Backed out changeset 156e22161091 (bug 1580138) for build bustage in toolkit/library/gtest/target. On a CLOSED TREE

This commit is contained in:
Daniel Varga 2019-09-25 13:42:43 +03:00
Родитель d2ab74115b
Коммит 90b9fde46d
6 изменённых файлов: 62 добавлений и 93 удалений

Просмотреть файл

@ -23,12 +23,12 @@ static LazyLogModule gSSLTokensCacheLog("SSLTokensCache");
class ExpirationComparator {
public:
bool Equals(SSLTokensCache::TokenCacheRecord* a,
SSLTokensCache::TokenCacheRecord* b) const {
bool Equals(SSLTokensCache::HostRecord* a,
SSLTokensCache::HostRecord* b) const {
return a->mExpirationTime == b->mExpirationTime;
}
bool LessThan(SSLTokensCache::TokenCacheRecord* a,
SSLTokensCache::TokenCacheRecord* b) const {
bool LessThan(SSLTokensCache::HostRecord* a,
SSLTokensCache::HostRecord* b) const {
return a->mExpirationTime < b->mExpirationTime;
}
};
@ -78,12 +78,12 @@ SSLTokensCache::SSLTokensCache() : mCacheSize(0) {
SSLTokensCache::~SSLTokensCache() { LOG(("SSLTokensCache::~SSLTokensCache")); }
// static
nsresult SSLTokensCache::Put(const nsACString& aKey, const uint8_t* aToken,
nsresult SSLTokensCache::Put(const nsACString& aHost, const uint8_t* aToken,
uint32_t aTokenLen) {
StaticMutexAutoLock lock(sLock);
LOG(("SSLTokensCache::Put [key=%s, tokenLen=%u]",
PromiseFlatCString(aKey).get(), aTokenLen));
LOG(("SSLTokensCache::Put [host=%s, tokenLen=%u]",
PromiseFlatCString(aHost).get(), aTokenLen));
if (!gInstance) {
LOG((" service not initialized"));
@ -101,12 +101,12 @@ nsresult SSLTokensCache::Put(const nsACString& aKey, const uint8_t* aToken,
expirationTime = tokenInfo.expirationTime;
SSL_DestroyResumptionTokenInfo(&tokenInfo);
TokenCacheRecord* rec = nullptr;
HostRecord* rec = nullptr;
if (!gInstance->mTokenCacheRecords.Get(aKey, &rec)) {
rec = new TokenCacheRecord();
rec->mKey = aKey;
gInstance->mTokenCacheRecords.Put(aKey, rec);
if (!gInstance->mHostRecs.Get(aHost, &rec)) {
rec = new HostRecord();
rec->mHost = aHost;
gInstance->mHostRecs.Put(aHost, rec);
gInstance->mExpirationArray.AppendElement(rec);
} else {
gInstance->mCacheSize -= rec->mToken.Length();
@ -126,20 +126,20 @@ nsresult SSLTokensCache::Put(const nsACString& aKey, const uint8_t* aToken,
}
// static
nsresult SSLTokensCache::Get(const nsACString& aKey,
nsresult SSLTokensCache::Get(const nsACString& aHost,
nsTArray<uint8_t>& aToken) {
StaticMutexAutoLock lock(sLock);
LOG(("SSLTokensCache::Get [key=%s]", PromiseFlatCString(aKey).get()));
LOG(("SSLTokensCache::Get [host=%s]", PromiseFlatCString(aHost).get()));
if (!gInstance) {
LOG((" service not initialized"));
return NS_ERROR_NOT_INITIALIZED;
}
TokenCacheRecord* rec = nullptr;
HostRecord* rec = nullptr;
if (gInstance->mTokenCacheRecords.Get(aKey, &rec)) {
if (gInstance->mHostRecs.Get(aHost, &rec)) {
if (rec->mToken.Length()) {
aToken = rec->mToken;
return NS_OK;
@ -151,28 +151,28 @@ nsresult SSLTokensCache::Get(const nsACString& aKey,
}
// static
nsresult SSLTokensCache::Remove(const nsACString& aKey) {
nsresult SSLTokensCache::Remove(const nsACString& aHost) {
StaticMutexAutoLock lock(sLock);
LOG(("SSLTokensCache::Remove [key=%s]", PromiseFlatCString(aKey).get()));
LOG(("SSLTokensCache::Remove [host=%s]", PromiseFlatCString(aHost).get()));
if (!gInstance) {
LOG((" service not initialized"));
return NS_ERROR_NOT_INITIALIZED;
}
return gInstance->RemoveLocked(aKey);
return gInstance->RemoveLocked(aHost);
}
nsresult SSLTokensCache::RemoveLocked(const nsACString& aKey) {
nsresult SSLTokensCache::RemoveLocked(const nsACString& aHost) {
sLock.AssertCurrentThreadOwns();
LOG(("SSLTokensCache::RemoveLocked [key=%s]",
PromiseFlatCString(aKey).get()));
LOG(("SSLTokensCache::RemoveLocked [host=%s]",
PromiseFlatCString(aHost).get()));
nsAutoPtr<TokenCacheRecord> rec;
nsAutoPtr<HostRecord> rec;
if (!mTokenCacheRecords.Remove(aKey, &rec)) {
if (!mHostRecs.Remove(aHost, &rec)) {
LOG((" token not found"));
return NS_ERROR_NOT_AVAILABLE;
}
@ -206,9 +206,8 @@ void SSLTokensCache::EvictIfNecessary() {
mExpirationArray.Sort(ExpirationComparator());
while (mCacheSize > capacity && mExpirationArray.Length() > 0) {
if (NS_FAILED(RemoveLocked(mExpirationArray[0]->mKey))) {
MOZ_ASSERT(false,
"mExpirationArray and mTokenCacheRecords are out of sync!");
if (NS_FAILED(RemoveLocked(mExpirationArray[0]->mHost))) {
MOZ_ASSERT(false, "mExpirationArray and mHostRecs are out of sync!");
mExpirationArray.RemoveElementAt(0);
}
}
@ -223,12 +222,12 @@ size_t SSLTokensCache::SizeOfIncludingThis(
mozilla::MallocSizeOf mallocSizeOf) const {
size_t n = mallocSizeOf(this);
n += mTokenCacheRecords.ShallowSizeOfExcludingThis(mallocSizeOf);
n += mHostRecs.ShallowSizeOfExcludingThis(mallocSizeOf);
n += mExpirationArray.ShallowSizeOfExcludingThis(mallocSizeOf);
for (uint32_t i = 0; i < mExpirationArray.Length(); ++i) {
n += mallocSizeOf(mExpirationArray[i]);
n += mExpirationArray[i]->mKey.SizeOfExcludingThisIfUnshared(mallocSizeOf);
n += mExpirationArray[i]->mHost.SizeOfExcludingThisIfUnshared(mallocSizeOf);
n += mExpirationArray[i]->mToken.ShallowSizeOfExcludingThis(mallocSizeOf);
}

