Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-07 04:05:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
e1d8b92ec6
gecko-dev/security/manager/ssl
History
Nathan Froyd e1d8b92ec6 Bug 1255425 - part 2 - pack kSTSPreloadList into a more efficient format; r=keeler 
Entries in kSTSPreloadList currently look like:

class nsSTSPreload
{
  public:
    const char *mHost;
    const bool mIncludeSubdomains;
};

This is inefficient for a couple of reasons:

* The structure has a bunch of wasted space: it takes 8 bytes on 32-bit
  platforms and 16 bytes on 64-bit platforms, even though it only uses 5
  and 9 bytes, respectively.

* The |const char*| requires additional space in the form of relocations
  (at least on Linux/Android), which doubles the space cost of
  individual entries.  (The space cost of the relocations is mitigated
  somewhat on Linux and Android because of elfhack, but there's still
  extra cost in the on-disk format and during the load of libxul to
  process those relocations.)

* The relocations the structure requires means that the data in it can't
  be shared between processes, which is important for e10s with multiple
  content processes.

We can make it more efficient by structuring it like so:

static const char kSTSPreloadHosts[] = {
  // One giant character array containing the hosts, in order:
  //   "example.com\0example.org\0example.test\0..."
  // Use an array rather than a literal string due to compiler limitations.
};

struct nsSTSPreload
{
  // An index into kSTSPreloadHosts for the hostname.
  uint32_t mHostIndex: 31;
  // We use the same datatype for both members so that MSVC will pack
  // the bitfields into a single uint32_t.
  uint32_t mIncludeSubdomains: 1;
};

