
} |
return rv; |
@@ -1850,21 +1818,21 @@ ssl_GetWrappingKey( PRInt32 symWrapMechIndex, |
/* Wrap and cache a session ticket key. */ |
static PRBool |
WrapTicketKey(SECKEYPublicKey *svrPubKey, PK11SymKey *symKey, |
- const char *keyName, encKeyCacheEntry* cacheEntry) |
+ const char *keyName, encKeyCacheEntry *cacheEntry) |
{ |
- SECItem wrappedKey = {siBuffer, NULL, 0}; |
+ SECItem wrappedKey = { siBuffer, NULL, 0 }; |
wrappedKey.len = SECKEY_PublicKeyStrength(svrPubKey); |
PORT_Assert(wrappedKey.len <= sizeof(cacheEntry->bytes)); |
if (wrappedKey.len > sizeof(cacheEntry->bytes)) |
- return PR_FALSE; |
+ return PR_FALSE; |
wrappedKey.data = cacheEntry->bytes; |
- if (PK11_PubWrapSymKey(CKM_RSA_PKCS, svrPubKey, symKey, &wrappedKey) |
- != SECSuccess) { |
- SSL_DBG(("%d: SSL[%s]: Unable to wrap session ticket %s.", |
- SSL_GETPID(), "unknown", keyName)); |
- return PR_FALSE; |
+ if (PK11_PubWrapSymKey(CKM_RSA_PKCS, svrPubKey, symKey, &wrappedKey) != |
+ SECSuccess) { |
+ SSL_DBG(("%d: SSL[%s]: Unable to wrap session ticket %s.", |
+ SSL_GETPID(), "unknown", keyName)); |
+ return PR_FALSE; |
} |
cacheEntry->length = wrappedKey.len; |
return PR_TRUE; |
@@ -1890,10 +1858,11 @@ GenerateTicketKeys(void *pwArg, unsigned char *keyName, PK11SymKey **aesKey, |
} |
if (PK11_GenerateRandom(ticketKeyNameSuffix, |
- SESS_TICKET_KEY_VAR_NAME_LEN) != SECSuccess) { |
- SSL_DBG(("%d: SSL[%s]: Unable to generate random key name bytes.", |
- SSL_GETPID(), "unknown")); |
- goto loser; |
+ SESS_TICKET_KEY_VAR_NAME_LEN) != |
+ SECSuccess) { |
+ SSL_DBG(("%d: SSL[%s]: Unable to generate random key name bytes.", |
+ SSL_GETPID(), "unknown")); |
+ goto loser; |
} |
mechanismArray[0] = CKM_AES_CBC; |
@@ -1901,17 +1870,17 @@ GenerateTicketKeys(void *pwArg, unsigned char *keyName, PK11SymKey **aesKey, |
slot = PK11_GetBestSlotMultiple(mechanismArray, 2, pwArg); |
if (slot) { |
- aesKeyTmp = PK11_KeyGen(slot, mechanismArray[0], NULL, |
+ aesKeyTmp = PK11_KeyGen(slot, mechanismArray[0], NULL, |
AES_256_KEY_LENGTH, pwArg); |
- macKeyTmp = PK11_KeyGen(slot, mechanismArray[1], NULL, |
+ macKeyTmp = PK11_KeyGen(slot, mechanismArray[1], NULL, |
SHA256_LENGTH, pwArg); |
- PK11_FreeSlot(slot); |
+ PK11_FreeSlot(slot); |
} |
if (aesKeyTmp == NULL || macKeyTmp == NULL) { |
- SSL_DBG(("%d: SSL[%s]: Unable to generate session ticket keys.", |
- SSL_GETPID(), "unknown")); |
- goto loser; |
+ SSL_DBG(("%d: SSL[%s]: Unable to generate session ticket keys.", |
+ SSL_GETPID(), "unknown")); |
+ goto loser; |
} |
PORT_Memcpy(keyName, ticketKeyNameSuffix, SESS_TICKET_KEY_VAR_NAME_LEN); |
*aesKey = aesKeyTmp; |
@@ -1920,9 +1889,9 @@ GenerateTicketKeys(void *pwArg, unsigned char *keyName, PK11SymKey **aesKey, |
loser: |
if (aesKeyTmp) |
- PK11_FreeSymKey(aesKeyTmp); |
