summaryrefslogtreecommitdiff
path: root/security/nss/lib/ssl/sslsnce.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/lib/ssl/sslsnce.c')
-rw-r--r--security/nss/lib/ssl/sslsnce.c59
1 files changed, 26 insertions, 33 deletions
diff --git a/security/nss/lib/ssl/sslsnce.c b/security/nss/lib/ssl/sslsnce.c
index 279f3c0154..3ef11f7a73 100644
--- a/security/nss/lib/ssl/sslsnce.c
+++ b/security/nss/lib/ssl/sslsnce.c
@@ -85,12 +85,11 @@
/*
** Format of a cache entry in the shared memory.
*/
-PR_STATIC_ASSERT(sizeof(PRTime) == 8);
struct sidCacheEntryStr {
/* 16 */ PRIPv6Addr addr; /* client's IP address */
- /* 8 */ PRTime creationTime;
- /* 8 */ PRTime lastAccessTime;
- /* 8 */ PRTime expirationTime;
+ /* 4 */ PRUint32 creationTime;
+ /* 4 */ PRUint32 lastAccessTime;
+ /* 4 */ PRUint32 expirationTime;
/* 2 */ PRUint16 version;
/* 1 */ PRUint8 valid;
/* 1 */ PRUint8 sessionIDLength;
@@ -99,25 +98,25 @@ struct sidCacheEntryStr {
/* 2 */ PRUint16 authKeyBits;
/* 2 */ PRUint16 keaType;
/* 2 */ PRUint16 keaKeyBits;
- /* 4 */ PRUint32 signatureScheme;
- /* 4 */ PRUint32 keaGroup;
- /* 92 - common header total */
+ /* 72 - common header total */
union {
struct {
/* 2 */ ssl3CipherSuite cipherSuite;
- /* 52 */ ssl3SidKeys keys; /* keys, wrapped as needed. */
+ /* 2 */ PRUint16 compression; /* SSLCompressionMethod */
+
+ /* 54 */ ssl3SidKeys keys; /* keys, wrapped as needed. */
/* 4 */ PRUint32 masterWrapMech;
/* 4 */ PRInt32 certIndex;
/* 4 */ PRInt32 srvNameIndex;
/* 32 */ PRUint8 srvNameHash[SHA256_LENGTH]; /* SHA256 name hash */
/* 2 */ PRUint16 namedCurve;
-/*100 */} ssl3;
+/*104 */} ssl3;
/* force sizeof(sidCacheEntry) to be a multiple of cache line size */
struct {
- /*116 */ PRUint8 filler[116]; /* 92+116==208, a multiple of 16 */
+ /*120 */ PRUint8 filler[120]; /* 72+120==192, a multiple of 16 */
} forceSize;
} u;
};
@@ -283,7 +282,7 @@ LockSidCacheLock(sidCacheLock *lock, PRUint32 now)
if (rv != SECSuccess)
return 0;
if (!now)
- now = ssl_TimeSec();
+ now = ssl_Time();
lock->timeStamp = now;
lock->pid = myPid;
return now;
@@ -299,7 +298,7 @@ UnlockSidCacheLock(sidCacheLock *lock)
return rv;
}
-/* returns the value of ssl_TimeSec on success, zero on failure. */
+/* returns the value of ssl_Time on success, zero on failure. */
static PRUint32
LockSet(cacheDesc *cache, PRUint32 set, PRUint32 now)
{
@@ -433,10 +432,9 @@ ConvertFromSID(sidCacheEntry *to, sslSessionID *from)
to->authKeyBits = from->authKeyBits;
to->keaType = from->keaType;
to->keaKeyBits = from->keaKeyBits;
- to->keaGroup = from->keaGroup;
- to->signatureScheme = from->sigScheme;
to->u.ssl3.cipherSuite = from->u.ssl3.cipherSuite;
+ to->u.ssl3.compression = (PRUint16)from->u.ssl3.compression;
to->u.ssl3.keys = from->u.ssl3.keys;
to->u.ssl3.masterWrapMech = from->u.ssl3.masterWrapMech;
to->sessionIDLength = from->u.ssl3.sessionIDLength;
@@ -454,10 +452,9 @@ ConvertFromSID(sidCacheEntry *to, sslSessionID *from)
SSL_TRC(8, ("%d: SSL3: ConvertSID: time=%d addr=0x%08x%08x%08x%08x "
"cipherSuite=%d",
- myPid, to->creationTime / PR_USEC_PER_SEC,
- to->addr.pr_s6_addr32[0], to->addr.pr_s6_addr32[1],
- to->addr.pr_s6_addr32[2], to->addr.pr_s6_addr32[3],
- to->u.ssl3.cipherSuite));
+ myPid, to->creationTime, to->addr.pr_s6_addr32[0],
+ to->addr.pr_s6_addr32[1], to->addr.pr_s6_addr32[2],
+ to->addr.pr_s6_addr32[3], to->u.ssl3.cipherSuite));
}
/*
@@ -479,6 +476,7 @@ ConvertToSID(sidCacheEntry *from,
to->u.ssl3.sessionIDLength = from->sessionIDLength;
to->u.ssl3.cipherSuite = from->u.ssl3.cipherSuite;
+ to->u.ssl3.compression = (SSLCompressionMethod)from->u.ssl3.compression;
to->u.ssl3.keys = from->u.ssl3.keys;
to->u.ssl3.masterWrapMech = from->u.ssl3.masterWrapMech;
if (from->u.ssl3.srvNameIndex != -1 && psnce) {
@@ -543,8 +541,6 @@ ConvertToSID(sidCacheEntry *from,
to->authKeyBits = from->authKeyBits;
to->keaType = from->keaType;
to->keaKeyBits = from->keaKeyBits;
- to->keaGroup = from->keaGroup;
- to->sigScheme = from->signatureScheme;
return to;
@@ -752,19 +748,17 @@ ServerSessionIDCache(sslSessionID *sid)
PORT_Assert(sid->creationTime != 0);
if (!sid->creationTime)
- sid->lastAccessTime = sid->creationTime = ssl_TimeUsec();
+ sid->lastAccessTime = sid->creationTime = ssl_Time();
/* override caller's expiration time, which uses client timeout
* duration, not server timeout duration.
