Print this page
5045 use atomic_{inc,dec}_* instead of atomic_add_*
Split |
Close |
Expand all |
Collapse all |
--- old/usr/src/uts/common/inet/kssl/ksslimpl.h
+++ new/usr/src/uts/common/inet/kssl/ksslimpl.h
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
23 23 */
24 24
25 25 #ifndef _INET_KSSL_KSSLIMPL_H
26 26 #define _INET_KSSL_KSSLIMPL_H
27 27
28 28 #ifdef __cplusplus
29 29 extern "C" {
30 30 #endif
31 31
32 32 #include <sys/types.h>
33 33 #include <netinet/in.h>
34 34 #include <sys/socket.h>
35 35 #include <sys/atomic.h>
36 36 #include <sys/mutex.h>
37 37 #include <sys/crypto/common.h>
38 38 #include <sys/kstat.h>
39 39 #include <sys/sdt.h>
40 40 #include <inet/kssl/ksslapi.h>
41 41 #include <inet/kssl/ksslproto.h>
42 42
43 43 /*
44 44 * Certificate structure. The msg field is the BER data of the
45 45 * certificate.
46 46 */
47 47 typedef struct Certificate {
48 48 uchar_t *msg;
49 49 int len;
50 50 } Certificate_t;
51 51
52 52 /* Generic linked chain type */
53 53 typedef struct kssl_chain_s {
54 54 struct kssl_chain_s *next;
55 55 void *item;
56 56 } kssl_chain_t;
57 57
58 58 /* Proxies chain. follows the generic kssl_chain_t layout */
59 59 typedef struct kssl_proxy_s {
60 60 struct kssl_proxy_s *next;
61 61 void *proxy_bound;
62 62 } kssl_proxy_t;
63 63
64 64 /* Fallback endpoints chain. Ditto. */
65 65 typedef struct kssl_fallback_s {
66 66 struct kssl_fallback_s *next;
67 67 void *fallback_bound;
68 68 } kssl_fallback_t;
69 69
70 70 /*
71 71 * Structure to support using a non-extractable key in
72 72 * a crypto provider. We keep the token label and pin so
73 73 * that we can reauthenticate when needed.
74 74 */
75 75 typedef struct kssl_session_info_s {
76 76 boolean_t is_valid_handle;
77 77 boolean_t do_reauth;
78 78 crypto_provider_t prov;
79 79 crypto_session_id_t sid;
80 80 crypto_key_t key;
81 81 crypto_notify_handle_t evnt_handle;
82 82 char toklabel[CRYPTO_EXT_SIZE_LABEL];
83 83 int pinlen;
84 84 char tokpin[1];
85 85 } kssl_session_info_t;
86 86
87 87 /* kssl_entry_t structure. */
88 88
89 89 typedef struct kssl_entry_s {
90 90 uint_t ke_refcnt; /* for hold/release */
91 91 boolean_t ke_no_freeall;
92 92 kmutex_t ke_mutex;
93 93
94 94 in6_addr_t ke_laddr;
95 95 in_port_t ke_ssl_port; /* SSL port */
96 96 in_port_t ke_proxy_port; /* SSL proxy port */
97 97
98 98 uint32_t sid_cache_timeout; /* In seconds */
99 99 uint32_t sid_cache_nentries;
100 100 kssl_sid_ent_t *sid_cache;
101 101
102 102 uint16_t kssl_cipherSuites[CIPHER_SUITE_COUNT];
103 103 int kssl_cipherSuites_nentries;
104 104 uint16_t kssl_saved_Suites[CIPHER_SUITE_COUNT];
105 105
106 106 boolean_t ke_is_nxkey;
107 107 kssl_session_info_t *ke_sessinfo;
108 108
109 109 crypto_key_t *ke_private_key; /* instance's private key */
110 110 Certificate_t *ke_server_certificate;
111 111
112 112 Certificate_t **ke_cacert_chain;
113 113
114 114 kssl_proxy_t *ke_proxy_head; /* Proxies chain */
115 115 kssl_fallback_t *ke_fallback_head; /* Fall-back endpoints chain */
↓ open down ↓ |
115 lines elided |
↑ open up ↑ |
116 116
117 117 } kssl_entry_t;
118 118
119 119 typedef struct mech_to_cipher_s {
120 120 crypto_mech_type_t mech;
121 121 char *name;
122 122 uint16_t kssl_suites[CIPHER_SUITE_COUNT];
123 123 } mech_to_cipher_t;
124 124
125 125 #define KSSL_ENTRY_REFHOLD(kssl_entry) { \
126 - atomic_add_32(&(kssl_entry)->ke_refcnt, 1); \
126 + atomic_inc_32(&(kssl_entry)->ke_refcnt); \
127 127 ASSERT((kssl_entry)->ke_refcnt != 0); \
128 128 }
129 129
130 130 #define KSSL_ENTRY_REFRELE(kssl_entry) { \
131 131 ASSERT((kssl_entry)->ke_refcnt != 0); \
132 132 membar_exit(); \
133 - if (atomic_add_32_nv(&(kssl_entry)->ke_refcnt, -1) == 0) { \
133 + if (atomic_dec_32_nv(&(kssl_entry)->ke_refcnt) == 0) { \
134 134 kssl_free_entry((kssl_entry)); \
135 135 } \
136 136 }
137 137
138 138 #define CRYPTO_ERR(r) ((r) != CRYPTO_SUCCESS && (r) != CRYPTO_QUEUED)
139 139
140 140 /*
141 141 * Enqueue mblk into KSSL input queue. Watch for mblk b_cont chains
142 142 * returned by tcp_reass() and enqueue them properly. Caller should
143 143 * be aware that mp is modified by this macro.