+ PK11_FreeSymKey(aesKeyTmp); |
if (macKeyTmp) |
- PK11_FreeSymKey(macKeyTmp); |
+ PK11_FreeSymKey(macKeyTmp); |
return PR_FALSE; |
} |
@@ -1952,9 +1921,9 @@ GenerateAndWrapTicketKeys(SECKEYPublicKey *svrPubKey, void *pwArg, |
loser: |
if (aesKeyTmp) |
- PK11_FreeSymKey(aesKeyTmp); |
+ PK11_FreeSymKey(aesKeyTmp); |
if (macKeyTmp) |
- PK11_FreeSymKey(macKeyTmp); |
+ PK11_FreeSymKey(macKeyTmp); |
return PR_FALSE; |
} |
@@ -1962,7 +1931,7 @@ static PRBool |
UnwrapCachedTicketKeys(SECKEYPrivateKey *svrPrivKey, unsigned char *keyName, |
PK11SymKey **aesKey, PK11SymKey **macKey) |
{ |
- SECItem wrappedKey = {siBuffer, NULL, 0}; |
+ SECItem wrappedKey = { siBuffer, NULL, 0 }; |
PK11SymKey *aesKeyTmp = NULL; |
PK11SymKey *macKeyTmp = NULL; |
cacheDesc *cache = &globalCache; |
@@ -1971,33 +1940,33 @@ UnwrapCachedTicketKeys(SECKEYPrivateKey *svrPrivKey, unsigned char *keyName, |
wrappedKey.len = cache->ticketEncKey->length; |
PORT_Assert(wrappedKey.len <= sizeof(cache->ticketEncKey->bytes)); |
aesKeyTmp = PK11_PubUnwrapSymKey(svrPrivKey, &wrappedKey, |
- CKM_AES_CBC, CKA_DECRYPT, 0); |
+ CKM_AES_CBC, CKA_DECRYPT, 0); |
wrappedKey.data = cache->ticketMacKey->bytes; |
wrappedKey.len = cache->ticketMacKey->length; |
PORT_Assert(wrappedKey.len <= sizeof(cache->ticketMacKey->bytes)); |
macKeyTmp = PK11_PubUnwrapSymKey(svrPrivKey, &wrappedKey, |
- CKM_SHA256_HMAC, CKA_SIGN, 0); |
+ CKM_SHA256_HMAC, CKA_SIGN, 0); |
if (aesKeyTmp == NULL || macKeyTmp == NULL) { |
- SSL_DBG(("%d: SSL[%s]: Unable to unwrap session ticket keys.", |
- SSL_GETPID(), "unknown")); |
- goto loser; |
+ SSL_DBG(("%d: SSL[%s]: Unable to unwrap session ticket keys.", |
+ SSL_GETPID(), "unknown")); |
+ goto loser; |
} |
SSL_DBG(("%d: SSL[%s]: Successfully unwrapped session ticket keys.", |
- SSL_GETPID(), "unknown")); |
+ SSL_GETPID(), "unknown")); |
PORT_Memcpy(keyName, cache->ticketKeyNameSuffix, |
- SESS_TICKET_KEY_VAR_NAME_LEN); |
+ SESS_TICKET_KEY_VAR_NAME_LEN); |
*aesKey = aesKeyTmp; |
*macKey = macKeyTmp; |
return PR_TRUE; |
loser: |
if (aesKeyTmp) |
- PK11_FreeSymKey(aesKeyTmp); |
+ PK11_FreeSymKey(aesKeyTmp); |
if (macKeyTmp) |
- PK11_FreeSymKey(macKeyTmp); |
+ PK11_FreeSymKey(macKeyTmp); |
return PR_FALSE; |
} |
@@ -2020,23 +1989,23 @@ ssl_GetSessionTicketKeysPKCS11(SECKEYPrivateKey *svrPrivKey, |
now = LockSidCacheLock(cache->keyCacheLock, now); |
if (!now) |
- return rv; |
+ return rv; |
if (!*(cache->ticketKeysValid)) { |
- /* Keys do not exist, create them. */ |
- if (!GenerateAndWrapTicketKeys(svrPubKey, pwArg, keyName, |
- aesKey, macKey)) |
- goto loser; |
- keysGenerated = PR_TRUE; |
- *(cache->ticketKeysValid) = 1; |
+ /* Keys do not exist, create them. */ |
+ if (!GenerateAndWrapTicketKeys(svrPubKey, pwArg, keyName, |
+ aesKey, macKey)) |
+ goto loser; |
