Bug 1627654 - Setup resumption callback when nsNSSSocketInfo is created r=keeler

Differential Revision: https://phabricator.services.mozilla.com/D69883

--HG--
extra : moz-landing-system : lando
This commit is contained in:
Kershaw Chang 2020-04-08 19:32:31 +00:00
Родитель 6f548f45a6
Коммит 7829c32789
7 изменённых файлов: 40 добавлений и 73 удалений

Просмотреть файл

@ -335,8 +335,5 @@ FuzzySecurityInfo::GetPeerId(nsACString& aResult) {
return NS_OK;
}
NS_IMETHODIMP
FuzzySecurityInfo::SetResumptionTokenFromExternalCache() { return NS_OK; }
} // namespace net
} // namespace mozilla

Просмотреть файл

@ -737,7 +737,6 @@ nsSocketTransport::nsSocketTransport()
mFastOpenStatus(TFO_NOT_SET),
mFirstRetryError(NS_OK),
mDoNotRetryToConnect(false),
mSSLCallbackSet(false),
mUsingQuic(false) {
this->mNetAddr.raw.family = 0;
this->mNetAddr.inet = {};
@ -1278,36 +1277,6 @@ nsresult nsSocketTransport::BuildSocket(PRFileDesc*& fd, bool& proxyTransparent,
return rv;
}
// static
SECStatus nsSocketTransport::StoreResumptionToken(
PRFileDesc* fd, const PRUint8* resumptionToken, unsigned int len,
void* ctx) {
PRIntn val;
if (SSL_OptionGet(fd, SSL_ENABLE_SESSION_TICKETS, &val) != SECSuccess ||
val == 0) {
return SECFailure;
}
nsCOMPtr<nsISSLSocketControl> secCtrl =
do_QueryInterface(static_cast<nsSocketTransport*>(ctx)->mSecInfo);
if (!secCtrl) {
return SECFailure;
}
nsAutoCString peerId;
secCtrl->GetPeerId(peerId);
nsCOMPtr<nsITransportSecurityInfo> secInfo = do_QueryInterface(secCtrl);
if (!secInfo) {
return SECFailure;
}
if (NS_FAILED(SSLTokensCache::Put(peerId, resumptionToken, len, secInfo))) {
return SECFailure;
}
return SECSuccess;
}
nsresult nsSocketTransport::InitiateSocket() {
SOCKET_LOG(("nsSocketTransport::InitiateSocket [this=%p]\n", this));
@ -1622,19 +1591,6 @@ nsresult nsSocketTransport::InitiateSocket() {
}
}
nsCOMPtr<nsISSLSocketControl> secCtrl = do_QueryInterface(mSecInfo);
if (usingSSL && secCtrl && SSLTokensCache::IsEnabled()) {
rv = secCtrl->SetResumptionTokenFromExternalCache();
if (NS_FAILED(rv)) {
SOCKET_LOG(("SetResumptionTokenFromExternalCache failed [rv=%" PRIx32
"]\n",
static_cast<uint32_t>(rv)));
return rv;
}
SSL_SetResumptionTokenCallback(fd, &StoreResumptionToken, this);
mSSLCallbackSet = true;
}
bool connectCalled = true; // This is only needed for telemetry.
status = PR_Connect(fd, &prAddr, NS_SOCKET_CONNECT_TIMEOUT);
PRErrorCode code = PR_GetError();
@ -2121,11 +2077,6 @@ void nsSocketTransport::ReleaseFD_Locked(PRFileDesc* fd) {
NS_ASSERTION(mFD == fd, "wrong fd");
if (--mFDref == 0) {
if (mSSLCallbackSet) {
SSL_SetResumptionTokenCallback(fd, nullptr, nullptr);
mSSLCallbackSet = false;
}
if (gIOService->IsNetTearingDown() &&
((PR_IntervalNow() - gIOService->NetTearingDownStarted()) >
gSocketTransportService->MaxTimeForPrClosePref())) {

Просмотреть файл

@ -174,10 +174,6 @@ class nsSocketTransport final : public nsASocketHandler,
virtual ~nsSocketTransport();
private:
static SECStatus StoreResumptionToken(PRFileDesc* fd,
const PRUint8* resumptionToken,
unsigned int len, void* ctx);
// event types
enum {
MSG_ENSURE_CONNECT,
@ -475,11 +471,6 @@ class nsSocketTransport final : public nsASocketHandler,
bool mDoNotRetryToConnect;
// True if SSL_SetResumptionTokenCallback was called. We need to clear the
// callback when mFD is nulled out to make sure the ssl layer cannot call
// the callback after nsSocketTransport is destroyed.
bool mSSLCallbackSet;
// If the connection is used for QUIC this is set to true. That will mean
// that UDP will be used. QUIC do not have a SocketProvider because it is a
// mix of transport and application(HTTP) level protocol. nsSocketTransport