*/
- sid->expirationTime =
- sid->creationTime + cache->ssl3Timeout * PR_USEC_PER_SEC;
+ sid->expirationTime = sid->creationTime + cache->ssl3Timeout;
SSL_TRC(8, ("%d: SSL: CacheMT: cached=%d addr=0x%08x%08x%08x%08x time=%x "
"cipherSuite=%d",
myPid, sid->cached,
sid->addr.pr_s6_addr32[0], sid->addr.pr_s6_addr32[1],
sid->addr.pr_s6_addr32[2], sid->addr.pr_s6_addr32[3],
- sid->creationTime / PR_USEC_PER_SEC,
- sid->u.ssl3.cipherSuite));
+ sid->creationTime, sid->u.ssl3.cipherSuite));
PRINT_BUF(8, (0, "sessionID:", sid->u.ssl3.sessionID,
sid->u.ssl3.sessionIDLength));
@@ -826,8 +820,7 @@ ServerSessionIDUncache(sslSessionID *sid)
myPid, sid->cached,
sid->addr.pr_s6_addr32[0], sid->addr.pr_s6_addr32[1],
sid->addr.pr_s6_addr32[2], sid->addr.pr_s6_addr32[3],
- sid->creationTime / PR_USEC_PER_SEC,
- sid->u.ssl3.cipherSuite));
+ sid->creationTime, sid->u.ssl3.cipherSuite));
PRINT_BUF(8, (0, "sessionID:", sessionID, sessionIDLength));
set = SIDindex(cache, &sid->addr, sessionID, sessionIDLength);
now = LockSet(cache, set, 0);
@@ -1093,7 +1086,7 @@ InitCache(cacheDesc *cache, int maxCacheEntries, int maxCertCacheEntries,
cache->srvNameCacheData = (srvNameCacheEntry *)(cache->cacheMem + (ptrdiff_t)cache->srvNameCacheData);
/* initialize the locks */
- init_time = ssl_TimeSec();
+ init_time = ssl_Time();
pLock = cache->sidCacheLocks;
for (locks_to_initialize = cache->numSIDCacheLocks + 3;
locks_initialized < locks_to_initialize;
@@ -1141,10 +1134,6 @@ SSL_SetMaxServerCacheLocks(PRUint32 maxLocks)
return SECSuccess;
}
-PR_STATIC_ASSERT(sizeof(sidCacheEntry) % 16 == 0);
-PR_STATIC_ASSERT(sizeof(certCacheEntry) == 4096);
-PR_STATIC_ASSERT(sizeof(srvNameCacheEntry) == 1072);
-
static SECStatus
ssl_ConfigServerSessionIDCacheInstanceWithOpt(cacheDesc *cache,
PRUint32 ssl3_timeout,
@@ -1156,6 +1145,10 @@ ssl_ConfigServerSessionIDCacheInstanceWithOpt(cacheDesc *cache,
{
SECStatus rv;
+ PORT_Assert(sizeof(sidCacheEntry) == 192);
+ PORT_Assert(sizeof(certCacheEntry) == 4096);
+ PORT_Assert(sizeof(srvNameCacheEntry) == 1072);
+
rv = ssl_Init();
if (rv != SECSuccess) {
return rv;
@@ -1526,7 +1519,7 @@ LockPoller(void *arg)
if (sharedCache->stopPolling)
break;
- now = ssl_TimeSec();
+ now = ssl_Time();
then = now - expiration;
for (pLock = cache->sidCacheLocks, locks_polled = 0;
locks_to_poll > locks_polled && !sharedCache->stopPolling;