+ keysGenerated = PR_TRUE; |
+ *(cache->ticketKeysValid) = 1; |
} |
rv = PR_TRUE; |
- loser: |
+loser: |
UnlockSidCacheLock(cache->keyCacheLock); |
if (rv && !keysGenerated) |
- rv = UnwrapCachedTicketKeys(svrPrivKey, keyName, aesKey, macKey); |
+ rv = UnwrapCachedTicketKeys(svrPrivKey, keyName, aesKey, macKey); |
return rv; |
} |
@@ -2074,15 +2043,16 @@ ssl_GetSessionTicketKeys(unsigned char *keyName, unsigned char *encKey, |
/* Going to regenerate keys on every call if cache was not |
* initialized. */ |
if (!cacheIsEnabled || !*(cache->ticketKeysValid)) { |
- if (PK11_GenerateRandom(ticketKeyNameSuffix, |
- SESS_TICKET_KEY_VAR_NAME_LEN) != SECSuccess) |
- goto loser; |
- if (PK11_GenerateRandom(ticketEncKeyPtr, |
+ if (PK11_GenerateRandom(ticketKeyNameSuffix, |
+ SESS_TICKET_KEY_VAR_NAME_LEN) != |
+ SECSuccess) |
+ goto loser; |
+ if (PK11_GenerateRandom(ticketEncKeyPtr, |
AES_256_KEY_LENGTH) != SECSuccess) |
- goto loser; |
- if (PK11_GenerateRandom(ticketMacKeyPtr, |
+ goto loser; |
+ if (PK11_GenerateRandom(ticketMacKeyPtr, |
SHA256_LENGTH) != SECSuccess) |
- goto loser; |
+ goto loser; |
if (cacheIsEnabled) { |
*(cache->ticketKeysValid) = 1; |
} |
@@ -2090,73 +2060,73 @@ ssl_GetSessionTicketKeys(unsigned char *keyName, unsigned char *encKey, |
rv = PR_TRUE; |
- loser: |
+loser: |
if (cacheIsEnabled) { |
UnlockSidCacheLock(cache->keyCacheLock); |
} |
if (rv) { |
- PORT_Memcpy(keyName, ticketKeyNameSuffix, |
+ PORT_Memcpy(keyName, ticketKeyNameSuffix, |
SESS_TICKET_KEY_VAR_NAME_LEN); |
- PORT_Memcpy(encKey, ticketEncKeyPtr, AES_256_KEY_LENGTH); |
- PORT_Memcpy(macKey, ticketMacKeyPtr, SHA256_LENGTH); |
+ PORT_Memcpy(encKey, ticketEncKeyPtr, AES_256_KEY_LENGTH); |
+ PORT_Memcpy(macKey, ticketMacKeyPtr, SHA256_LENGTH); |
} |
return rv; |
} |
/* The caller passes in the new value it wants |
* to set. This code tests the wrapped sym key entry in the shared memory. |
- * If it is uninitialized, this function writes the caller's value into |
- * the disk entry, and returns false. |
- * Otherwise, it overwrites the caller's wswk with the value obtained from |
- * the disk, and returns PR_TRUE. |
- * This is all done while holding the locks/mutexes necessary to make |
+ * If it is uninitialized, this function writes the caller's value into |
+ * the disk entry, and returns false. |
+ * Otherwise, it overwrites the caller's wswk with the value obtained from |
+ * the disk, and returns PR_TRUE. |
+ * This is all done while holding the locks/mutexes necessary to make |
* the operation atomic. |
*/ |
PRBool |
ssl_SetWrappingKey(SSLWrappedSymWrappingKey *wswk) |
{ |
- cacheDesc * cache = &globalCache; |
- PRBool rv = PR_FALSE; |
- SSL3KEAType exchKeyType = wswk->exchKeyType; |
- /* type of keys used to wrap SymWrapKey*/ |