nsSTSPreload now has no wasted space and is significantly smaller,
especially on 64-bit platforms (saves ~29K on 32-bit platforms and ~85K
on 64-bit platforms).  This organization does add a couple extra
operations to searching for preload list entries, depending on your
platform, but the space savings make it worth it.
2016-03-24 15:09:28 -04:00
..
crashtests
tests bug 1257969 - update test_pinning_dynamic.js test certificates to not use subject common name for name information r=jcj 2016-03-18 14:14:00 -07:00
CertBlocklist.cpp Bug 1219482: Replace PRLogModuleInfo with LazyLogModule in security subdirectory.r=nfroyd 2016-01-28 10:36:00 -08:00
CertBlocklist.h Bug 1227970 - Perform preference checks to allow OCSP Bypass for OneCRL via Kinto r=keeler 2015-11-26 16:57:21 +00:00
CryptoTask.cpp
CryptoTask.h
DataStorage.cpp Bug 1214305 - Part 10: Clean up global DataStorage references in the child process; r=keeler 2016-01-04 16:30:02 -05:00
DataStorage.h Bug 1215723 - Part 3: Propagate updates to DataStorage from the parent process to the content processes; r=keeler 2015-10-30 15:30:00 -04:00
DataStorageIPCUtils.h Bug 1215723 - Part 2: Initialize DataStorage items in the content process from the data in the parent; r=keeler 2015-10-30 15:30:00 -04:00
md4.c
md4.h
moz.build Bug 1226928 - signature verification for content-signing, r=keeler,mayhemer 2016-03-14 11:56:35 +01:00
nsCertOverrideService.cpp bug 1240173 - improve nsIX509Cert.dbKey r=Cykesiopka 2016-01-15 14:33:56 -08:00
nsCertOverrideService.h Bug 1253085 - Remove the |PLDHashTable*| argument from PLDHash{HashKey,MatchEntry}. r=froydnj. 2016-03-16 15:33:44 +11:00
nsCertPicker.cpp Bug 1248874 - Replace Scoped.h templates used only by PSM in ScopedNSSTypes.h with UniquePtr equivalents. r=dkeeler 2016-02-18 06:01:39 -08:00
nsCertPicker.h bug 1215690 - remove nsPSMUITracker r=Cykesiopka r=mgoodwin 2015-10-16 14:31:57 -07:00
nsCertTree.cpp Bug 1253085 - Remove the |PLDHashTable*| argument from PLDHash{HashKey,MatchEntry}. r=froydnj. 2016-03-16 15:33:44 +11:00
nsCertTree.h Bug 1207245 - part 6 - rename nsRefPtr<T> to RefPtr<T>; r=ehsan; a=Tomcat 2015-10-18 01:24:48 -04:00
nsCertVerificationThread.cpp Bug 1207245 - part 6 - rename nsRefPtr<T> to RefPtr<T>; r=ehsan; a=Tomcat 2015-10-18 01:24:48 -04:00
nsCertVerificationThread.h
nsClientAuthRemember.cpp bug 1240173 - improve nsIX509Cert.dbKey r=Cykesiopka 2016-01-15 14:33:56 -08:00
nsClientAuthRemember.h Bug 1253085 - Remove the |PLDHashTable*| argument from PLDHash{HashKey,MatchEntry}. r=froydnj. 2016-03-16 15:33:44 +11:00
nsCrypto.cpp Bug 1248874 - Replace Scoped.h templates used only by PSM in ScopedNSSTypes.h with UniquePtr equivalents. r=dkeeler 2016-02-18 06:01:39 -08:00
nsCrypto.h
nsCryptoHash.cpp bug 1230377 - part 2/2: simplify nsIKeyObject and nsIKeyObjectFactory r=jcj 2015-12-04 10:36:51 -08:00
nsCryptoHash.h
nsDataSignatureVerifier.cpp Bug 1248874 - Replace Scoped.h templates used only by PSM in ScopedNSSTypes.h with UniquePtr equivalents. r=dkeeler 2016-02-18 06:01:39 -08:00
nsDataSignatureVerifier.h
nsEntropyCollector.cpp
nsEntropyCollector.h
nsIASN1Object.idl
nsIASN1PrintableItem.idl
nsIASN1Sequence.idl
nsIAssociatedContentSecurity.idl
nsIBadCertListener2.idl
nsIBufEntropyCollector.idl
nsICertBlocklist.idl
nsICertificateDialogs.idl Bug 1251009 - Remove unused nsICertificateDialogs.notifyCACertExists() method. r=keeler, r=mfinkle 2016-03-16 12:48:59 -07:00
