diff options
| author | Martin Thomson <martin.thomson@gmail.com> | 2017-09-11 15:49:53 +1000 |
|---|---|---|
| committer | Martin Thomson <martin.thomson@gmail.com> | 2017-09-11 15:49:53 +1000 |
| commit | 65cfc6ceb022925e5190e167dee34801abe12236 (patch) | |
| tree | 89e9ea635b5967e9ae21fd176afa4c8b4f719069 /lib/ssl/sslsnce.c | |
| parent | 2d32981b4593350b2a4ea6d1492a982ad1543b14 (diff) | |
| download | nss-hg-65cfc6ceb022925e5190e167dee34801abe12236.tar.gz | |
Bug 1398679 - Make cipher specs properly directional, r?ekr
This makes each cipher spec unidirectional. This is a tiny bit less efficient
in TLS 1.2 and earlier, where some of the material could be shared (primarily
the master secret), but it is much more efficient for TLS 1.3.
Also, there is now only one variable of each type on the specs. Up to now, the
specs had two copies of almost everything to support being used for both read
and write. Now there are separate specs for reading and writing. We only
duplicate the pointers to the master secret, and the cipher definitions.
This also does away with the backing array that was used to hold two copies of
specs. Cipher specs are allocated on the heap as they are used and reference
counted, using the same system as is already used for TLS 1.3.
This uses the |direction| attribute that was previously added for TLS 1.3 and
uses that more thoroughly.
Finally, this REMOVES compression support from libssl entirely.
Diffstat (limited to 'lib/ssl/sslsnce.c')
| -rw-r--r-- | lib/ssl/sslsnce.c | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/lib/ssl/sslsnce.c b/lib/ssl/sslsnce.c index 3d068afc3..279f3c015 100644 --- a/lib/ssl/sslsnce.c +++ b/lib/ssl/sslsnce.c @@ -106,8 +106,6 @@ struct sidCacheEntryStr { union { struct { /* 2 */ ssl3CipherSuite cipherSuite; - /* 2 */ PRUint16 compression; /* SSLCompressionMethod */ - /* 52 */ ssl3SidKeys keys; /* keys, wrapped as needed. */ /* 4 */ PRUint32 masterWrapMech; @@ -115,7 +113,7 @@ struct sidCacheEntryStr { /* 4 */ PRInt32 srvNameIndex; /* 32 */ PRUint8 srvNameHash[SHA256_LENGTH]; /* SHA256 name hash */ /* 2 */ PRUint16 namedCurve; -/*102 */} ssl3; +/*100 */} ssl3; /* force sizeof(sidCacheEntry) to be a multiple of cache line size */ struct { @@ -439,7 +437,6 @@ ConvertFromSID(sidCacheEntry *to, sslSessionID *from) to->signatureScheme = from->sigScheme; to->u.ssl3.cipherSuite = from->u.ssl3.cipherSuite; - to->u.ssl3.compression = (PRUint16)from->u.ssl3.compression; to->u.ssl3.keys = from->u.ssl3.keys; to->u.ssl3.masterWrapMech = from->u.ssl3.masterWrapMech; to->sessionIDLength = from->u.ssl3.sessionIDLength; @@ -482,7 +479,6 @@ ConvertToSID(sidCacheEntry *from, to->u.ssl3.sessionIDLength = from->sessionIDLength; to->u.ssl3.cipherSuite = from->u.ssl3.cipherSuite; - to->u.ssl3.compression = (SSLCompressionMethod)from->u.ssl3.compression; to->u.ssl3.keys = from->u.ssl3.keys; to->u.ssl3.masterWrapMech = from->u.ssl3.masterWrapMech; if (from->u.ssl3.srvNameIndex != -1 && psnce) { |