144 144 */
145 145 #define KSSL_ENQUEUE_MP(ssl, mp) { \
146 146 DTRACE_PROBE1(kssl_mblk__enqueue_mp, mblk_t *, mp); \
147 147 if ((ssl)->rec_ass_tail == NULL) { \
148 148 (ssl)->rec_ass_head = (mp); \
149 149 while (mp->b_cont) \
150 150 mp = mp->b_cont; \
151 151 (ssl)->rec_ass_tail = (mp); \
152 152 } else { \
153 153 (ssl)->rec_ass_tail->b_cont = (mp); \
154 154 while (mp->b_cont) \
155 155 mp = mp->b_cont; \
156 156 (ssl)->rec_ass_tail = (mp); \
157 157 } \
158 158 }
159 159
160 160 #define SSL_MISS 123 /* Internal SSL error */
161 161
162 162 extern crypto_mechanism_t rsa_x509_mech;
163 163 extern crypto_mechanism_t hmac_md5_mech;
164 164 extern crypto_mechanism_t hmac_sha1_mech;
165 165 extern crypto_call_flag_t kssl_call_flag;
166 166 extern KSSLCipherDef cipher_defs[];
167 167
168 168 extern struct kmem_cache *kssl_cache;
169 169
170 170 #define KSSL_TAB_INITSIZE 4
171 171 extern kssl_entry_t **kssl_entry_tab;
172 172 extern int kssl_entry_tab_size;
173 173 extern int kssl_entry_tab_nentries;
174 174 extern kmutex_t kssl_tab_mutex;
175 175
176 176 typedef struct kssl_stats {
177 177 kstat_named_t sid_cache_lookups;
178 178 kstat_named_t sid_cache_hits;
179 179 kstat_named_t sid_cached;
180 180 kstat_named_t sid_uncached;
181 181 kstat_named_t full_handshakes;
182 182 kstat_named_t resumed_sessions;
183 183 kstat_named_t fallback_connections;
184 184 kstat_named_t proxy_fallback_failed;
185 185 kstat_named_t appdata_record_ins;
186 186 kstat_named_t appdata_record_outs;
187 187 kstat_named_t alloc_fails;
188 188 kstat_named_t fatal_alerts;
189 189 kstat_named_t warning_alerts;
190 190 kstat_named_t no_suite_found;
191 191 kstat_named_t compute_mac_failure;
192 192 kstat_named_t verify_mac_failure;
193 193 kstat_named_t record_decrypt_failure;
194 194 kstat_named_t bad_pre_master_secret;
195 195 kstat_named_t internal_errors;
196 196 } kssl_stats_t;
197 197
198 198 extern kssl_stats_t *kssl_statp;
199 199
200 200 #define KSSL_COUNTER(p, v) atomic_add_64(&kssl_statp->p.value.ui64, v)
201 201
202 202 #define IS_SSL_PORT 1
203 203 #define IS_PROXY_PORT 2
204 204
205 205 extern void kssl_free_entry(kssl_entry_t *);
206 206 extern void kssl_free_context(ssl_t *);
207 207 extern int kssl_compute_record_mac(ssl_t *, int, uint64_t, SSL3ContentType,
208 208 uchar_t *, uchar_t *, int, uchar_t *);
209 209 extern int kssl_handle_handshake_message(ssl_t *, mblk_t *, int *,
210 210 kssl_callback_t, void *);
211 211 extern int kssl_handle_v2client_hello(ssl_t *, mblk_t *, int);
212 212 extern void kssl_uncache_sid(sslSessionID *, kssl_entry_t *);
213 213 extern int kssl_mac_encrypt_record(ssl_t *, SSL3ContentType, uchar_t *,
214 214 uchar_t *, mblk_t *);
215 215 extern mblk_t *kssl_get_next_record(ssl_t *);
216 216 extern int kssl_get_obj_handle(kssl_entry_t *);
217 217 extern void kssl_prov_evnt(uint32_t, void *);
218 218
219 219 #ifdef __cplusplus
220 220 }
221 221 #endif
222 222
223 223 #endif /* _INET_KSSL_KSSLIMPL_H */
↓ open down ↓ |
80 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX