OLD | NEW |
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
2 /* | 2 /* |
3 * This file is PRIVATE to SSL and should be the first thing included by | 3 * This file is PRIVATE to SSL and should be the first thing included by |
4 * any SSL implementation file. | 4 * any SSL implementation file. |
5 * | 5 * |
6 * This Source Code Form is subject to the terms of the Mozilla Public | 6 * This Source Code Form is subject to the terms of the Mozilla Public |
7 * License, v. 2.0. If a copy of the MPL was not distributed with this | 7 * License, v. 2.0. If a copy of the MPL was not distributed with this |
8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
9 | 9 |
10 #ifndef __sslimpl_h_ | 10 #ifndef __sslimpl_h_ |
11 #define __sslimpl_h_ | 11 #define __sslimpl_h_ |
12 | 12 |
13 #ifdef DEBUG | 13 #ifdef DEBUG |
14 #undef NDEBUG | 14 #undef NDEBUG |
15 #else | 15 #else |
16 #undef NDEBUG | 16 #undef NDEBUG |
17 #define NDEBUG | 17 #define NDEBUG |
18 #endif | 18 #endif |
19 #include "secport.h" | 19 #include "secport.h" |
20 #include "secerr.h" | 20 #include "secerr.h" |
21 #include "sslerr.h" | 21 #include "sslerr.h" |
22 #include "ssl3prot.h" | 22 #include "ssl3prot.h" |
23 #include "hasht.h" | 23 #include "hasht.h" |
24 #include "keythi.h" | |
25 #include "nssilock.h" | 24 #include "nssilock.h" |
26 #include "pkcs11t.h" | 25 #include "pkcs11t.h" |
27 #if defined(XP_UNIX) || defined(XP_BEOS) | 26 #if defined(XP_UNIX) || defined(XP_BEOS) |
28 #include "unistd.h" | 27 #include "unistd.h" |
29 #endif | 28 #endif |
30 #include "nssrwlk.h" | 29 #include "nssrwlk.h" |
31 #include "prthread.h" | 30 #include "prthread.h" |
32 #include "prclist.h" | 31 #include "prclist.h" |
33 | 32 |
34 #include "sslt.h" /* for some formerly private types, now public */ | 33 #include "sslt.h" /* for some formerly private types, now public */ |
35 | 34 |
36 #ifdef NSS_PLATFORM_CLIENT_AUTH | |
37 #if defined(XP_WIN32) | |
38 #include <windows.h> | |
39 #include <wincrypt.h> | |
40 #elif defined(XP_MACOSX) | |
41 #include <Security/Security.h> | |
42 #endif | |
43 #endif | |
44 | |
45 /* to make some of these old enums public without namespace pollution, | 35 /* to make some of these old enums public without namespace pollution, |
46 ** it was necessary to prepend ssl_ to the names. | 36 ** it was necessary to prepend ssl_ to the names. |
47 ** These #defines preserve compatibility with the old code here in libssl. | 37 ** These #defines preserve compatibility with the old code here in libssl. |
48 */ | 38 */ |
49 typedef SSLKEAType SSL3KEAType; | 39 typedef SSLKEAType SSL3KEAType; |
50 typedef SSLMACAlgorithm SSL3MACAlgorithm; | 40 typedef SSLMACAlgorithm SSL3MACAlgorithm; |
51 typedef SSLSignType SSL3SignType; | |
52 | 41 |
53 #define sign_null» ssl_sign_null | 42 #define calg_null ssl_calg_null |
54 #define sign_rsa» ssl_sign_rsa | 43 #define calg_rc4 ssl_calg_rc4 |
55 #define sign_dsa» ssl_sign_dsa | 44 #define calg_rc2 ssl_calg_rc2 |
56 #define sign_ecdsa» ssl_sign_ecdsa | 45 #define calg_des ssl_calg_des |
| 46 #define calg_3des ssl_calg_3des |
| 47 #define calg_idea ssl_calg_idea |
| 48 #define calg_fortezza ssl_calg_fortezza /* deprecated, must preserve */ |
| 49 #define calg_aes ssl_calg_aes |
| 50 #define calg_camellia ssl_calg_camellia |
| 51 #define calg_seed ssl_calg_seed |
| 52 #define calg_aes_gcm ssl_calg_aes_gcm |
| 53 #define calg_chacha20 ssl_calg_chacha20 |
57 | 54 |
58 #define calg_null» ssl_calg_null | 55 #define mac_null ssl_mac_null |
59 #define calg_rc4» ssl_calg_rc4 | 56 #define mac_md5 ssl_mac_md5 |
60 #define calg_rc2» ssl_calg_rc2 | 57 #define mac_sha ssl_mac_sha |
61 #define calg_des» ssl_calg_des | 58 #define hmac_md5 ssl_hmac_md5 |
62 #define calg_3des» ssl_calg_3des | 59 #define hmac_sha ssl_hmac_sha |
63 #define calg_idea» ssl_calg_idea | 60 #define hmac_sha256 ssl_hmac_sha256 |
64 #define calg_fortezza» ssl_calg_fortezza /* deprecated, must preserve */ | 61 #define mac_aead ssl_mac_aead |
65 #define calg_aes» ssl_calg_aes | |
66 #define calg_camellia» ssl_calg_camellia | |
67 #define calg_seed» ssl_calg_seed | |
68 #define calg_aes_gcm ssl_calg_aes_gcm | |
69 #define calg_chacha20» ssl_calg_chacha20 | |
70 | 62 |
71 #define mac_null» ssl_mac_null | 63 #define SET_ERROR_CODE /* reminder */ |
72 #define mac_md5 » ssl_mac_md5 | 64 #define SEND_ALERT /* reminder */ |
73 #define mac_sha » ssl_mac_sha | 65 #define TEST_FOR_FAILURE /* reminder */ |
74 #define hmac_md5» ssl_hmac_md5 | 66 #define DEAL_WITH_FAILURE /* reminder */ |
75 #define hmac_sha» ssl_hmac_sha | |
76 #define hmac_sha256» ssl_hmac_sha256 | |
77 #define mac_aead» ssl_mac_aead | |
78 | |
79 #define SET_ERROR_CODE» » /* reminder */ | |
80 #define SEND_ALERT» » /* reminder */ | |
81 #define TEST_FOR_FAILURE» /* reminder */ | |
82 #define DEAL_WITH_FAILURE» /* reminder */ | |
83 | 67 |
84 #if defined(DEBUG) || defined(TRACE) | 68 #if defined(DEBUG) || defined(TRACE) |
85 #ifdef __cplusplus | 69 #ifdef __cplusplus |
86 #define Debug 1 | 70 #define Debug 1 |
87 #else | 71 #else |
88 extern int Debug; | 72 extern int Debug; |
89 #endif | 73 #endif |
90 #else | 74 #else |
91 #undef Debug | 75 #undef Debug |
92 #endif | 76 #endif |
93 | 77 |
94 #if defined(DEBUG) && !defined(TRACE) && !defined(NISCC_TEST) | 78 #if defined(DEBUG) && !defined(TRACE) && !defined(NISCC_TEST) |
95 #define TRACE | 79 #define TRACE |
96 #endif | 80 #endif |
97 | 81 |
98 #ifdef TRACE | 82 #ifdef TRACE |
99 #define SSL_TRC(a,b) if (ssl_trace >= (a)) ssl_Trace b | 83 #define SSL_TRC(a, b) \ |
100 #define PRINT_BUF(a,b) if (ssl_trace >= (a)) ssl_PrintBuf b | 84 if (ssl_trace >= (a)) \ |
101 #define DUMP_MSG(a,b) if (ssl_trace >= (a)) ssl_DumpMsg b | 85 ssl_Trace b |
| 86 #define PRINT_BUF(a, b) \ |
| 87 if (ssl_trace >= (a)) \ |
| 88 ssl_PrintBuf b |
| 89 #define DUMP_MSG(a, b) \ |
| 90 if (ssl_trace >= (a)) \ |
| 91 ssl_DumpMsg b |
102 #else | 92 #else |
103 #define SSL_TRC(a,b) | 93 #define SSL_TRC(a, b) |
104 #define PRINT_BUF(a,b) | 94 #define PRINT_BUF(a, b) |
105 #define DUMP_MSG(a,b) | 95 #define DUMP_MSG(a, b) |
106 #endif | 96 #endif |
107 | 97 |
108 #ifdef DEBUG | 98 #ifdef DEBUG |
109 #define SSL_DBG(b) if (ssl_debug) ssl_Trace b | 99 #define SSL_DBG(b) \ |
| 100 if (ssl_debug) \ |
| 101 ssl_Trace b |
110 #else | 102 #else |
111 #define SSL_DBG(b) | 103 #define SSL_DBG(b) |
112 #endif | 104 #endif |
113 | 105 |
114 #include "private/pprthred.h"» /* for PR_InMonitor() */ | 106 #include "private/pprthred.h" /* for PR_InMonitor() */ |
115 #define ssl_InMonitor(m) PZ_InMonitor(m) | 107 #define ssl_InMonitor(m) PZ_InMonitor(m) |
116 | 108 |
117 #define LSB(x) ((unsigned char) ((x) & 0xff)) | 109 #define LSB(x) ((unsigned char)((x)&0xff)) |
118 #define MSB(x) ((unsigned char) (((unsigned)(x)) >> 8)) | 110 #define MSB(x) ((unsigned char)(((unsigned)(x)) >> 8)) |
119 | 111 |
120 /************************************************************************/ | 112 /************************************************************************/ |
121 | 113 |
122 typedef enum { SSLAppOpRead = 0, | 114 typedef enum { SSLAppOpRead = 0, |
123 » SSLAppOpWrite, | 115 SSLAppOpWrite, |
124 » SSLAppOpRDWR, | 116 SSLAppOpRDWR, |
125 » SSLAppOpPost, | 117 SSLAppOpPost, |
126 » SSLAppOpHeader | 118 SSLAppOpHeader |
127 } SSLAppOperation; | 119 } SSLAppOperation; |
128 | 120 |
129 #define SSL_MIN_MASTER_KEY_BYTES» 5 | 121 #define SSL_MIN_MASTER_KEY_BYTES 5 |
130 #define SSL_MAX_MASTER_KEY_BYTES» 64 | 122 #define SSL_MAX_MASTER_KEY_BYTES 64 |
131 | 123 |
132 #define SSL2_SESSIONID_BYTES» » 16 | 124 #define SSL2_SESSIONID_BYTES 16 |
133 #define SSL3_SESSIONID_BYTES» » 32 | 125 #define SSL3_SESSIONID_BYTES 32 |
134 | 126 |
135 #define SSL_MIN_CHALLENGE_BYTES»» 16 | 127 #define SSL_MIN_CHALLENGE_BYTES 16 |
136 #define SSL_MAX_CHALLENGE_BYTES»» 32 | 128 #define SSL_MAX_CHALLENGE_BYTES 32 |
137 #define SSL_CHALLENGE_BYTES» » 16 | 129 #define SSL_CHALLENGE_BYTES 16 |
138 | 130 |
139 #define SSL_CONNECTIONID_BYTES» » 16 | 131 #define SSL_CONNECTIONID_BYTES 16 |
140 | 132 |
141 #define SSL_MIN_CYPHER_ARG_BYTES» 0 | 133 #define SSL_MIN_CYPHER_ARG_BYTES 0 |
142 #define SSL_MAX_CYPHER_ARG_BYTES» 32 | 134 #define SSL_MAX_CYPHER_ARG_BYTES 32 |
143 | 135 |
144 #define SSL_MAX_MAC_BYTES» » 16 | 136 #define SSL_MAX_MAC_BYTES 16 |
145 | 137 |
146 #define SSL3_RSA_PMS_LENGTH 48 | 138 #define SSL3_RSA_PMS_LENGTH 48 |
147 #define SSL3_MASTER_SECRET_LENGTH 48 | 139 #define SSL3_MASTER_SECRET_LENGTH 48 |
148 | 140 |
149 /* number of wrap mechanisms potentially used to wrap master secrets. */ | 141 /* number of wrap mechanisms potentially used to wrap master secrets. */ |
150 #define SSL_NUM_WRAP_MECHS 16 | 142 #define SSL_NUM_WRAP_MECHS 16 |
151 | 143 |
152 /* This makes the cert cache entry exactly 4k. */ | 144 /* This makes the cert cache entry exactly 4k. */ |
153 #define SSL_MAX_CACHED_CERT_LEN»» 4060 | 145 #define SSL_MAX_CACHED_CERT_LEN 4060 |
154 | 146 |
155 #define NUM_MIXERS 9 | 147 #define NUM_MIXERS 9 |
156 | 148 |
157 /* Mask of the 25 named curves we support. */ | 149 /* Mask of the 25 named curves we support. */ |
158 #define SSL3_ALL_SUPPORTED_CURVES_MASK 0x3fffffe | 150 #define SSL3_ALL_SUPPORTED_CURVES_MASK 0x3fffffe |
159 /* Mask of only 3 curves, suite B */ | 151 /* Mask of only 3 curves, suite B */ |
160 #define SSL3_SUITE_B_SUPPORTED_CURVES_MASK 0x3800000 | 152 #define SSL3_SUITE_B_SUPPORTED_CURVES_MASK 0x3800000 |
161 | 153 |
162 #ifndef BPB | 154 #ifndef BPB |
163 #define BPB 8 /* Bits Per Byte */ | 155 #define BPB 8 /* Bits Per Byte */ |
164 #endif | 156 #endif |
165 | 157 |
166 #define EXPORT_RSA_KEY_LENGTH 64» /* bytes */ | 158 #define EXPORT_RSA_KEY_LENGTH 64 /* bytes */ |
167 | 159 |
168 #define INITIAL_DTLS_TIMEOUT_MS 1000 /* Default value from RFC 4347 = 1s*/ | 160 #define INITIAL_DTLS_TIMEOUT_MS 1000 /* Default value from RFC 4347 = 1s*/ |
169 #define MAX_DTLS_TIMEOUT_MS 60000 /* 1 minute */ | 161 #define MAX_DTLS_TIMEOUT_MS 60000 /* 1 minute */ |
170 #define DTLS_FINISHED_TIMER_MS 120000 /* Time to wait in FINISHED state */ | 162 #define DTLS_FINISHED_TIMER_MS 120000 /* Time to wait in FINISHED state */ |
171 | 163 |
172 typedef struct sslBufferStr sslBuffer; | 164 typedef struct sslBufferStr sslBuffer; |
173 typedef struct sslConnectInfoStr sslConnectInfo; | 165 typedef struct sslConnectInfoStr sslConnectInfo; |
174 typedef struct sslGatherStr sslGather; | 166 typedef struct sslGatherStr sslGather; |
175 typedef struct sslSecurityInfoStr sslSecurityInfo; | 167 typedef struct sslSecurityInfoStr sslSecurityInfo; |
176 typedef struct sslSessionIDStr sslSessionID; | 168 typedef struct sslSessionIDStr sslSessionID; |
177 typedef struct sslSocketStr sslSocket; | 169 typedef struct sslSocketStr sslSocket; |
178 typedef struct sslSocketOpsStr sslSocketOps; | 170 typedef struct sslSocketOpsStr sslSocketOps; |
179 | 171 |
180 typedef struct ssl3StateStr ssl3State; | 172 typedef struct ssl3StateStr ssl3State; |
181 typedef struct ssl3CertNodeStr ssl3CertNode; | 173 typedef struct ssl3CertNodeStr ssl3CertNode; |
182 typedef struct ssl3BulkCipherDefStr ssl3BulkCipherDef; | 174 typedef struct ssl3BulkCipherDefStr ssl3BulkCipherDef; |
183 typedef struct ssl3MACDefStr ssl3MACDef; | 175 typedef struct ssl3MACDefStr ssl3MACDef; |
184 typedef struct ssl3KeyPairStr» » ssl3KeyPair; | 176 typedef struct ssl3KeyPairStr ssl3KeyPair; |
185 typedef struct ssl3DHParamsStr ssl3DHParams; | 177 typedef struct ssl3DHParamsStr ssl3DHParams; |
186 | 178 |
187 struct ssl3CertNodeStr { | 179 struct ssl3CertNodeStr { |
188 struct ssl3CertNodeStr *next; | 180 struct ssl3CertNodeStr *next; |
189 CERTCertificate * cert; | 181 CERTCertificate *cert; |
190 }; | 182 }; |
191 | 183 |
192 typedef SECStatus (*sslHandshakeFunc)(sslSocket *ss); | 184 typedef SECStatus (*sslHandshakeFunc)(sslSocket *ss); |
193 | 185 |
194 /* This type points to the low layer send func, | 186 /* This type points to the low layer send func, |
195 ** e.g. ssl2_SendStream or ssl3_SendPlainText. | 187 ** e.g. ssl2_SendStream or ssl3_SendPlainText. |
196 ** These functions return the same values as PR_Send, | 188 ** These functions return the same values as PR_Send, |
197 ** i.e. >= 0 means number of bytes sent, < 0 means error. | 189 ** i.e. >= 0 means number of bytes sent, < 0 means error. |
198 */ | 190 */ |
199 typedef PRInt32 (*sslSendFunc)(sslSocket *ss, const unsigned char *buf, | 191 typedef PRInt32 (*sslSendFunc)(sslSocket *ss, const unsigned char *buf, |
200 » » » PRInt32 n, PRInt32 flags); | 192 PRInt32 n, PRInt32 flags); |
201 | 193 |
202 typedef void (*sslSessionIDCacheFunc) (sslSessionID *sid); | 194 typedef void (*sslSessionIDCacheFunc)(sslSessionID *sid); |
203 typedef void (*sslSessionIDUncacheFunc)(sslSessionID *sid); | 195 typedef void (*sslSessionIDUncacheFunc)(sslSessionID *sid); |
204 typedef sslSessionID *(*sslSessionIDLookupFunc)(const PRIPv6Addr *addr, | 196 typedef sslSessionID *(*sslSessionIDLookupFunc)(const PRIPv6Addr *addr, |
205 » » » » » » unsigned char* sid, | 197 unsigned char *sid, |
206 » » » » » » unsigned int sidLen, | 198 unsigned int sidLen, |
207 CERTCertDBHandle * dbHandle); | 199 CERTCertDBHandle *dbHandle); |
208 | 200 |
209 /* registerable callback function that either appends extension to buffer | 201 /* registerable callback function that either appends extension to buffer |
210 * or returns length of data that it would have appended. | 202 * or returns length of data that it would have appended. |
211 */ | 203 */ |
212 typedef PRInt32 (*ssl3HelloExtensionSenderFunc)(sslSocket *ss, PRBool append, | 204 typedef PRInt32 (*ssl3HelloExtensionSenderFunc)(sslSocket *ss, PRBool append, |
213 » » » » » » PRUint32 maxBytes); | 205 PRUint32 maxBytes); |
214 | 206 |
215 /* registerable callback function that handles a received extension, | 207 /* registerable callback function that handles a received extension, |
216 * of the given type. | 208 * of the given type. |
217 */ | 209 */ |
218 typedef SECStatus (* ssl3HelloExtensionHandlerFunc)(sslSocket *ss, | 210 typedef SECStatus (*ssl3HelloExtensionHandlerFunc)(sslSocket *ss, |
219 » » » » » » PRUint16 ex_type, | 211 PRUint16 ex_type, |
220 SECItem * data); | 212 SECItem *data); |
221 | 213 |
222 /* row in a table of hello extension senders */ | 214 /* row in a table of hello extension senders */ |
223 typedef struct { | 215 typedef struct { |
224 PRInt32 ex_type; | 216 PRInt32 ex_type; |
225 ssl3HelloExtensionSenderFunc ex_sender; | 217 ssl3HelloExtensionSenderFunc ex_sender; |
226 } ssl3HelloExtensionSender; | 218 } ssl3HelloExtensionSender; |
227 | 219 |
228 /* row in a table of hello extension handlers */ | 220 /* row in a table of hello extension handlers */ |
229 typedef struct { | 221 typedef struct { |
230 PRInt32 ex_type; | 222 PRInt32 ex_type; |
231 ssl3HelloExtensionHandlerFunc ex_handler; | 223 ssl3HelloExtensionHandlerFunc ex_handler; |
232 } ssl3HelloExtensionHandler; | 224 } ssl3HelloExtensionHandler; |
233 | 225 |
234 extern SECStatus | 226 extern SECStatus |
235 ssl3_RegisterServerHelloExtensionSender(sslSocket *ss, PRUint16 ex_type, | 227 ssl3_RegisterServerHelloExtensionSender(sslSocket *ss, PRUint16 ex_type, |
236 » » » » ssl3HelloExtensionSenderFunc cb); | 228 ssl3HelloExtensionSenderFunc cb); |
237 | 229 |
238 extern PRInt32 | 230 extern PRInt32 |
239 ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes, | 231 ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes, |
240 const ssl3HelloExtensionSender *sender); | 232 const ssl3HelloExtensionSender *sender); |
241 | 233 |
242 extern unsigned int | 234 extern unsigned int |
243 ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength); | 235 ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength); |
244 | 236 |
245 extern PRInt32 | 237 extern PRInt32 |
246 ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen, | 238 ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen, |
247 » » » PRUint32 maxBytes); | 239 PRUint32 maxBytes); |
248 | 240 |
249 /* Socket ops */ | 241 /* Socket ops */ |
250 struct sslSocketOpsStr { | 242 struct sslSocketOpsStr { |
251 int (*connect) (sslSocket *, const PRNetAddr *); | 243 int (*connect)(sslSocket *, const PRNetAddr *); |
252 PRFileDesc *(*accept) (sslSocket *, PRNetAddr *); | 244 PRFileDesc *(*accept)(sslSocket *, PRNetAddr *); |
253 int (*bind) (sslSocket *, const PRNetAddr *); | 245 int (*bind)(sslSocket *, const PRNetAddr *); |
254 int (*listen) (sslSocket *, int); | 246 int (*listen)(sslSocket *, int); |
255 int (*shutdown)(sslSocket *, int); | 247 int (*shutdown)(sslSocket *, int); |
256 int (*close) (sslSocket *); | 248 int (*close)(sslSocket *); |
257 | 249 |
258 int (*recv) (sslSocket *, unsigned char *, int, int); | 250 int (*recv)(sslSocket *, unsigned char *, int, int); |
259 | 251 |
260 /* points to the higher-layer send func, e.g. ssl_SecureSend. */ | 252 /* points to the higher-layer send func, e.g. ssl_SecureSend. */ |
261 int (*send) (sslSocket *, const unsigned char *, int, int); | 253 int (*send)(sslSocket *, const unsigned char *, int, int); |
262 int (*read) (sslSocket *, unsigned char *, int); | 254 int (*read)(sslSocket *, unsigned char *, int); |
263 int (*write) (sslSocket *, const unsigned char *, int); | 255 int (*write)(sslSocket *, const unsigned char *, int); |
264 | 256 |
265 int (*getpeername)(sslSocket *, PRNetAddr *); | 257 int (*getpeername)(sslSocket *, PRNetAddr *); |
266 int (*getsockname)(sslSocket *, PRNetAddr *); | 258 int (*getsockname)(sslSocket *, PRNetAddr *); |
267 }; | 259 }; |
268 | 260 |
269 /* Flags interpreted by ssl send functions. */ | 261 /* Flags interpreted by ssl send functions. */ |
270 #define ssl_SEND_FLAG_FORCE_INTO_BUFFER»0x40000000 | 262 #define ssl_SEND_FLAG_FORCE_INTO_BUFFER 0x40000000 |
271 #define ssl_SEND_FLAG_NO_BUFFER»» 0x20000000 | 263 #define ssl_SEND_FLAG_NO_BUFFER 0x20000000 |
272 #define ssl_SEND_FLAG_USE_EPOCH»» 0x10000000 /* DTLS only */ | 264 #define ssl_SEND_FLAG_USE_EPOCH 0x10000000 /* DTLS only */ |
273 #define ssl_SEND_FLAG_NO_RETRANSMIT» 0x08000000 /* DTLS only */ | 265 #define ssl_SEND_FLAG_NO_RETRANSMIT 0x08000000 /* DTLS only */ |
274 #define ssl_SEND_FLAG_CAP_RECORD_VERSION \ | 266 #define ssl_SEND_FLAG_CAP_RECORD_VERSION \ |
275 » » » » » 0x04000000 /* TLS only */ | 267 0x04000000 /* TLS only */ |
276 #define ssl_SEND_FLAG_MASK» » 0x7f000000 | 268 #define ssl_SEND_FLAG_MASK 0x7f000000 |
277 | 269 |
278 /* | 270 /* |
279 ** A buffer object. | 271 ** A buffer object. |
280 */ | 272 */ |
281 struct sslBufferStr { | 273 struct sslBufferStr { |
282 unsigned char *» buf; | 274 unsigned char *buf; |
283 unsigned int » len; | 275 unsigned int len; |
284 unsigned int » space; | 276 unsigned int space; |
285 }; | 277 }; |
286 | 278 |
287 /* | 279 /* |
288 ** SSL3 cipher suite policy and preference struct. | 280 ** SSL3 cipher suite policy and preference struct. |
289 */ | 281 */ |
290 typedef struct { | 282 typedef struct { |
291 #if !defined(_WIN32) | 283 #if !defined(_WIN32) |
292 unsigned int cipher_suite : 16; | 284 unsigned int cipher_suite : 16; |
293 unsigned int policy : 8; | 285 unsigned int policy : 8; |
294 unsigned int enabled : 1; | 286 unsigned int enabled : 1; |
295 unsigned int isPresent : 1; | 287 unsigned int isPresent : 1; |
296 #else | 288 #else |
297 ssl3CipherSuite cipher_suite; | 289 ssl3CipherSuite cipher_suite; |
298 PRUint8 policy; | 290 PRUint8 policy; |
299 unsigned char enabled : 1; | 291 unsigned char enabled : 1; |
300 unsigned char isPresent : 1; | 292 unsigned char isPresent : 1; |
301 #endif | 293 #endif |
302 } ssl3CipherSuiteCfg; | 294 } ssl3CipherSuiteCfg; |
303 | 295 |
304 #ifndef NSS_DISABLE_ECC | 296 #ifndef NSS_DISABLE_ECC |
305 #define ssl_V3_SUITES_IMPLEMENTED 66 | 297 #define ssl_V3_SUITES_IMPLEMENTED 67 |
306 #else | 298 #else |
307 #define ssl_V3_SUITES_IMPLEMENTED 40 | 299 #define ssl_V3_SUITES_IMPLEMENTED 41 |
308 #endif /* NSS_DISABLE_ECC */ | 300 #endif /* NSS_DISABLE_ECC */ |
309 | 301 |
310 #define MAX_DTLS_SRTP_CIPHER_SUITES 4 | 302 #define MAX_DTLS_SRTP_CIPHER_SUITES 4 |
311 | 303 |
312 /* MAX_SIGNATURE_ALGORITHMS allows for a large number of combinations of | 304 /* MAX_SIGNATURE_ALGORITHMS allows for a large number of combinations of |
313 * SSLSignType and SSLHashType, but not all combinations (specifically, this | 305 * SSLSignType and SSLHashType, but not all combinations (specifically, this |
314 * doesn't allow space for combinations with MD5). */ | 306 * doesn't allow space for combinations with MD5). */ |
315 #define MAX_SIGNATURE_ALGORITHMS 15 | 307 #define MAX_SIGNATURE_ALGORITHMS 15 |
316 | 308 |
317 | 309 /* clang-format off */ |
318 typedef struct sslOptionsStr { | 310 typedef struct sslOptionsStr { |
319 /* If SSL_SetNextProtoNego has been called, then this contains the | 311 /* If SSL_SetNextProtoNego has been called, then this contains the |
320 * list of supported protocols. */ | 312 * list of supported protocols. */ |
321 SECItem nextProtoNego; | 313 SECItem nextProtoNego; |
322 | 314 |
323 unsigned int useSecurity» » : 1; /* 1 */ | 315 unsigned int useSecurity : 1; /* 1 */ |
324 unsigned int useSocks» » : 1; /* 2 */ | 316 unsigned int useSocks : 1; /* 2 */ |
325 unsigned int requestCertificate» : 1; /* 3 */ | 317 unsigned int requestCertificate : 1; /* 3 */ |
326 unsigned int requireCertificate» : 2; /* 4-5 */ | 318 unsigned int requireCertificate : 2; /* 4-5 */ |
327 unsigned int handshakeAsClient» : 1; /* 6 */ | 319 unsigned int handshakeAsClient : 1; /* 6 */ |
328 unsigned int handshakeAsServer» : 1; /* 7 */ | 320 unsigned int handshakeAsServer : 1; /* 7 */ |
329 unsigned int enableSSL2» » : 1; /* 8 */ | 321 unsigned int enableSSL2 : 1; /* 8 */ |
330 unsigned int unusedBit9» » : 1; /* 9 */ | 322 unsigned int unusedBit9 : 1; /* 9 */ |
331 unsigned int unusedBit10» » : 1; /* 10 */ | 323 unsigned int unusedBit10 : 1; /* 10 */ |
332 unsigned int noCache» » : 1; /* 11 */ | 324 unsigned int noCache : 1; /* 11 */ |
333 unsigned int fdx» » » : 1; /* 12 */ | 325 unsigned int fdx : 1; /* 12 */ |
334 unsigned int v2CompatibleHello» : 1; /* 13 */ | 326 unsigned int v2CompatibleHello : 1; /* 13 */ |
335 unsigned int detectRollBack » : 1; /* 14 */ | 327 unsigned int detectRollBack : 1; /* 14 */ |
336 unsigned int noStepDown : 1; /* 15 */ | 328 unsigned int noStepDown : 1; /* 15 */ |
337 unsigned int bypassPKCS11 : 1; /* 16 */ | 329 unsigned int bypassPKCS11 : 1; /* 16 */ |
338 unsigned int noLocks : 1; /* 17 */ | 330 unsigned int noLocks : 1; /* 17 */ |
339 unsigned int enableSessionTickets : 1; /* 18 */ | 331 unsigned int enableSessionTickets : 1; /* 18 */ |
340 unsigned int enableDeflate : 1; /* 19 */ | 332 unsigned int enableDeflate : 1; /* 19 */ |
341 unsigned int enableRenegotiation : 2; /* 20-21 */ | 333 unsigned int enableRenegotiation : 2; /* 20-21 */ |
342 unsigned int requireSafeNegotiation : 1; /* 22 */ | 334 unsigned int requireSafeNegotiation : 1; /* 22 */ |
343 unsigned int enableFalseStart : 1; /* 23 */ | 335 unsigned int enableFalseStart : 1; /* 23 */ |
344 unsigned int cbcRandomIV : 1; /* 24 */ | 336 unsigned int cbcRandomIV : 1; /* 24 */ |
345 unsigned int enableOCSPStapling : 1; /* 25 */ | 337 unsigned int enableOCSPStapling : 1; /* 25 */ |
346 unsigned int enableNPN : 1; /* 26 */ | 338 unsigned int enableNPN : 1; /* 26 */ |
347 unsigned int enableALPN : 1; /* 27 */ | 339 unsigned int enableALPN : 1; /* 27 */ |
348 unsigned int reuseServerECDHEKey : 1; /* 28 */ | 340 unsigned int reuseServerECDHEKey : 1; /* 28 */ |
349 unsigned int enableFallbackSCSV : 1; /* 29 */ | 341 unsigned int enableFallbackSCSV : 1; /* 29 */ |
350 unsigned int enableServerDhe : 1; /* 30 */ | 342 unsigned int enableServerDhe : 1; /* 30 */ |
351 unsigned int enableExtendedMS : 1; /* 31 */ | 343 unsigned int enableExtendedMS : 1; /* 31 */ |
352 unsigned int enableSignedCertTimestamps : 1; /* 32 */ | 344 unsigned int enableSignedCertTimestamps : 1; /* 32 */ |
353 } sslOptions; | 345 } sslOptions; |
| 346 /* clang-format on */ |
354 | 347 |
355 typedef enum { sslHandshakingUndetermined = 0, | 348 typedef enum { sslHandshakingUndetermined = 0, |
356 » sslHandshakingAsClient, | 349 sslHandshakingAsClient, |
357 » sslHandshakingAsServer | 350 sslHandshakingAsServer |
358 } sslHandshakingType; | 351 } sslHandshakingType; |
359 | 352 |
360 typedef struct sslServerCertsStr { | 353 typedef struct sslServerCertsStr { |
361 /* Configuration state for server sockets */ | 354 /* Configuration state for server sockets */ |
362 CERTCertificate * serverCert; | 355 CERTCertificate *serverCert; |