Просмотреть файл

@ -27,16 +27,16 @@ class SSLTokensCache : public nsIMemoryReporter {
static bool IsEnabled() { return sEnabled; }
static nsresult Put(const nsACString& aKey, const uint8_t* aToken,
static nsresult Put(const nsACString& aHost, const uint8_t* aToken,
uint32_t aTokenLen);
static nsresult Get(const nsACString& aKey, nsTArray<uint8_t>& aToken);
static nsresult Remove(const nsACString& aKey);
static nsresult Get(const nsACString& aHost, nsTArray<uint8_t>& aToken);
static nsresult Remove(const nsACString& aHost);
private:
SSLTokensCache();
virtual ~SSLTokensCache();
nsresult RemoveLocked(const nsACString& aKey);
nsresult RemoveLocked(const nsACString& aHost);
void InitPrefs();
void EvictIfNecessary();
@ -53,15 +53,15 @@ class SSLTokensCache : public nsIMemoryReporter {
uint32_t mCacheSize; // Actual cache size in bytes
class TokenCacheRecord {
class HostRecord {
public:
nsCString mKey;
nsCString mHost;
PRUint32 mExpirationTime;
nsTArray<uint8_t> mToken;
};
nsClassHashtable<nsCStringHashKey, TokenCacheRecord> mTokenCacheRecords;
nsTArray<TokenCacheRecord*> mExpirationArray;
nsClassHashtable<nsCStringHashKey, HostRecord> mHostRecs;
nsTArray<HostRecord*> mExpirationArray;
};
} // namespace net