nsICertOverrideService.idl
nsICertPickDialogs.idl
nsICertTree.idl
nsIClientAuthDialogs.idl
nsIDataSignatureVerifier.idl
nsIGenKeypairInfoDlg.idl
nsIKeygenThread.idl
nsIKeyModule.idl bug 1230377 - part 2/2: simplify nsIKeyObject and nsIKeyObjectFactory r=jcj 2015-12-04 10:36:51 -08:00
nsINSSVersion.idl
nsIPK11Token.idl
nsIPK11TokenDB.idl Bug 1220237 - Remove uses of nsIEnumerator from PSM. r=keeler 2016-02-24 17:42:45 -08:00
nsIPKCS11.idl
nsIPKCS11Module.idl Bug 1220237 - Remove uses of nsIEnumerator from PSM. r=keeler 2016-02-24 17:42:45 -08:00
nsIPKCS11ModuleDB.idl Bug 1220237 - Remove uses of nsIEnumerator from PSM. r=keeler 2016-02-24 17:42:45 -08:00
nsIPKCS11Slot.idl
nsIProtectedAuthThread.idl
nsISecurityUITelemetry.idl Make 'Go Back' button work even when there is nothing to go back to (bug 1221084); r=paolo 2015-11-16 15:37:27 +02:00
nsISiteSecurityService.idl
nsISSLStatus.idl
nsISSLStatusProvider.idl
nsITokenDialogs.idl
nsITokenPasswordDialogs.idl
nsIUserCertPicker.idl
nsIWeakCryptoOverride.idl Bug 1215795 - Fix documentation in nsIWeakCryptoOverride.idl. r=keeler IGNORE IDL 2015-10-20 20:29:56 +09:00
nsIX509Cert.idl bug 1228175 - fix IsCertBuiltInRoot r=Cykesiopka,mgoodwin 2016-03-04 17:06:33 -08:00
nsIX509CertDB.idl bug 1241650 - remove nsIX509CertDB.findCertNicknames r=mgoodwin 2016-01-21 15:14:31 -08:00
nsIX509CertList.idl
nsIX509CertValidity.idl
nsKeygenHandler.cpp bug 1218596 - remove nsPSMInitPanic and other unnecessary things from nsNSSComponent r=Cykesiopka r=jcj 2015-10-26 16:02:19 -07:00
nsKeygenHandler.h bug 1215690 - remove nsPSMUITracker r=Cykesiopka r=mgoodwin 2015-10-16 14:31:57 -07:00
nsKeygenHandlerContent.cpp Bug 1219392 - Capitalize mozilla::unused to avoid conflicts. r=froydnj 2015-11-02 07:53:26 +02:00
nsKeygenHandlerContent.h
nsKeygenThread.cpp
nsKeygenThread.h
nsKeyModule.cpp bug 1239609 - audit nsNSSShutDownObject destructors for correctness r=Cykesiopka,sworkman 2016-01-22 14:49:39 -08:00
nsKeyModule.h bug 1239609 - audit nsNSSShutDownObject destructors for correctness r=Cykesiopka,sworkman 2016-01-22 14:49:39 -08:00
nsNSSASN1Object.cpp
nsNSSASN1Object.h
nsNSSCallbacks.cpp Bug 1004149 - Return mozilla::pkix::Result values in nsNSSHttpInterface functions. r=keeler 2016-03-18 21:11:03 -07:00
nsNSSCallbacks.h Bug 1004149 - Return mozilla::pkix::Result values in nsNSSHttpInterface functions. r=keeler 2016-03-18 21:11:03 -07:00
nsNSSCertHelper.cpp bug 1197314: Remove PR_snprintf calls in security/manager/ssl/ r=keeler 2016-02-26 15:31:43 -08:00
nsNSSCertHelper.h
nsNSSCertificate.cpp bug 1228175 - fix IsCertBuiltInRoot r=Cykesiopka,mgoodwin 2016-03-04 17:06:33 -08:00
nsNSSCertificate.h bug 1240173 - improve nsIX509Cert.dbKey r=Cykesiopka 2016-01-15 14:33:56 -08:00
nsNSSCertificateDB.cpp Bug 1250258 - Partially clean up nsNSSCertificateDB.cpp import methods. r=keeler 2016-03-16 03:54:26 -07:00
nsNSSCertificateDB.h Bug 1250258 - Partially clean up nsNSSCertificateDB.cpp import methods. r=keeler 2016-03-16 03:54:26 -07:00
nsNSSCertificateFakeTransport.cpp bug 1228175 - fix IsCertBuiltInRoot r=Cykesiopka,mgoodwin 2016-03-04 17:06:33 -08:00
nsNSSCertificateFakeTransport.h
nsNSSCertTrust.cpp Bug 1064402 - Part 2: Remove nsIX509CertDB.importServerCertificate() and nsIX509Cert::SERVER_CERT support in importCertsFromFile(). r=keeler 2016-02-06 20:41:11 -08:00