363 CERTCertificateList * serverCertChain; | 356 CERTCertificateList *serverCertChain; |
364 ssl3KeyPair * serverKeyPair; | 357 ssl3KeyPair *serverKeyPair; |
365 unsigned int serverKeyBits; | 358 unsigned int serverKeyBits; |
366 } sslServerCerts; | 359 } sslServerCerts; |
367 | 360 |
368 #define SERVERKEY serverKeyPair->privKey | 361 #define SERVERKEY serverKeyPair->privKey |
369 | 362 |
370 #define SSL_LOCK_RANK_SPEC » 255 | 363 #define SSL_LOCK_RANK_SPEC 255 |
371 #define SSL_LOCK_RANK_GLOBAL » NSS_RWLOCK_RANK_NONE | 364 #define SSL_LOCK_RANK_GLOBAL NSS_RWLOCK_RANK_NONE |
372 | 365 |
373 /* These are the valid values for shutdownHow. | 366 /* These are the valid values for shutdownHow. |
374 ** These values are each 1 greater than the NSPR values, and the code | 367 ** These values are each 1 greater than the NSPR values, and the code |
375 ** depends on that relation to efficiently convert PR_SHUTDOWN values | 368 ** depends on that relation to efficiently convert PR_SHUTDOWN values |
376 ** into ssl_SHUTDOWN values. These values use one bit for read, and | 369 ** into ssl_SHUTDOWN values. These values use one bit for read, and |
377 ** another bit for write, and can be used as bitmasks. | 370 ** another bit for write, and can be used as bitmasks. |
378 */ | 371 */ |
379 #define ssl_SHUTDOWN_NONE» 0» /* NOT shutdown at all */ | 372 #define ssl_SHUTDOWN_NONE 0 /* NOT shutdown at all */ |
380 #define ssl_SHUTDOWN_RCV» 1» /* PR_SHUTDOWN_RCV +1 */ | 373 #define ssl_SHUTDOWN_RCV 1 /* PR_SHUTDOWN_RCV +1 */ |
381 #define ssl_SHUTDOWN_SEND» 2» /* PR_SHUTDOWN_SEND +1 */ | 374 #define ssl_SHUTDOWN_SEND 2 /* PR_SHUTDOWN_SEND +1 */ |
382 #define ssl_SHUTDOWN_BOTH» 3» /* PR_SHUTDOWN_BOTH +1 */ | 375 #define ssl_SHUTDOWN_BOTH 3 /* PR_SHUTDOWN_BOTH +1 */ |
383 | 376 |
384 /* | 377 /* |
385 ** A gather object. Used to read some data until a count has been | 378 ** A gather object. Used to read some data until a count has been |
386 ** satisfied. Primarily for support of async sockets. | 379 ** satisfied. Primarily for support of async sockets. |
387 ** Everything in here is protected by the recvBufLock. | 380 ** Everything in here is protected by the recvBufLock. |
388 */ | 381 */ |
389 struct sslGatherStr { | 382 struct sslGatherStr { |
390 int state;» /* see GS_ values below. */ /* ssl 2 & 3 */ | 383 int state; /* see GS_ values below. */ /* ssl 2 & 3 */ |
391 | 384 |
392 /* "buf" holds received plaintext SSL records, after decrypt and MAC check. | 385 /* "buf" holds received plaintext SSL records, after decrypt and MAC check. |
393 * SSL2: recv'd ciphertext records are put here, then decrypted in place. | 386 * SSL2: recv'd ciphertext records are put here, then decrypted in place. |
394 * SSL3: recv'd ciphertext records are put in inbuf (see below), then | 387 * SSL3: recv'd ciphertext records are put in inbuf (see below), then |
395 * decrypted into buf. | 388 * decrypted into buf. |
396 */ | 389 */ |
397 sslBuffer buf;» » » » /*recvBufLock*/»/* ssl 2 & 3 */ | 390 sslBuffer buf; /*recvBufLock*/ /* ssl 2 & 3 */ |
398 | 391 |
399 /* number of bytes previously read into hdr or buf(ssl2) or inbuf (ssl3). | 392 /* number of bytes previously read into hdr or buf(ssl2) or inbuf (ssl3). |
400 ** (offset - writeOffset) is the number of ciphertext bytes read in but | 393 ** (offset - writeOffset) is the number of ciphertext bytes read in but |
401 ** not yet deciphered. | 394 ** not yet deciphered. |
402 */ | 395 */ |
403 unsigned int offset; /* ssl 2 & 3 */ | 396 unsigned int offset; /* ssl 2 & 3 */ |
404 | 397 |
405 /* number of bytes to read in next call to ssl_DefRecv (recv) */ | 398 /* number of bytes to read in next call to ssl_DefRecv (recv) */ |
406 unsigned int remainder; /* ssl 2 & 3 */ | 399 unsigned int remainder; /* ssl 2 & 3 */ |
407 | 400 |
408 /* Number of ciphertext bytes to read in after 2-byte SSL record header. */ | 401 /* Number of ciphertext bytes to read in after 2-byte SSL record header. */ |
409 unsigned int count;» » » » » /* ssl2 only */ | 402 unsigned int count; /* ssl2 only */ |
410 | 403 |
411 /* size of the final plaintext record. | 404 /* size of the final plaintext record. |
412 ** == count - (recordPadding + MAC size) | 405 ** == count - (recordPadding + MAC size) |
413 */ | 406 */ |
414 unsigned int recordLen;» » » » » /* ssl2 only */ | 407 unsigned int recordLen; /* ssl2 only */ |
415 | 408 |
416 /* number of bytes of padding to be removed after decrypting. */ | 409 /* number of bytes of padding to be removed after decrypting. */ |
417 /* This value is taken from the record's hdr[2], which means a too large | 410 /* This value is taken from the record's hdr[2], which means a too large |
418 * value could crash us. | 411 * value could crash us. |
419 */ | 412 */ |
420 unsigned int recordPadding;» » » » /* ssl2 only */ | 413 unsigned int recordPadding; /* ssl2 only */ |
421 | 414 |
422 /* plaintext DATA begins this many bytes into "buf". */ | 415 /* plaintext DATA begins this many bytes into "buf". */ |
423 unsigned int recordOffset;»» » » » /* ssl2 only */ | 416 unsigned int recordOffset; /* ssl2 only */ |
424 | 417 |
425 int encrypted; /* SSL2 session is now encrypted. ssl2 only */ | 418 int encrypted; /* SSL2 session is now encrypted. ssl2 only */ |
426 | 419 |
427 /* These next two values are used by SSL2 and SSL3. | 420 /* These next two values are used by SSL2 and SSL3. |
428 ** DoRecv uses them to extract application data. | 421 ** DoRecv uses them to extract application data. |
429 ** The difference between writeOffset and readOffset is the amount of | 422 ** The difference between writeOffset and readOffset is the amount of |
430 ** data available to the application. Note that the actual offset of | 423 ** data available to the application. Note that the actual offset of |
431 ** the data in "buf" is recordOffset (above), not readOffset. | 424 ** the data in "buf" is recordOffset (above), not readOffset. |
432 ** In the current implementation, this is made available before the | 425 ** In the current implementation, this is made available before the |
433 ** MAC is checked!! | 426 ** MAC is checked!! |
434 */ | 427 */ |
435 unsigned int readOffset; /* Spot where DATA reader (e.g. application | 428 unsigned int readOffset; /* Spot where DATA reader (e.g. application |
436 ** or handshake code) will read next. | 429 ** or handshake code) will read next. |
437 ** Always zero for SSl3 application data. | 430 ** Always zero for SSl3 application data. |
438 » » » */ | 431 */ |
439 /* offset in buf/inbuf/hdr into which new data will be read from socket. */ | 432 /* offset in buf/inbuf/hdr into which new data will be read from socket. */ |
440 unsigned int writeOffset; | 433 unsigned int writeOffset; |
441 | 434 |
442 /* Buffer for ssl3 to read (encrypted) data from the socket */ | 435 /* Buffer for ssl3 to read (encrypted) data from the socket */ |
443 sslBuffer inbuf;» » » /*recvBufLock*/»/* ssl3 only */ | 436 sslBuffer inbuf; /*recvBufLock*/ /* ssl3 only */ |
444 | 437 |
445 /* The ssl[23]_GatherData functions read data into this buffer, rather | 438 /* The ssl[23]_GatherData functions read data into this buffer, rather |
446 ** than into buf or inbuf, while in the GS_HEADER state. | 439 ** than into buf or inbuf, while in the GS_HEADER state. |
447 ** The portion of the SSL record header put here always comes off the wire | 440 ** The portion of the SSL record header put here always comes off the wire |
448 ** as plaintext, never ciphertext. | 441 ** as plaintext, never ciphertext. |
449 ** For SSL2, the plaintext portion is two bytes long. For SSl3 it is 5. | 442 ** For SSL2, the plaintext portion is two bytes long. For SSl3 it is 5. |
450 ** For DTLS it is 13. | 443 ** For DTLS it is 13. |
451 */ | 444 */ |
452 unsigned char hdr[13];» » » » /* ssl 2 & 3 or dtls */ | 445 unsigned char hdr[13]; /* ssl 2 & 3 or dtls */ |
453 | 446 |
454 /* Buffer for DTLS data read off the wire as a single datagram */ | 447 /* Buffer for DTLS data read off the wire as a single datagram */ |
455 sslBuffer dtlsPacket; | 448 sslBuffer dtlsPacket; |
456 | 449 |
457 /* the start of the buffered DTLS record in dtlsPacket */ | 450 /* the start of the buffered DTLS record in dtlsPacket */ |
458 unsigned int dtlsPacketOffset; | 451 unsigned int dtlsPacketOffset; |
459 }; | 452 }; |
460 | 453 |
461 /* sslGather.state */ | 454 /* sslGather.state */ |
462 #define GS_INIT»» 0 | 455 #define GS_INIT 0 |
463 #define GS_HEADER» 1 | 456 #define GS_HEADER 1 |
464 #define GS_MAC» » 2 | 457 #define GS_MAC 2 |
465 #define GS_DATA»» 3 | 458 #define GS_DATA 3 |
466 #define GS_PAD» » 4 | 459 #define GS_PAD 4 |
467 | |
468 #if defined(NSS_PLATFORM_CLIENT_AUTH) && defined(XP_WIN32) | |
469 typedef PCERT_KEY_CONTEXT PlatformKey; | |
470 #elif defined(NSS_PLATFORM_CLIENT_AUTH) && defined(XP_MACOSX) | |
471 typedef SecKeyRef PlatformKey; | |
472 #else | |
473 typedef void *PlatformKey; | |
474 #endif | |
475 | |
476 | |
477 | 460 |
478 /* | 461 /* |
479 ** ssl3State and CipherSpec structs | 462 ** ssl3State and CipherSpec structs |
480 */ | 463 */ |
481 | 464 |
482 /* The SSL bulk cipher definition */ | 465 /* The SSL bulk cipher definition */ |
483 typedef enum { | 466 typedef enum { |
484 cipher_null, | 467 cipher_null, |
485 cipher_rc4, | 468 cipher_rc4, |
486 cipher_rc4_40, | 469 cipher_rc4_40, |
487 cipher_rc4_56, | 470 cipher_rc4_56, |
488 cipher_rc2, | 471 cipher_rc2, |
489 cipher_rc2_40, | 472 cipher_rc2_40, |
490 cipher_des, | 473 cipher_des, |
491 cipher_3des, | 474 cipher_3des, |
492 cipher_des40, | 475 cipher_des40, |
493 cipher_idea, | 476 cipher_idea, |
494 cipher_aes_128, | 477 cipher_aes_128, |
495 cipher_aes_256, | 478 cipher_aes_256, |
496 cipher_camellia_128, | 479 cipher_camellia_128, |
497 cipher_camellia_256, | 480 cipher_camellia_256, |
498 cipher_seed, | 481 cipher_seed, |
499 cipher_aes_128_gcm, | 482 cipher_aes_128_gcm, |
500 cipher_chacha20, | 483 cipher_chacha20, |
501 cipher_missing /* reserved for no such supported cipher */ | 484 cipher_missing /* reserved for no such supported cipher */ |
502 /* This enum must match ssl3_cipherName[] in ssl3con.c. */ | 485 /* This enum must match ssl3_cipherName[] in ssl3con.c. */ |
503 } SSL3BulkCipher; | 486 } SSL3BulkCipher; |
504 | 487 |
505 typedef enum { type_stream, type_block, type_aead } CipherType; | 488 typedef enum { type_stream, |
| 489 type_block, |
| 490 type_aead } CipherType; |
506 | 491 |
507 #define MAX_IV_LENGTH 24 | 492 #define MAX_IV_LENGTH 24 |
508 | 493 |
509 /* | 494 /* |
510 * Do not depend upon 64 bit arithmetic in the underlying machine. | 495 * Do not depend upon 64 bit arithmetic in the underlying machine. |
511 */ | 496 */ |
512 typedef struct { | 497 typedef struct { |
513 PRUint32 high; | 498 PRUint32 high; |
514 PRUint32 low; | 499 PRUint32 low; |
515 } SSL3SequenceNumber; | 500 } SSL3SequenceNumber; |
516 | 501 |
517 typedef PRUint16 DTLSEpoch; | 502 typedef PRUint16 DTLSEpoch; |
518 | 503 |
519 typedef void (*DTLSTimerCb)(sslSocket *); | 504 typedef void (*DTLSTimerCb)(sslSocket *); |
520 | 505 |
521 #define MAX_MAC_CONTEXT_BYTES 400 /* 400 is large enough for MD5, SHA-1, and | 506 /* 400 is large enough for MD5, SHA-1, and SHA-256. |
522 * SHA-256. For SHA-384 support, increase | 507 * For SHA-384 support, increase it to 712. */ |
523 * it to 712. */ | 508 #define MAX_MAC_CONTEXT_BYTES 400 |
524 #define MAX_MAC_CONTEXT_LLONGS (MAX_MAC_CONTEXT_BYTES / 8) | 509 #define MAX_MAC_CONTEXT_LLONGS (MAX_MAC_CONTEXT_BYTES / 8) |
525 | 510 |
526 #define MAX_CIPHER_CONTEXT_BYTES 2080 | 511 #define MAX_CIPHER_CONTEXT_BYTES 2080 |
527 #define MAX_CIPHER_CONTEXT_LLONGS (MAX_CIPHER_CONTEXT_BYTES / 8) | 512 #define MAX_CIPHER_CONTEXT_LLONGS (MAX_CIPHER_CONTEXT_BYTES / 8) |
528 | 513 |
529 typedef struct { | 514 typedef struct { |
530 SSL3Opaque wrapped_master_secret[48]; | 515 SSL3Opaque wrapped_master_secret[48]; |
531 PRUint16 wrapped_master_secret_len; | 516 PRUint16 wrapped_master_secret_len; |
532 PRUint8 msIsWrapped; | 517 PRUint8 msIsWrapped; |
533 PRUint8 resumable; | 518 PRUint8 resumable; |
534 PRUint8 extendedMasterSecretUsed; | 519 PRUint8 extendedMasterSecretUsed; |
535 } ssl3SidKeys; /* 52 bytes */ | 520 } ssl3SidKeys; /* 52 bytes */ |
536 | 521 |
537 typedef struct { | 522 typedef struct { |
538 PK11SymKey *write_key; | 523 PK11SymKey *write_key; |
539 PK11SymKey *write_mac_key; | 524 PK11SymKey *write_mac_key; |
540 PK11Context *write_mac_context; | 525 PK11Context *write_mac_context; |
541 SECItem write_key_item; | 526 SECItem write_key_item; |
542 SECItem write_iv_item; | 527 SECItem write_iv_item; |
543 SECItem write_mac_key_item; | 528 SECItem write_mac_key_item; |
544 SSL3Opaque write_iv[MAX_IV_LENGTH]; | 529 SSL3Opaque write_iv[MAX_IV_LENGTH]; |
545 PRUint64 cipher_context[MAX_CIPHER_CONTEXT_LLONGS]; | 530 PRUint64 cipher_context[MAX_CIPHER_CONTEXT_LLONGS]; |
546 } ssl3KeyMaterial; | 531 } ssl3KeyMaterial; |
547 | 532 |
548 typedef SECStatus (*SSLCipher)(void * context, | 533 typedef SECStatus (*SSLCipher)(void *context, |
549 unsigned char * out, | 534 unsigned char *out, |
550 » » » int * outlen, | 535 int *outlen, |
551 » » » int maxout, | 536 int maxout, |
552 » » » const unsigned char *in, | 537 const unsigned char *in, |
553 » » » int inlen); | 538 int inlen); |
554 typedef SECStatus (*SSLAEADCipher)( | 539 typedef SECStatus (*SSLAEADCipher)( |
555 » » » ssl3KeyMaterial * keys, | 540 ssl3KeyMaterial *keys, |
556 » » » PRBool doDecrypt, | 541 PRBool doDecrypt, |
557 » » » unsigned char * out, | 542 unsigned char *out, |
558 » » » int * outlen, | 543 int *outlen, |
559 » » » int maxout, | 544 int maxout, |
560 » » » const unsigned char *in, | 545 const unsigned char *in, |
561 » » » int inlen, | 546 int inlen, |
562 » » » const unsigned char *additionalData, | 547 const unsigned char *additionalData, |
563 » » » int additionalDataLen); | 548 int additionalDataLen); |
564 typedef SECStatus (*SSLCompressor)(void * context, | 549 typedef SECStatus (*SSLCompressor)(void *context, |
565 unsigned char * out, | 550 unsigned char *out, |
566 int * outlen, | 551 int *outlen, |
567 int maxout, | 552 int maxout, |
568 const unsigned char *in, | 553 const unsigned char *in, |
569 int inlen); | 554 int inlen); |
570 typedef SECStatus (*SSLDestroy)(void *context, PRBool freeit); | 555 typedef SECStatus (*SSLDestroy)(void *context, PRBool freeit); |
571 | 556 |
572 /* The DTLS anti-replay window. Defined here because we need it in | 557 /* The DTLS anti-replay window. Defined here because we need it in |
573 * the cipher spec. Note that this is a ring buffer but left and | 558 * the cipher spec. Note that this is a ring buffer but left and |
574 * right represent the true window, with modular arithmetic used to | 559 * right represent the true window, with modular arithmetic used to |
575 * map them onto the buffer. | 560 * map them onto the buffer. |
576 */ | 561 */ |
577 #define DTLS_RECVD_RECORDS_WINDOW 1024 /* Packets; approximate | 562 #define DTLS_RECVD_RECORDS_WINDOW 1024 /* Packets; approximate \ |
578 » » » » * Must be divisible by 8 | 563 * Must be divisible by 8 \ |
579 » » » » */ | 564 */ |
580 typedef struct DTLSRecvdRecordsStr { | 565 typedef struct DTLSRecvdRecordsStr { |
581 unsigned char data[DTLS_RECVD_RECORDS_WINDOW/8]; | 566 unsigned char data[DTLS_RECVD_RECORDS_WINDOW / 8]; |
582 PRUint64 left; | 567 PRUint64 left; |
583 PRUint64 right; | 568 PRUint64 right; |
584 } DTLSRecvdRecords; | 569 } DTLSRecvdRecords; |
585 | 570 |
586 /* | 571 /* |
587 ** These are the "specs" in the "ssl3" struct. | 572 ** These are the "specs" in the "ssl3" struct. |
588 ** Access to the pointers to these specs, and all the specs' contents | 573 ** Access to the pointers to these specs, and all the specs' contents |
589 ** (direct and indirect) is protected by the reader/writer lock ss->specLock. | 574 ** (direct and indirect) is protected by the reader/writer lock ss->specLock. |
590 */ | 575 */ |
591 typedef struct { | 576 typedef struct { |
592 const ssl3BulkCipherDef *cipher_def; | 577 const ssl3BulkCipherDef *cipher_def; |
593 const ssl3MACDef * mac_def; | 578 const ssl3MACDef *mac_def; |
594 SSLCompressionMethod compression_method; | 579 SSLCompressionMethod compression_method; |
595 int mac_size; | 580 int mac_size; |
596 SSLCipher encode; | 581 SSLCipher encode; |