- PRInt32 symWrapMechIndex = wswk->symWrapMechIndex; |
- PRUint32 ndx; |
- PRUint32 now = 0; |
+ cacheDesc *cache = &globalCache; |
+ PRBool rv = PR_FALSE; |
+ SSL3KEAType exchKeyType = wswk->exchKeyType; |
+ /* type of keys used to wrap SymWrapKey*/ |
+ PRInt32 symWrapMechIndex = wswk->symWrapMechIndex; |
+ PRUint32 ndx; |
+ PRUint32 now = 0; |
SSLWrappedSymWrappingKey myWswk; |
if (!cache->cacheMem) { /* cache is uninitialized */ |
- PORT_SetError(SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED); |
- return 0; |
+ PORT_SetError(SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED); |
+ return 0; |
} |
- PORT_Assert( (unsigned)exchKeyType < kt_kea_size); |
+ PORT_Assert((unsigned)exchKeyType < kt_kea_size); |
if ((unsigned)exchKeyType >= kt_kea_size) |
- return 0; |
+ return 0; |
- PORT_Assert( (unsigned)symWrapMechIndex < SSL_NUM_WRAP_MECHS); |
- if ((unsigned)symWrapMechIndex >= SSL_NUM_WRAP_MECHS) |
- return 0; |
+ PORT_Assert((unsigned)symWrapMechIndex < SSL_NUM_WRAP_MECHS); |
+ if ((unsigned)symWrapMechIndex >= SSL_NUM_WRAP_MECHS) |
+ return 0; |
ndx = (exchKeyType * SSL_NUM_WRAP_MECHS) + symWrapMechIndex; |
- PORT_Memset(&myWswk, 0, sizeof myWswk); /* eliminate UMRs. */ |
+ PORT_Memset(&myWswk, 0, sizeof myWswk); /* eliminate UMRs. */ |
now = LockSidCacheLock(cache->keyCacheLock, now); |
if (now) { |
- rv = getSvrWrappingKey(wswk->symWrapMechIndex, wswk->exchKeyType, |
- &myWswk, cache, now); |
- if (rv) { |
- /* we found it on disk, copy it out to the caller. */ |
- PORT_Memcpy(wswk, &myWswk, sizeof *wswk); |
- } else { |
- /* Wasn't on disk, and we're still holding the lock, so write it. */ |
- cache->keyCacheData[ndx] = *wswk; |
- } |
- UnlockSidCacheLock(cache->keyCacheLock); |
+ rv = getSvrWrappingKey(wswk->symWrapMechIndex, wswk->exchKeyType, |
+ &myWswk, cache, now); |
+ if (rv) { |
+ /* we found it on disk, copy it out to the caller. */ |
+ PORT_Memcpy(wswk, &myWswk, sizeof *wswk); |
+ } else { |
+ /* Wasn't on disk, and we're still holding the lock, so write it. */ |
+ cache->keyCacheData[ndx] = *wswk; |
+ } |
+ UnlockSidCacheLock(cache->keyCacheLock); |
} |
return rv; |
} |
-#else /* MAC version or other platform */ |
+#else /* MAC version or other platform */ |
#include "seccomon.h" |
#include "cert.h" |
@@ -2164,67 +2134,67 @@ ssl_SetWrappingKey(SSLWrappedSymWrappingKey *wswk) |
#include "sslimpl.h" |
SECStatus |
-SSL_ConfigServerSessionIDCache( int maxCacheEntries, |
- PRUint32 ssl2_timeout, |
- PRUint32 ssl3_timeout, |
- const char * directory) |
+SSL_ConfigServerSessionIDCache(int maxCacheEntries, |
+ PRUint32 ssl2_timeout, |
+ PRUint32 ssl3_timeout, |
+ const char *directory) |
{ |
- PR_ASSERT(!"SSL servers are not supported on this platform. (SSL_ConfigServerSessionIDCache)"); |
+ PR_ASSERT(!"SSL servers are not supported on this platform. (SSL_ConfigServerSessionIDCache)"); |
return SECFailure; |
} |
SECStatus |
-SSL_ConfigMPServerSIDCache( int maxCacheEntries, |
- PRUint32 ssl2_timeout, |
- PRUint32 ssl3_timeout, |
- const char * directory) |
+SSL_ConfigMPServerSIDCache(int maxCacheEntries, |
+ PRUint32 ssl2_timeout, |
+ PRUint32 ssl3_timeout, |
+ const char *directory) |
{ |
- PR_ASSERT(!"SSL servers are not supported on this platform. (SSL_ConfigMPServerSIDCache)"); |
+ PR_ASSERT(!"SSL servers are not supported on this platform. (SSL_ConfigMPServerSIDCache)"); |
return SECFailure; |
} |
SECStatus |
-SSL_InheritMPServerSIDCache(const char * envString) |
+SSL_InheritMPServerSIDCache(const char *envString) |
{ |
- PR_ASSERT(!"SSL servers are not supported on this platform. (SSL_InheritMPServerSIDCache)"); |
+ PR_ASSERT(!"SSL servers are not supported on this platform. (SSL_InheritMPServerSIDCache)"); |
return SECFailure; |
} |
PRBool |
-ssl_GetWrappingKey( PRInt32 symWrapMechIndex, |
- SSL3KEAType exchKeyType, |
- SSLWrappedSymWrappingKey *wswk) |
+ssl_GetWrappingKey(PRInt32 symWrapMechIndex, |
+ SSL3KEAType exchKeyType, |
+ SSLWrappedSymWrappingKey *wswk) |
{ |
PRBool rv = PR_FALSE; |
- PR_ASSERT(!"SSL servers are not supported on this platform. (ssl_GetWrappingKey)"); |
+ PR_ASSERT(!"SSL servers are not supported on this platform. (ssl_GetWrappingKey)"); |
return rv; |
} |
/* This is a kind of test-and-set. The caller passes in the new value it wants |
* to set. This code tests the wrapped sym key entry in the shared memory. |
- * If it is uninitialized, this function writes the caller's value into |
- * the disk entry, and returns false. |
- * Otherwise, it overwrites the caller's wswk with the value obtained from |
- * the disk, and returns PR_TRUE. |
- * This is all done while holding the locks/mutexes necessary to make |
+ * If it is uninitialized, this function writes the caller's value into |
+ * the disk entry, and returns false. |
+ * Otherwise, it overwrites the caller's wswk with the value obtained from |
+ * the disk, and returns PR_TRUE. |
+ * This is all done while holding the locks/mutexes necessary to make |
* the operation atomic. |
*/ |
PRBool |
ssl_SetWrappingKey(SSLWrappedSymWrappingKey *wswk) |
{ |
- PRBool rv = PR_FALSE; |
+ PRBool rv = PR_FALSE; |
PR_ASSERT(!"SSL servers are not supported on this platform. (ssl_SetWrappingKey)"); |
return rv; |
} |
-PRUint32 |
+PRUint32 |
SSL_GetMaxServerCacheLocks(void) |
{ |
PR_ASSERT(!"SSL servers are not supported on this platform. (SSL_GetMaxServerCacheLocks)"); |
return -1; |
} |
-SECStatus |
+SECStatus |
SSL_SetMaxServerCacheLocks(PRUint32 maxLocks) |
{ |
PR_ASSERT(!"SSL servers are not supported on this platform. (SSL_SetMaxServerCacheLocks)"); |