// non public api Status RocksEngine::_createIdentPrefix(StringData ident) { uint32_t prefix = 0; { boost::lock_guard<boost::mutex> lk(_identPrefixMapMutex); if (_identPrefixMap.find(ident) != _identPrefixMap.end()) { // already exists return Status::OK(); } prefix = ++_maxPrefix; _identPrefixMap[ident] = prefix; } BSONObjBuilder builder; builder.append("prefix", static_cast<int32_t>(prefix)); BSONObj config = builder.obj(); auto s = _db->Put(rocksdb::WriteOptions(), kMetadataPrefix + ident.toString(), rocksdb::Slice(config.objdata(), config.objsize())); if (s.ok()) { // As an optimization, add a key <prefix> to the DB std::string encodedPrefix(encodePrefix(prefix)); s = _db->Put(rocksdb::WriteOptions(), encodedPrefix, rocksdb::Slice()); } return rocksToMongoStatus(s); }
Status RocksEngine::createRecordStore(OperationContext* opCtx, StringData ns, StringData ident, const CollectionOptions& options) { auto s = _createIdentPrefix(ident); if (s.isOK() && NamespaceString::oplog(ns)) { _oplogIdent = ident.toString(); // oplog needs two prefixes, so we also reserve the next one uint64_t oplogTrackerPrefix = 0; { boost::lock_guard<boost::mutex> lk(_identPrefixMapMutex); oplogTrackerPrefix = ++_maxPrefix; } // we also need to write out the new prefix to the database. this is just an // optimization std::string encodedPrefix(encodePrefix(oplogTrackerPrefix)); s = rocksToMongoStatus( _db->Put(rocksdb::WriteOptions(), encodedPrefix, rocksdb::Slice())); } return s; }
std::string RocksEngine::_getIdentPrefix(StringData ident) { boost::mutex::scoped_lock lk(_identPrefixMapMutex); auto prefixIter = _identPrefixMap.find(ident); invariant(prefixIter != _identPrefixMap.end()); return encodePrefix(prefixIter->second); }
SECStatus _SGN_VerifyPKCS1DigestInfo(SECOidTag digestAlg, const SECItem *digest, const SECItem *dataRecoveredFromSignature, PRBool unsafeAllowMissingParameters) { SECOidData *hashOid; pkcs1Prefixes pp; const pkcs1Prefix *expectedPrefix; SECStatus rv, rv2, rv3; if (!digest || !digest->data || !dataRecoveredFromSignature || !dataRecoveredFromSignature->data) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } hashOid = SECOID_FindOIDByTag(digestAlg); if (hashOid == NULL) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } pp.digestLen = digest->len; pp.prefixWithParams.data = NULL; pp.prefixWithoutParams.data = NULL; rv2 = encodePrefix(hashOid, pp.digestLen, &pp.prefixWithParams, PR_TRUE); rv3 = encodePrefix(hashOid, pp.digestLen, &pp.prefixWithoutParams, PR_FALSE); rv = SECSuccess; if (rv2 != SECSuccess || rv3 != SECSuccess) { rv = SECFailure; } if (rv == SECSuccess) { /* We don't attempt to avoid timing attacks on these comparisons because * signature verification is a public key operation, not a private key * operation. */ if (dataRecoveredFromSignature->len == pp.prefixWithParams.len + pp.digestLen) { expectedPrefix = &pp.prefixWithParams; } else if (unsafeAllowMissingParameters && dataRecoveredFromSignature->len == pp.prefixWithoutParams.len + pp.digestLen) { expectedPrefix = &pp.prefixWithoutParams; } else { PORT_SetError(SEC_ERROR_BAD_SIGNATURE); rv = SECFailure; } } if (rv == SECSuccess) { if (memcmp(dataRecoveredFromSignature->data, expectedPrefix->data, expectedPrefix->len) || memcmp(dataRecoveredFromSignature->data + expectedPrefix->len, digest->data, digest->len)) { PORT_SetError(SEC_ERROR_BAD_SIGNATURE); rv = SECFailure; } } if (pp.prefixWithParams.data) { PORT_Free(pp.prefixWithParams.data); } if (pp.prefixWithoutParams.data) { PORT_Free(pp.prefixWithoutParams.data); } return rv; }