597 SSLCipher decode; | 582 SSLCipher decode; |
598 SSLAEADCipher aead; | 583 SSLAEADCipher aead; |
599 SSLDestroy destroy; | 584 SSLDestroy destroy; |
600 void * encodeContext; | 585 void *encodeContext; |
601 void * decodeContext; | 586 void *decodeContext; |
602 SSLCompressor compressor; /* Don't name these fields compress */ | 587 SSLCompressor compressor; /* Don't name these fields compress */ |
603 SSLCompressor decompressor; /* and uncompress because zconf.h */ | 588 SSLCompressor decompressor; /* and uncompress because zconf.h */ |
604 /* may define them as macros. */ | 589 /* may define them as macros. */ |
605 SSLDestroy destroyCompressContext; | 590 SSLDestroy destroyCompressContext; |
606 void * compressContext; | 591 void *compressContext; |
607 SSLDestroy destroyDecompressContext; | 592 SSLDestroy destroyDecompressContext; |
608 void * decompressContext; | 593 void *decompressContext; |
609 PRBool bypassCiphers;» /* did double bypass (at least) */ | 594 PRBool bypassCiphers; /* did double bypass (at least) */ |
610 PK11SymKey * master_secret; | 595 PK11SymKey *master_secret; |
611 SSL3SequenceNumber write_seq_num; | 596 SSL3SequenceNumber write_seq_num; |
612 SSL3SequenceNumber read_seq_num; | 597 SSL3SequenceNumber read_seq_num; |
613 SSL3ProtocolVersion version; | 598 SSL3ProtocolVersion version; |
614 ssl3KeyMaterial client; | 599 ssl3KeyMaterial client; |
615 ssl3KeyMaterial server; | 600 ssl3KeyMaterial server; |
616 SECItem msItem; | 601 SECItem msItem; |
617 unsigned char key_block[NUM_MIXERS * MD5_LENGTH]; | 602 unsigned char key_block[NUM_MIXERS * MD5_LENGTH]; |
618 unsigned char raw_master_secret[56]; | 603 unsigned char raw_master_secret[56]; |
619 SECItem srvVirtName; /* for server: name that was negotiated | 604 SECItem srvVirtName; /* for server: name that was negotiated |
620 * with a client. For client - is | 605 * with a client. For client - is |
621 * always set to NULL.*/ | 606 * always set to NULL.*/ |
622 DTLSEpoch epoch; | 607 DTLSEpoch epoch; |
623 DTLSRecvdRecords recvdRecords; | 608 DTLSRecvdRecords recvdRecords; |
624 } ssl3CipherSpec; | 609 } ssl3CipherSpec; |
625 | 610 |
626 typedef enum {» never_cached, | 611 typedef enum { never_cached, |
627 » » in_client_cache, | 612 in_client_cache, |
628 » » in_server_cache, | 613 in_server_cache, |
629 » » invalid_cache» » /* no longer in any cache. */ | 614 invalid_cache /* no longer in any cache. */ |
630 } Cached; | 615 } Cached; |
631 | 616 |
632 #define MAX_PEER_CERT_CHAIN_SIZE 8 | 617 #define MAX_PEER_CERT_CHAIN_SIZE 8 |
633 | 618 |
634 struct sslSessionIDStr { | 619 struct sslSessionIDStr { |
635 /* The global cache lock must be held when accessing these members when the | 620 /* The global cache lock must be held when accessing these members when the |
636 * sid is in any cache. | 621 * sid is in any cache. |
637 */ | 622 */ |
638 sslSessionID * next; /* chain used for client sockets, only */ | 623 sslSessionID *next; /* chain used for client sockets, only */ |
639 Cached cached; | 624 Cached cached; |
640 int references; | 625 int references; |
641 PRUint32 lastAccessTime;» /* seconds since Jan 1, 1970 */ | 626 PRUint32 lastAccessTime; /* seconds since Jan 1, 1970 */ |
642 | 627 |
643 /* The rest of the members, except for the members of u.ssl3.locked, may | 628 /* The rest of the members, except for the members of u.ssl3.locked, may |
644 * be modified only when the sid is not in any cache. | 629 * be modified only when the sid is not in any cache. |
645 */ | 630 */ |
646 | 631 |
647 CERTCertificate * peerCert; | 632 CERTCertificate *peerCert; |
648 CERTCertificate * peerCertChain[MAX_PEER_CERT_CHAIN_SIZE]; | 633 CERTCertificate *peerCertChain[MAX_PEER_CERT_CHAIN_SIZE]; |
649 SECItemArray peerCertStatus; /* client only */ | 634 SECItemArray peerCertStatus; /* client only */ |
650 const char * peerID; /* client only */ | 635 const char *peerID; /* client only */ |
651 const char * urlSvrName; /* client only */ | 636 const char *urlSvrName; /* client only */ |
652 CERTCertificate * localCert; | 637 CERTCertificate *localCert; |
653 | 638 |
654 PRIPv6Addr addr; | 639 PRIPv6Addr addr; |
655 PRUint16 port; | 640 PRUint16 port; |
656 | 641 |
657 SSL3ProtocolVersion version; | 642 SSL3ProtocolVersion version; |
658 | 643 |
659 PRUint32 creationTime;»» /* seconds since Jan 1, 1970 */ | 644 PRUint32 creationTime; /* seconds since Jan 1, 1970 */ |
660 PRUint32 expirationTime;» /* seconds since Jan 1, 1970 */ | 645 PRUint32 expirationTime; /* seconds since Jan 1, 1970 */ |
661 | 646 |
662 SSLSignType authAlgorithm; | 647 SSLSignType authAlgorithm; |
663 PRUint32 authKeyBits; | 648 PRUint32 authKeyBits; |
664 SSLKEAType keaType; | 649 SSLKEAType keaType; |
665 PRUint32 keaKeyBits; | 650 PRUint32 keaKeyBits; |
666 | 651 |
667 union { | 652 union { |
668 » struct { | 653 struct { |
669 » /* the V2 code depends upon the size of sessionID. */ | 654 /* the V2 code depends upon the size of sessionID. */ |
670 » unsigned char sessionID[SSL2_SESSIONID_BYTES]; | 655 unsigned char sessionID[SSL2_SESSIONID_BYTES]; |
671 | 656 |
672 » /* Stuff used to recreate key and read/write cipher objects */ | 657 /* Stuff used to recreate key and read/write cipher objects */ |
673 » SECItem masterKey; /* never wrapped */ | 658 SECItem masterKey; /* never wrapped */ |
674 » int cipherType; | 659 int cipherType; |
675 » SECItem cipherArg; | 660 SECItem cipherArg; |
676 » int keyBits; | 661 int keyBits; |
677 » int secretKeyBits; | 662 int secretKeyBits; |
678 » } ssl2; | 663 } ssl2; |
679 » struct { | 664 struct { |
680 » /* values that are copied into the server's on-disk SID cache. */ | 665 /* values that are copied into the server's on-disk SID cache. */ |
681 » PRUint8 sessionIDLength; | 666 PRUint8 sessionIDLength; |
682 » SSL3Opaque sessionID[SSL3_SESSIONID_BYTES]; | 667 SSL3Opaque sessionID[SSL3_SESSIONID_BYTES]; |
683 | 668 |
684 » ssl3CipherSuite cipherSuite; | 669 ssl3CipherSuite cipherSuite; |
685 » SSLCompressionMethod compression; | 670 SSLCompressionMethod compression; |
686 » int policy; | 671 int policy; |
687 » ssl3SidKeys keys; | 672 ssl3SidKeys keys; |
688 » CK_MECHANISM_TYPE masterWrapMech; | 673 CK_MECHANISM_TYPE masterWrapMech; |
689 » » » » /* mechanism used to wrap master secret */ | 674 /* mechanism used to wrap master secret */ |
690 SSL3KEAType exchKeyType; | 675 SSL3KEAType exchKeyType; |
691 » » » » /* key type used in exchange algorithm, | 676 /* key type used in exchange algorithm, |
692 » » » » * and to wrap the sym wrapping key. */ | 677 * and to wrap the sym wrapping key. */ |
693 #ifndef NSS_DISABLE_ECC | 678 #ifndef NSS_DISABLE_ECC |
694 » PRUint32 negotiatedECCurves; | 679 PRUint32 negotiatedECCurves; |
695 #endif /* NSS_DISABLE_ECC */ | 680 #endif /* NSS_DISABLE_ECC */ |
696 | 681 |
697 » /* The following values are NOT restored from the server's on-disk | 682 /* The following values are NOT restored from the server's on-disk |
698 » * session cache, but are restored from the client's cache. | 683 * session cache, but are restored from the client's cache. |
699 » */ | 684 */ |
700 » PK11SymKey * clientWriteKey; | 685 PK11SymKey *clientWriteKey; |
701 » PK11SymKey * serverWriteKey; | 686 PK11SymKey *serverWriteKey; |
702 | 687 |
703 » /* The following values pertain to the slot that wrapped the | 688 /* The following values pertain to the slot that wrapped the |
704 » ** master secret. (used only in client) | 689 ** master secret. (used only in client) |
705 » */ | 690 */ |
706 » SECMODModuleID masterModuleID; | 691 SECMODModuleID masterModuleID; |
707 » » » » /* what module wrapped the master secret */ | 692 /* what module wrapped the master secret */ |
708 » CK_SLOT_ID masterSlotID; | 693 CK_SLOT_ID masterSlotID; |
709 » PRUint16» masterWrapIndex; | 694 PRUint16 masterWrapIndex; |
710 » » » » /* what's the key index for the wrapping key */ | 695 /* what's the key index for the wrapping key */ |
711 » PRUint16 masterWrapSeries; | 696 PRUint16 masterWrapSeries; |
712 » /* keep track of the slot series, so we don't | 697 /* keep track of the slot series, so we don't |
713 » » » » * accidently try to use new keys after the | 698 * accidently try to use new keys after the |