nsNSSCertTrust.h Bug 1064402 - Part 2: Remove nsIX509CertDB.importServerCertificate() and nsIX509Cert::SERVER_CERT support in importCertsFromFile(). r=keeler 2016-02-06 20:41:11 -08:00
nsNSSCertValidity.cpp Bug 1253010 - part 3 - create all nsIDateTimeFormat instances directly; r=smontagu 2015-12-05 11:03:27 -05:00
nsNSSCertValidity.h Bug 1253010 - part 1 - refactor nsX509CertValidity time formatting; r=keeler 2015-12-05 10:26:19 -05:00
nsNSSComponent.cpp Backed out changeset 917819510b3f (bug 1235634) for memory leaks on a CLOSED TREE 2016-03-22 16:08:55 +01:00
nsNSSComponent.h Backed out changeset 917819510b3f (bug 1235634) for memory leaks on a CLOSED TREE 2016-03-22 16:08:55 +01:00
nsNSSErrors.cpp Bug 1207146 - Add a link to expert technical information in the cert error page. r=Gijs,keeler 2015-12-04 19:46:13 +02:00
nsNSSHelper.h bug 1215690 - remove nsPSMUITracker r=Cykesiopka r=mgoodwin 2015-10-16 14:31:57 -07:00
nsNSSIOLayer.cpp Bug 1254306 - Do not check the fallback limit version for the RC4 fallback. r=keeler 2016-03-09 07:38:43 +09:00
nsNSSIOLayer.h Bug 1254306 - Do not check the fallback limit version for the RC4 fallback. r=keeler 2016-03-09 07:38:43 +09:00
nsNSSModule.cpp Bug 1168635 - Add an XPCOM interface to allow RC4. r=keeler 2015-10-15 05:48:27 +09:00
nsNSSShutDown.cpp Backed out changeset 917819510b3f (bug 1235634) for memory leaks on a CLOSED TREE 2016-03-22 16:08:55 +01:00
nsNSSShutDown.h Backed out changeset 917819510b3f (bug 1235634) for memory leaks on a CLOSED TREE 2016-03-22 16:08:55 +01:00
nsNSSVersion.cpp
nsNSSVersion.h
nsNTLMAuthModule.cpp bug 1197314: Remove PR_snprintf calls in security/manager/ssl/ r=keeler 2016-02-26 15:31:43 -08:00
nsNTLMAuthModule.h
nsPK11TokenDB.cpp Bug 1220237 - Remove uses of nsIEnumerator from PSM. r=keeler 2016-02-24 17:42:45 -08:00
nsPK11TokenDB.h
nsPKCS11Slot.cpp Bug 1220237 - Remove uses of nsIEnumerator from PSM. r=keeler 2016-02-24 17:42:45 -08:00
nsPKCS11Slot.h Bug 1220237 - Remove uses of nsIEnumerator from PSM. r=keeler 2016-02-24 17:42:45 -08:00
nsPKCS12Blob.cpp Bug 1219482: Replace PRLogModuleInfo with LazyLogModule in security subdirectory.r=nfroyd 2016-01-28 10:36:00 -08:00
nsPKCS12Blob.h bug 1215690 - remove nsPSMUITracker r=Cykesiopka r=mgoodwin 2015-10-16 14:31:57 -07:00
nsProtectedAuthThread.cpp Bug 1207245 - part 6 - rename nsRefPtr<T> to RefPtr<T>; r=ehsan; a=Tomcat 2015-10-18 01:24:48 -04:00
nsProtectedAuthThread.h
nsPSMBackgroundThread.cpp
nsPSMBackgroundThread.h
nsRandomGenerator.cpp Bug 1217320 - Remove more XPIDL signature comments in .cpp files. r=froydnj 2015-10-27 06:54:25 +02:00
nsRandomGenerator.h
nsSDR.cpp Bug 1250256 - Partially clean up nsSDR.cpp. r=keeler 2016-03-01 20:07:53 -08:00
nsSDR.h bug 1215690 - remove nsPSMUITracker r=Cykesiopka r=mgoodwin 2015-10-16 14:31:57 -07:00
nsSecureBrowserUIImpl.cpp Bug 1253085 - Remove the |PLDHashTable*| argument from PLDHash{HashKey,MatchEntry}. r=froydnj. 2016-03-16 15:33:44 +11:00
nsSecureBrowserUIImpl.h Bug 1201437 - Add new WebProgress state flag for user-overridden cert. r=keeler 2016-02-24 22:46:52 -08:00
nsSecurityHeaderParser.cpp Bug 1219482: Replace PRLogModuleInfo with LazyLogModule in security subdirectory.r=nfroyd 2016-01-28 10:36:00 -08:00
nsSecurityHeaderParser.h Bug 1225682 - Don't use nsAuto{,C}String as class member variables in security/manager/. r=keeler 2015-12-02 11:04:37 +09:00
NSSErrorsService.cpp
