diff options
Diffstat (limited to 'security/nss/lib/ssl/sslsnce.c')
-rw-r--r-- | security/nss/lib/ssl/sslsnce.c | 59 |
1 files changed, 26 insertions, 33 deletions
diff --git a/security/nss/lib/ssl/sslsnce.c b/security/nss/lib/ssl/sslsnce.c index 279f3c0154..3ef11f7a73 100644 --- a/security/nss/lib/ssl/sslsnce.c +++ b/security/nss/lib/ssl/sslsnce.c @@ -85,12 +85,11 @@ /* ** Format of a cache entry in the shared memory. */ -PR_STATIC_ASSERT(sizeof(PRTime) == 8); struct sidCacheEntryStr { /* 16 */ PRIPv6Addr addr; /* client's IP address */ - /* 8 */ PRTime creationTime; - /* 8 */ PRTime lastAccessTime; - /* 8 */ PRTime expirationTime; + /* 4 */ PRUint32 creationTime; + /* 4 */ PRUint32 lastAccessTime; + /* 4 */ PRUint32 expirationTime; /* 2 */ PRUint16 version; /* 1 */ PRUint8 valid; /* 1 */ PRUint8 sessionIDLength; @@ -99,25 +98,25 @@ struct sidCacheEntryStr { /* 2 */ PRUint16 authKeyBits; /* 2 */ PRUint16 keaType; /* 2 */ PRUint16 keaKeyBits; - /* 4 */ PRUint32 signatureScheme; - /* 4 */ PRUint32 keaGroup; - /* 92 - common header total */ + /* 72 - common header total */ union { struct { /* 2 */ ssl3CipherSuite cipherSuite; - /* 52 */ ssl3SidKeys keys; /* keys, wrapped as needed. */ + /* 2 */ PRUint16 compression; /* SSLCompressionMethod */ + + /* 54 */ ssl3SidKeys keys; /* keys, wrapped as needed. */ /* 4 */ PRUint32 masterWrapMech; /* 4 */ PRInt32 certIndex; /* 4 */ PRInt32 srvNameIndex; /* 32 */ PRUint8 srvNameHash[SHA256_LENGTH]; /* SHA256 name hash */ /* 2 */ PRUint16 namedCurve; -/*100 */} ssl3; +/*104 */} ssl3; /* force sizeof(sidCacheEntry) to be a multiple of cache line size */ struct { - /*116 */ PRUint8 filler[116]; /* 92+116==208, a multiple of 16 */ + /*120 */ PRUint8 filler[120]; /* 72+120==192, a multiple of 16 */ } forceSize; } u; }; @@ -283,7 +282,7 @@ LockSidCacheLock(sidCacheLock *lock, PRUint32 now) if (rv != SECSuccess) return 0; if (!now) - now = ssl_TimeSec(); + now = ssl_Time(); lock->timeStamp = now; lock->pid = myPid; return now; @@ -299,7 +298,7 @@ UnlockSidCacheLock(sidCacheLock *lock) return rv; } -/* returns the value of ssl_TimeSec on success, zero on failure. */ +/* returns the value of ssl_Time on success, zero on failure. */ static PRUint32 LockSet(cacheDesc *cache, PRUint32 set, PRUint32 now) { @@ -433,10 +432,9 @@ ConvertFromSID(sidCacheEntry *to, sslSessionID *from) to->authKeyBits = from->authKeyBits; to->keaType = from->keaType; to->keaKeyBits = from->keaKeyBits; - to->keaGroup = from->keaGroup; - to->signatureScheme = from->sigScheme; to->u.ssl3.cipherSuite = from->u.ssl3.cipherSuite; + to->u.ssl3.compression = (PRUint16)from->u.ssl3.compression; to->u.ssl3.keys = from->u.ssl3.keys; to->u.ssl3.masterWrapMech = from->u.ssl3.masterWrapMech; to->sessionIDLength = from->u.ssl3.sessionIDLength; @@ -454,10 +452,9 @@ ConvertFromSID(sidCacheEntry *to, sslSessionID *from) SSL_TRC(8, ("%d: SSL3: ConvertSID: time=%d addr=0x%08x%08x%08x%08x " "cipherSuite=%d", - myPid, to->creationTime / PR_USEC_PER_SEC, - to->addr.pr_s6_addr32[0], to->addr.pr_s6_addr32[1], - to->addr.pr_s6_addr32[2], to->addr.pr_s6_addr32[3], - to->u.ssl3.cipherSuite)); + myPid, to->creationTime, to->addr.pr_s6_addr32[0], + to->addr.pr_s6_addr32[1], to->addr.pr_s6_addr32[2], + to->addr.pr_s6_addr32[3], to->u.ssl3.cipherSuite)); } /* @@ -479,6 +476,7 @@ ConvertToSID(sidCacheEntry *from, to->u.ssl3.sessionIDLength = from->sessionIDLength; to->u.ssl3.cipherSuite = from->u.ssl3.cipherSuite; + to->u.ssl3.compression = (SSLCompressionMethod)from->u.ssl3.compression; to->u.ssl3.keys = from->u.ssl3.keys; to->u.ssl3.masterWrapMech = from->u.ssl3.masterWrapMech; if (from->u.ssl3.srvNameIndex != -1 && psnce) { @@ -543,8 +541,6 @@ ConvertToSID(sidCacheEntry *from, to->authKeyBits = from->authKeyBits; to->keaType = from->keaType; to->keaKeyBits = from->keaKeyBits; - to->keaGroup = from->keaGroup; - to->sigScheme = from->signatureScheme; return to; @@ -752,19 +748,17 @@ ServerSessionIDCache(sslSessionID *sid) PORT_Assert(sid->creationTime != 0); if (!sid->creationTime) - sid->lastAccessTime = sid->creationTime = ssl_TimeUsec(); + sid->lastAccessTime = sid->creationTime = ssl_Time(); /* override caller's expiration time, which uses client timeout * duration, not server timeout duration. */ - sid->expirationTime = - sid->creationTime + cache->ssl3Timeout * PR_USEC_PER_SEC; + sid->expirationTime = sid->creationTime + cache->ssl3Timeout; SSL_TRC(8, ("%d: SSL: CacheMT: cached=%d addr=0x%08x%08x%08x%08x time=%x " "cipherSuite=%d", myPid, sid->cached, sid->addr.pr_s6_addr32[0], sid->addr.pr_s6_addr32[1], sid->addr.pr_s6_addr32[2], sid->addr.pr_s6_addr32[3], - sid->creationTime / PR_USEC_PER_SEC, - sid->u.ssl3.cipherSuite)); + sid->creationTime, sid->u.ssl3.cipherSuite)); PRINT_BUF(8, (0, "sessionID:", sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength)); @@ -826,8 +820,7 @@ ServerSessionIDUncache(sslSessionID *sid) myPid, sid->cached, sid->addr.pr_s6_addr32[0], sid->addr.pr_s6_addr32[1], sid->addr.pr_s6_addr32[2], sid->addr.pr_s6_addr32[3], - sid->creationTime / PR_USEC_PER_SEC, - sid->u.ssl3.cipherSuite)); + sid->creationTime, sid->u.ssl3.cipherSuite)); PRINT_BUF(8, (0, "sessionID:", sessionID, sessionIDLength)); set = SIDindex(cache, &sid->addr, sessionID, sessionIDLength); now = LockSet(cache, set, 0); @@ -1093,7 +1086,7 @@ InitCache(cacheDesc *cache, int maxCacheEntries, int maxCertCacheEntries, cache->srvNameCacheData = (srvNameCacheEntry *)(cache->cacheMem + (ptrdiff_t)cache->srvNameCacheData); /* initialize the locks */ - init_time = ssl_TimeSec(); + init_time = ssl_Time(); pLock = cache->sidCacheLocks; for (locks_to_initialize = cache->numSIDCacheLocks + 3; locks_initialized < locks_to_initialize; @@ -1141,10 +1134,6 @@ SSL_SetMaxServerCacheLocks(PRUint32 maxLocks) return SECSuccess; } -PR_STATIC_ASSERT(sizeof(sidCacheEntry) % 16 == 0); -PR_STATIC_ASSERT(sizeof(certCacheEntry) == 4096); -PR_STATIC_ASSERT(sizeof(srvNameCacheEntry) == 1072); - static SECStatus ssl_ConfigServerSessionIDCacheInstanceWithOpt(cacheDesc *cache, PRUint32 ssl3_timeout, @@ -1156,6 +1145,10 @@ ssl_ConfigServerSessionIDCacheInstanceWithOpt(cacheDesc *cache, { SECStatus rv; + PORT_Assert(sizeof(sidCacheEntry) == 192); + PORT_Assert(sizeof(certCacheEntry) == 4096); + PORT_Assert(sizeof(srvNameCacheEntry) == 1072); + rv = ssl_Init(); if (rv != SECSuccess) { return rv; @@ -1526,7 +1519,7 @@ LockPoller(void *arg) if (sharedCache->stopPolling) break; - now = ssl_TimeSec(); + now = ssl_Time(); then = now - expiration; for (pLock = cache->sidCacheLocks, locks_polled = 0; locks_to_poll > locks_polled && !sharedCache->stopPolling; |