714 » » » » * card gets removed and replaced.*/ | 699 * card gets removed and replaced.*/ |
715 | 700 |
716 » /* The following values pertain to the slot that did the signature | 701 /* The following values pertain to the slot that did the signature |
717 » ** for client auth. (used only in client) | 702 ** for client auth. (used only in client) |
718 » */ | 703 */ |
719 » SECMODModuleID clAuthModuleID; | 704 SECMODModuleID clAuthModuleID; |
720 » CK_SLOT_ID clAuthSlotID; | 705 CK_SLOT_ID clAuthSlotID; |
721 » PRUint16 clAuthSeries; | 706 PRUint16 clAuthSeries; |
722 | 707 |
723 char masterValid; | 708 char masterValid; |
724 » char clAuthValid; | 709 char clAuthValid; |
725 | 710 |
726 » SECItem srvName; | 711 SECItem srvName; |
727 | 712 |
728 /* originalHandshakeHash contains the hash of the original, full | 713 /* originalHandshakeHash contains the hash of the original, full |
729 * handshake prior to the server's final flow. This is either a | 714 * handshake prior to the server's final flow. This is either a |
730 * SHA-1/MD5 combination (for TLS < 1.2) or the TLS PRF hash (for | 715 * SHA-1/MD5 combination (for TLS < 1.2) or the TLS PRF hash (for |
731 * TLS 1.2). This is recorded and used only when ChannelID is | 716 * TLS 1.2). This is recorded and used only when ChannelID is |
732 * negotiated as it's used to bind the ChannelID signature on the | 717 * negotiated as it's used to bind the ChannelID signature on the |
733 * resumption handshake to the original handshake. */ | 718 * resumption handshake to the original handshake. */ |
734 » SECItem originalHandshakeHash; | 719 SECItem originalHandshakeHash; |
735 | 720 |
736 » /* Signed certificate timestamps received in a TLS extension. | 721 /* Signed certificate timestamps received in a TLS extension. |
737 » ** (used only in client). | 722 ** (used only in client). |
738 » */ | 723 */ |
739 » SECItem» signedCertTimestamps; | 724 SECItem signedCertTimestamps; |
740 | 725 |
741 » /* This lock is lazily initialized by CacheSID when a sid is first | 726 /* This lock is lazily initialized by CacheSID when a sid is first |
742 » * cached. Before then, there is no need to lock anything because | 727 * cached. Before then, there is no need to lock anything because |
743 » * the sid isn't being shared by anything. | 728 * the sid isn't being shared by anything. |
744 » */ | 729 */ |
745 » NSSRWLock *lock; | 730 PRRWLock *lock; |
746 | 731 |
747 » /* The lock must be held while reading or writing these members | 732 /* The lock must be held while reading or writing these members |
748 » * because they change while the sid is cached. | 733 * because they change while the sid is cached. |
749 » */ | 734 */ |
750 » struct { | 735 struct { |
751 » » /* The session ticket, if we have one, is sent as an extension | 736 /* The session ticket, if we have one, is sent as an extension |
752 » » * in the ClientHello message. This field is used only by | 737 * in the ClientHello message. This field is used only by |
753 » » * clients. It is protected by lock when lock is non-null | 738 * clients. It is protected by lock when lock is non-null |
754 » » * (after the sid has been added to the client session cache). | 739 * (after the sid has been added to the client session cache). |
755 » » */ | 740 */ |
756 » » NewSessionTicket sessionTicket; | 741 NewSessionTicket sessionTicket; |
757 » } locked; | 742 } locked; |
758 » } ssl3; | 743 } ssl3; |
759 } u; | 744 } u; |
760 }; | 745 }; |
761 | 746 |
762 typedef struct ssl3CipherSuiteDefStr { | 747 typedef struct ssl3CipherSuiteDefStr { |
763 ssl3CipherSuite cipher_suite; | 748 ssl3CipherSuite cipher_suite; |
764 SSL3BulkCipher bulk_cipher_alg; | 749 SSL3BulkCipher bulk_cipher_alg; |
765 SSL3MACAlgorithm mac_alg; | 750 SSL3MACAlgorithm mac_alg; |
766 SSL3KeyExchangeAlgorithm key_exchange_alg; | 751 SSL3KeyExchangeAlgorithm key_exchange_alg; |
767 } ssl3CipherSuiteDef; | 752 } ssl3CipherSuiteDef; |
768 | 753 |
769 /* | 754 /* |
770 ** There are tables of these, all const. | 755 ** There are tables of these, all const. |
771 */ | 756 */ |
772 typedef struct { | 757 typedef struct { |
773 SSL3KeyExchangeAlgorithm kea; | 758 SSL3KeyExchangeAlgorithm kea; |
774 SSL3KEAType exchKeyType; | 759 SSL3KEAType exchKeyType; |
775 SSL3SignType signKeyType; | 760 SSLSignType signKeyType; |
776 /* For export cipher suites: | 761 /* For export cipher suites: |
777 * is_limited identifies a suite as having a limit on the key size. | 762 * is_limited identifies a suite as having a limit on the key size. |
778 * key_size_limit provides the corresponding limit. */ | 763 * key_size_limit provides the corresponding limit. */ |
779 PRBool is_limited; | 764 PRBool is_limited; |
780 unsigned int key_size_limit; | 765 unsigned int key_size_limit; |
781 PRBool tls_keygen; | 766 PRBool tls_keygen; |
782 /* True if the key exchange for the suite is ephemeral. Or to be more | 767 /* True if the key exchange for the suite is ephemeral. Or to be more |
783 * precise: true if the ServerKeyExchange message is always required. */ | 768 * precise: true if the ServerKeyExchange message is always required. */ |
784 PRBool ephemeral; | 769 PRBool ephemeral; |
| 770 /* An OID describing the key exchange */ |
| 771 SECOidTag oid; |
785 } ssl3KEADef; | 772 } ssl3KEADef; |
786 | 773 |
787 /* | 774 /* |
788 ** There are tables of these, all const. | 775 ** There are tables of these, all const. |
789 */ | 776 */ |
790 struct ssl3BulkCipherDefStr { | 777 struct ssl3BulkCipherDefStr { |
791 SSL3BulkCipher cipher; | 778 SSL3BulkCipher cipher; |
792 SSLCipherAlgorithm calg; | 779 SSLCipherAlgorithm calg; |
793 int key_size; | 780 int key_size; |
794 int secret_key_size; | 781 int secret_key_size; |
795 CipherType type; | 782 CipherType type; |
796 int iv_size; | 783 int iv_size; |
797 int block_size; | 784 int block_size; |
798 int tag_size; /* authentication tag size for AEAD ciphers. */ | 785 int tag_size; /* authentication tag size for AEAD ciphers. */ |
799 int explicit_nonce_size; /* for AEAD ciphers. */ | 786 int explicit_nonce_size; /* for AEAD ciphers. */ |
| 787 SECOidTag oid; |
800 }; | 788 }; |
801 | 789 |
802 /* | 790 /* |
803 ** There are tables of these, all const. | 791 ** There are tables of these, all const. |
804 */ | 792 */ |
805 struct ssl3MACDefStr { | 793 struct ssl3MACDefStr { |
806 SSL3MACAlgorithm mac; | 794 SSL3MACAlgorithm mac; |
807 CK_MECHANISM_TYPE mmech; | 795 CK_MECHANISM_TYPE mmech; |
808 int pad_size; | 796 int pad_size; |
809 int mac_size; | 797 int mac_size; |
| 798 SECOidTag oid; |
810 }; | 799 }; |
811 | 800 |
812 typedef enum { | 801 typedef enum { |
813 wait_client_hello, | 802 wait_client_hello, |
814 wait_client_cert, | 803 wait_client_cert, |
815 wait_client_key, | 804 wait_client_key, |
816 wait_cert_verify, | 805 wait_cert_verify, |
817 wait_change_cipher, | 806 wait_change_cipher, |
818 wait_finished, | 807 wait_finished, |
819 wait_server_hello, | 808 wait_server_hello, |
820 wait_certificate_status, | 809 wait_certificate_status, |
821 wait_server_cert, | 810 wait_server_cert, |
822 wait_server_key, | 811 wait_server_key, |
823 wait_cert_request, | 812 wait_cert_request, |
824 wait_hello_done, | 813 wait_hello_done, |
825 wait_new_session_ticket, | 814 wait_new_session_ticket, |
826 idle_handshake | 815 wait_encrypted_extensions, |
| 816 idle_handshake, |
| 817 wait_invalid /* Invalid value. There is no handshake message "invalid". */ |
827 } SSL3WaitState; | 818 } SSL3WaitState; |
828 | 819 |
829 /* | 820 /* |
830 * TLS extension related constants and data structures. | 821 * TLS extension related constants and data structures. |
831 */ | 822 */ |
832 typedef struct TLSExtensionDataStr TLSExtensionData; | 823 typedef struct TLSExtensionDataStr TLSExtensionData; |
833 typedef struct SessionTicketDataStr SessionTicketData; | 824 typedef struct SessionTicketDataStr SessionTicketData; |
834 | 825 |
835 struct TLSExtensionDataStr { | 826 struct TLSExtensionDataStr { |
836 /* registered callbacks that send server hello extensions */ | 827 /* registered callbacks that send server hello extensions */ |