Просмотреть файл

@ -1238,15 +1238,8 @@ SECStatus nsSocketTransport::StoreResumptionToken(
return SECFailure;
}
nsCOMPtr<nsISSLSocketControl> secCtrl =
do_QueryInterface(static_cast<nsSocketTransport*>(ctx)->mSecInfo);
if (!secCtrl) {
return SECFailure;
}
nsAutoCString peerId;
secCtrl->GetPeerId(peerId);
SSLTokensCache::Put(peerId, resumptionToken, len);
SSLTokensCache::Put(static_cast<nsSocketTransport*>(ctx)->mHost,
resumptionToken, len);
return SECSuccess;
}
@ -1541,22 +1534,19 @@ nsresult nsSocketTransport::InitiateSocket() {
}
}
nsCOMPtr<nsISSLSocketControl> secCtrl = do_QueryInterface(mSecInfo);
if (usingSSL && secCtrl && SSLTokensCache::IsEnabled()) {
if (usingSSL && SSLTokensCache::IsEnabled()) {
PRIntn val;
// If SSL_NO_CACHE option was set, we must not use the cache
if (SSL_OptionGet(fd, SSL_NO_CACHE, &val) == SECSuccess && val == 0) {
nsTArray<uint8_t> token;
nsAutoCString peerId;
secCtrl->GetPeerId(peerId);
nsresult rv2 = SSLTokensCache::Get(peerId, token);
nsresult rv2 = SSLTokensCache::Get(mHost, token);
if (NS_SUCCEEDED(rv2) && token.Length() != 0) {
SECStatus srv =
SSL_SetResumptionToken(fd, token.Elements(), token.Length());
if (srv == SECFailure) {
SOCKET_LOG(("Setting token failed with NSS error %d [id=%s]",
PORT_GetError(), PromiseFlatCString(peerId).get()));
SSLTokensCache::Remove(peerId);
SOCKET_LOG(("Setting token failed with NSS error %d [host=%s]",
PORT_GetError(), PromiseFlatCString(mHost).get()));
SSLTokensCache::Remove(mHost);
}
}
}

Просмотреть файл

@ -166,10 +166,5 @@ interface nsISSLSocketControl : nsISupports {
* True iff the connection was resumed using the resumption token.
*/
readonly attribute boolean resumed;
/**
* The id used to uniquely identify the connection to the peer.
*/
readonly attribute ACString peerId;
};

Просмотреть файл

@ -887,37 +887,6 @@ nsNSSSocketInfo::SetEsniTxt(const nsACString& aEsniTxt) {
return NS_OK;
}
NS_IMETHODIMP
nsNSSSocketInfo::GetPeerId(nsACString& aResult) {
if (!mPeerId.IsEmpty()) {
aResult.Assign(mPeerId);
return NS_OK;
}
if (mProviderFlags &
nsISocketProvider::ANONYMOUS_CONNECT) { // See bug 466080
mPeerId.AppendLiteral("anon:");
}
if (mProviderFlags & nsISocketProvider::NO_PERMANENT_STORAGE) {
mPeerId.AppendLiteral("private:");
}
if (mProviderFlags & nsISocketProvider::BE_CONSERVATIVE) {
mPeerId.AppendLiteral("beConservative:");
}
mPeerId.AppendPrintf("tlsflags0x%08x:", mProviderTlsFlags);
mPeerId.Append(GetHostName());
mPeerId.Append(':');
mPeerId.AppendInt(GetPort());
nsAutoCString suffix;
GetOriginAttributes().CreateSuffix(suffix);
mPeerId.Append(suffix);
aResult.Assign(mPeerId);
return NS_OK;
}
#if defined(DEBUG_SSL_VERBOSE) && defined(DUMP_BUFFER)
// Dumps a (potentially binary) buffer using SSM_DEBUG. (We could have used
// the version in ssltrace.c, but that's specifically tailored to SSLTRACE.)
@ -2324,13 +2293,30 @@ static nsresult nsSSLIOLayerSetOptions(PRFileDesc* fd, bool forSTARTTLS,
// Set the Peer ID so that SSL proxy connections work properly and to
// separate anonymous and/or private browsing connections.
uint32_t flags = infoObject->GetProviderFlags();
nsAutoCString peerId;
infoObject->GetPeerId(peerId);
if (flags & nsISocketProvider::ANONYMOUS_CONNECT) { // See bug 466080
peerId.AppendLiteral("anon:");
}
if (flags & nsISocketProvider::NO_PERMANENT_STORAGE) {
peerId.AppendLiteral("private:");
}
if (flags & nsISocketProvider::BE_CONSERVATIVE) {
peerId.AppendLiteral("beConservative:");
}
peerId.AppendPrintf("tlsflags0x%08x:", infoObject->GetProviderTlsFlags());
peerId.Append(host);
peerId.Append(':');
peerId.AppendInt(port);
nsAutoCString suffix;
infoObject->GetOriginAttributes().CreateSuffix(suffix);
peerId.Append(suffix);
if (SECSuccess != SSL_SetSockPeerID(fd, peerId.get())) {
return NS_ERROR_FAILURE;
}
uint32_t flags = infoObject->GetProviderFlags();
if (flags & nsISocketProvider::NO_PERMANENT_STORAGE) {
if (SECSuccess != SSL_OptionSet(fd, SSL_ENABLE_SESSION_TICKETS, false) ||
SECSuccess != SSL_OptionSet(fd, SSL_NO_CACHE, true)) {

Просмотреть файл

@ -163,7 +163,6 @@ class nsNSSSocketInfo final : public mozilla::psm::TransportSecurityInfo,
nsCString mNegotiatedNPN;
nsCString mEsniTxt;
nsCString mPeerId;
bool mNPNCompleted;
bool mEarlyDataAccepted;
bool mDenyClientCert;