NSSErrorsService.h
nsSiteSecurityService.cpp Bug 1255425 - part 2 - pack kSTSPreloadList into a more efficient format; r=keeler 2016-03-24 15:09:28 -04:00
nsSiteSecurityService.h Bug 1255425 - part 2 - pack kSTSPreloadList into a more efficient format; r=keeler 2016-03-24 15:09:28 -04:00
nsSmartCardMonitor.cpp Bug 1219392 - Capitalize mozilla::unused to avoid conflicts. r=froydnj 2015-11-02 07:53:26 +02:00
nsSmartCardMonitor.h
nsSSLSocketProvider.cpp Bug 1200802 - Accept RFC1929 SOCKS credentials in proxyInfo. r=michal 2015-11-24 22:56:00 +01:00
nsSSLSocketProvider.h
nsSSLStatus.cpp
nsSSLStatus.h
nsSTSPreloadList.errors No bug, Automated HSTS preload list update from host bld-linux64-spot-543 - a=hsts-update 2016-03-19 04:43:30 -07:00
nsSTSPreloadList.inc Bug 1255425 - part 2 - pack kSTSPreloadList into a more efficient format; r=keeler 2016-03-24 15:09:28 -04:00
nsTLSSocketProvider.cpp Bug 1200802 - Accept RFC1929 SOCKS credentials in proxyInfo. r=michal 2015-11-24 22:56:00 +01:00
nsTLSSocketProvider.h
nsUsageArrayHelper.cpp Bug 1219482: Replace PRLogModuleInfo with LazyLogModule in security subdirectory.r=nfroyd 2016-01-28 10:36:00 -08:00
nsUsageArrayHelper.h
nsVerificationJob.h
PPSMContentDownloader.ipdl Bug 1240871 - Don't allow implicit "async" in IPDL (r=mccr8,billm) 2016-01-28 20:56:37 -08:00
PSMContentListener.cpp Bug 1219482: Replace PRLogModuleInfo with LazyLogModule in security subdirectory.r=nfroyd 2016-01-28 10:36:00 -08:00
PSMContentListener.h
PSMRunnable.cpp
PSMRunnable.h
PublicKeyPinningService.cpp Bug 1219482: Replace PRLogModuleInfo with LazyLogModule in security subdirectory.r=nfroyd 2016-01-28 10:36:00 -08:00
PublicKeyPinningService.h Bug 1233328 - Part 1: Ignore SHA-1 pins in PublicKeyPinningService.cpp. r=keeler 2016-01-20 20:40:01 -08:00
PublicSSL.h
RootCertificateTelemetryUtils.cpp Bug 1219482: Replace PRLogModuleInfo with LazyLogModule in security subdirectory.r=nfroyd 2016-01-28 10:36:00 -08:00
RootCertificateTelemetryUtils.h
RootHashes.inc
ScopedNSSTypes.h Bug 1250258 - Partially clean up nsNSSCertificateDB.cpp import methods. r=keeler 2016-03-16 03:54:26 -07:00
SharedCertVerifier.h Bug 1207245 - part 6 - rename nsRefPtr<T> to RefPtr<T>; r=ehsan; a=Tomcat 2015-10-18 01:24:48 -04:00
SharedSSLState.cpp Bug 1228346 - initialize mOCSPMustStapleEnabled in constructor. r=dkeeler 2015-11-26 07:40:00 +01:00
SharedSSLState.h Bug 901698 - Implement OCSP-must-staple; r=keeler 2015-11-13 16:49:08 +00:00
SSLServerCertVerification.cpp bug 1228175 - fix IsCertBuiltInRoot r=Cykesiopka,mgoodwin 2016-03-04 17:06:33 -08:00
SSLServerCertVerification.h
StaticHPKPins.errors No bug, Automated HPKP preload list update from host bld-linux64-spot-223 - a=hpkp-update 2016-03-08 19:41:38 -08:00
StaticHPKPins.h No bug, Automated HPKP preload list update from host bld-linux64-spot-543 - a=hpkp-update 2016-03-19 04:43:32 -07:00
TransportSecurityInfo.cpp Bug 1253010 - part 3 - create all nsIDateTimeFormat instances directly; r=smontagu 2015-12-05 11:03:27 -05:00
TransportSecurityInfo.h Bug 1207245 - part 6 - rename nsRefPtr<T> to RefPtr<T>; r=ehsan; a=Tomcat 2015-10-18 01:24:48 -04:00
WeakCryptoOverride.cpp Bug 1219088 - Clear the session cache when a weak crypto override is revoked. r=keeler 2015-11-11 23:13:34 +09:00
WeakCryptoOverride.h Bug 1168635 - Add an XPCOM interface to allow RC4. r=keeler 2015-10-15 05:48:27 +09:00