Просмотреть файл

@ -71,10 +71,6 @@ interface nsISSLSocketControl : nsISupports {
*/
boolean isAcceptableForHost(in ACString hostname);
/* Read the resumption token from SSLTokansCache and set it to the socket.
*/
[noscript] void setResumptionTokenFromExternalCache();
/* The Key Exchange Algorithm is used when determining whether or
not HTTP/2 can be used.

Просмотреть файл

@ -251,8 +251,3 @@ NS_IMETHODIMP
CommonSocketControl::GetPeerId(nsACString& aResult) {
return NS_ERROR_NOT_IMPLEMENTED;
}
NS_IMETHODIMP
CommonSocketControl::SetResumptionTokenFromExternalCache() {
return NS_ERROR_NOT_IMPLEMENTED;
}

Просмотреть файл

@ -677,6 +677,12 @@ PRStatus nsNSSSocketInfo::CloseSocketAndDestroy() {
poppedPlaintext->dtor(poppedPlaintext);
}
// We need to clear the callback to make sure the ssl layer cannot call the
// callback after mFD is nulled.
if (net::SSLTokensCache::IsEnabled()) {
SSL_SetResumptionTokenCallback(mFd, nullptr, nullptr);
}
PRStatus status = mFd->methods->close(mFd);
// the nsNSSSocketInfo instance can out-live the connection, so we need some
@ -757,8 +763,7 @@ nsNSSSocketInfo::GetPeerId(nsACString& aResult) {
return NS_OK;
}
NS_IMETHODIMP
nsNSSSocketInfo::SetResumptionTokenFromExternalCache() {
nsresult nsNSSSocketInfo::SetResumptionTokenFromExternalCache() {
if (!mozilla::net::SSLTokensCache::IsEnabled()) {
return NS_OK;
}
@ -2323,6 +2328,29 @@ static nsresult nsSSLIOLayerSetOptions(PRFileDesc* fd, bool forSTARTTLS,
return NS_OK;
}
SECStatus StoreResumptionToken(PRFileDesc* fd, const PRUint8* resumptionToken,
unsigned int len, void* ctx) {
PRIntn val;
if (SSL_OptionGet(fd, SSL_ENABLE_SESSION_TICKETS, &val) != SECSuccess ||
val == 0) {
return SECFailure;
}
nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*)ctx;
if (!infoObject) {
return SECFailure;
}
nsAutoCString peerId;
infoObject->GetPeerId(peerId);
if (NS_FAILED(
net::SSLTokensCache::Put(peerId, resumptionToken, len, infoObject))) {
return SECFailure;
}
return SECSuccess;
}
nsresult nsSSLIOLayerAddToSocket(int32_t family, const char* host, int32_t port,
nsIProxyInfo* proxy,
const OriginAttributes& originAttributes,
@ -2421,6 +2449,14 @@ nsresult nsSSLIOLayerAddToSocket(int32_t family, const char* host, int32_t port,
infoObject->SharedState().NoteSocketCreated();
if (net::SSLTokensCache::IsEnabled()) {
rv = infoObject->SetResumptionTokenFromExternalCache();
if (NS_FAILED(rv)) {
return rv;
}
SSL_SetResumptionTokenCallback(sslSock, &StoreResumptionToken, infoObject);
}
return NS_OK;
loser:
NS_IF_RELEASE(infoObject);

Просмотреть файл

@ -69,7 +69,6 @@ class nsNSSSocketInfo final : public CommonSocketControl {
NS_IMETHOD GetEsniTxt(nsACString& aEsniTxt) override;
NS_IMETHOD SetEsniTxt(const nsACString& aEsniTxt) override;
NS_IMETHOD GetPeerId(nsACString& aResult) override;
NS_IMETHOD SetResumptionTokenFromExternalCache() override;
PRStatus CloseSocketAndDestroy();
@ -160,6 +159,8 @@ class nsNSSSocketInfo final : public CommonSocketControl {
void SetSharedOwningReference(mozilla::psm::SharedSSLState* ref);
nsresult SetResumptionTokenFromExternalCache();
protected:
virtual ~nsNSSSocketInfo();