837 ssl3HelloExtensionSender serverSenders[SSL_MAX_EXTENSIONS]; | 828 ssl3HelloExtensionSender serverHelloSenders[SSL_MAX_EXTENSIONS]; |
| 829 ssl3HelloExtensionSender encryptedExtensionsSenders[SSL_MAX_EXTENSIONS]; |
| 830 |
838 /* Keep track of the extensions that are negotiated. */ | 831 /* Keep track of the extensions that are negotiated. */ |
839 PRUint16 numAdvertised; | 832 PRUint16 numAdvertised; |
840 PRUint16 numNegotiated; | 833 PRUint16 numNegotiated; |
841 PRUint16 advertised[SSL_MAX_EXTENSIONS]; | 834 PRUint16 advertised[SSL_MAX_EXTENSIONS]; |
842 PRUint16 negotiated[SSL_MAX_EXTENSIONS]; | 835 PRUint16 negotiated[SSL_MAX_EXTENSIONS]; |
843 | 836 |
844 /* SessionTicket Extension related data. */ | 837 /* SessionTicket Extension related data. */ |
845 PRBool ticketTimestampVerified; | 838 PRBool ticketTimestampVerified; |
846 PRBool emptySessionTicket; | 839 PRBool emptySessionTicket; |
847 PRBool sentSessionTicketInClientHello; | 840 PRBool sentSessionTicketInClientHello; |
(...skipping 24 matching lines...) Expand all Loading... |
872 ** A DTLS queued message (potentially to be retransmitted) | 865 ** A DTLS queued message (potentially to be retransmitted) |
873 */ | 866 */ |
874 typedef struct DTLSQueuedMessageStr { | 867 typedef struct DTLSQueuedMessageStr { |
875 PRCList link; /* The linked list link */ | 868 PRCList link; /* The linked list link */ |
876 DTLSEpoch epoch; /* The epoch to use */ | 869 DTLSEpoch epoch; /* The epoch to use */ |
877 SSL3ContentType type; /* The message type */ | 870 SSL3ContentType type; /* The message type */ |
878 unsigned char *data; /* The data */ | 871 unsigned char *data; /* The data */ |
879 PRUint16 len; /* The data length */ | 872 PRUint16 len; /* The data length */ |
880 } DTLSQueuedMessage; | 873 } DTLSQueuedMessage; |
881 | 874 |
| 875 typedef struct TLS13KeyShareEntryStr { |
| 876 PRCList link; /* The linked list link */ |
| 877 PRUint16 group; /* The group for the entry */ |
| 878 SECItem key_exchange; /* The share itself */ |
| 879 } TLS13KeyShareEntry; |
| 880 |
882 typedef enum { | 881 typedef enum { |
883 handshake_hash_unknown = 0, | 882 handshake_hash_unknown = 0, |
884 handshake_hash_combo = 1, /* The MD5/SHA-1 combination */ | 883 handshake_hash_combo = 1, /* The MD5/SHA-1 combination */ |
885 handshake_hash_single = 2 /* A single hash */ | 884 handshake_hash_single = 2 /* A single hash */ |
886 } SSL3HandshakeHashType; | 885 } SSL3HandshakeHashType; |
887 | 886 |
888 /* | 887 /* |
889 ** This is the "hs" member of the "ssl3" struct. | 888 ** This is the "hs" member of the "ssl3" struct. |
890 ** This entire struct is protected by ssl3HandshakeLock | 889 ** This entire struct is protected by ssl3HandshakeLock |
891 */ | 890 */ |
892 typedef struct SSL3HandshakeStateStr { | 891 typedef struct SSL3HandshakeStateStr { |
893 SSL3Random server_random; | 892 SSL3Random server_random; |
894 SSL3Random client_random; | 893 SSL3Random client_random; |
895 SSL3WaitState ws; | 894 SSL3WaitState ws; /* May also contain SSL3WaitState | 0x80 for TLS 1.3 */ |
896 | 895 |
897 /* This group of members is used for handshake running hashes. */ | 896 /* This group of members is used for handshake running hashes. */ |
898 SSL3HandshakeHashType hashType; | 897 SSL3HandshakeHashType hashType; |
899 sslBuffer messages; /* Accumulated handshake messages */ | 898 sslBuffer messages; /* Accumulated handshake messages */ |
900 #ifndef NO_PKCS11_BYPASS | 899 #ifndef NO_PKCS11_BYPASS |
901 /* Bypass mode: | 900 /* Bypass mode: |
902 * SSL 3.0 - TLS 1.1 use both |md5_cx| and |sha_cx|. |md5_cx| is used for | 901 * SSL 3.0 - TLS 1.1 use both |md5_cx| and |sha_cx|. |md5_cx| is used for |
903 * MD5 and |sha_cx| for SHA-1. | 902 * MD5 and |sha_cx| for SHA-1. |
904 * TLS 1.2 and later use only |sha_cx|, for SHA-256. NOTE: When we support | 903 * TLS 1.2 and later use only |sha_cx|, for SHA-256. NOTE: When we support |
905 * SHA-384, increase MAX_MAC_CONTEXT_BYTES to 712. */ | 904 * SHA-384, increase MAX_MAC_CONTEXT_BYTES to 712. */ |
906 PRUint64 md5_cx[MAX_MAC_CONTEXT_LLONGS]; | 905 PRUint64 md5_cx[MAX_MAC_CONTEXT_LLONGS]; |
907 PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS]; | 906 PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS]; |
908 const SECHashObject * sha_obj; | 907 const SECHashObject *sha_obj; |
909 /* The function prototype of sha_obj->clone() does not match the prototype | 908 /* The function prototype of sha_obj->clone() does not match the prototype |
910 * of the freebl <HASH>_Clone functions, so we need a dedicated function | 909 * of the freebl <HASH>_Clone functions, so we need a dedicated function |
911 * pointer for the <HASH>_Clone function. */ | 910 * pointer for the <HASH>_Clone function. */ |
912 void (*sha_clone)(void *dest, void *src); | 911 void (*sha_clone)(void *dest, void *src); |
913 #endif | 912 #endif |
914 /* PKCS #11 mode: | 913 /* PKCS #11 mode: |
915 * SSL 3.0 - TLS 1.1 use both |md5| and |sha|. |md5| is used for MD5 and | 914 * SSL 3.0 - TLS 1.1 use both |md5| and |sha|. |md5| is used for MD5 and |
916 * |sha| for SHA-1. | 915 * |sha| for SHA-1. |
917 * TLS 1.2 and later use only |sha|, for SHA-256. */ | 916 * TLS 1.2 and later use only |sha|, for SHA-256. */ |
918 /* NOTE: On the client side, TLS 1.2 and later use |md5| as a backup | 917 /* NOTE: On the client side, TLS 1.2 and later use |md5| as a backup |
919 * handshake hash for generating client auth signatures. Confusingly, the | 918 * handshake hash for generating client auth signatures. Confusingly, the |
920 * backup hash function is SHA-1. */ | 919 * backup hash function is SHA-1. */ |
921 #define backupHash md5 | 920 #define backupHash md5 |
922 PK11Context * md5; | 921 PK11Context *md5; |
923 PK11Context * sha; | 922 PK11Context *sha; |
924 | 923 |
925 const ssl3KEADef * kea_def; | 924 const ssl3KEADef *kea_def; |
926 ssl3CipherSuite cipher_suite; | 925 ssl3CipherSuite cipher_suite; |
927 const ssl3CipherSuiteDef *suite_def; | 926 const ssl3CipherSuiteDef *suite_def; |
928 SSLCompressionMethod compression; | 927 SSLCompressionMethod compression; |
929 sslBuffer msg_body; /* protected by recvBufLock */ | 928 sslBuffer msg_body; /* protected by recvBufLock */ |
930 /* partial handshake message from record layer */ | 929 /* partial handshake message from record layer */ |
931 unsigned int header_bytes; | 930 unsigned int header_bytes; |
932 /* number of bytes consumed from handshake */ | 931 /* number of bytes consumed from handshake */ |
933 /* message for message type and header length */ | 932 /* message for message type and header length */ |
934 SSL3HandshakeType msg_type; | 933 SSL3HandshakeType msg_type; |
935 unsigned long msg_len; | 934 unsigned long msg_len; |
936 SECItem ca_list; /* used only by client */ | 935 SECItem ca_list; /* used only by client */ |
937 PRBool isResuming; /* are we resuming a session */ | 936 PRBool isResuming; /* are we resuming a session */ |
938 PRBool usedStepDownKey; /* we did a server key exchange. */ | 937 PRBool usedStepDownKey; /* we did a server key exchange. */ |
939 PRBool sendingSCSV; /* instead of empty RI */ | 938 PRBool sendingSCSV; /* instead of empty RI */ |
940 sslBuffer msgState; /* current state for handshake messages*/ | 939 sslBuffer msgState; /* current state for handshake messages*/ |
941 /* protected by recvBufLock */ | 940 /* protected by recvBufLock */ |
942 | 941 |
943 /* The session ticket received in a NewSessionTicket message is temporarily | 942 /* The session ticket received in a NewSessionTicket message is temporarily |
944 * stored in newSessionTicket until the handshake is finished; then it is | 943 * stored in newSessionTicket until the handshake is finished; then it is |
945 * moved to the sid. | 944 * moved to the sid. |
946 */ | 945 */ |
947 PRBool receivedNewSessionTicket; | 946 PRBool receivedNewSessionTicket; |
948 NewSessionTicket newSessionTicket; | 947 NewSessionTicket newSessionTicket; |
949 | 948 |
950 PRUint16 finishedBytes; /* size of single finished below */ | 949 PRUint16 finishedBytes; /* size of single finished below */ |
951 union { | 950 union { |
952 » TLSFinished tFinished[2]; /* client, then server */ | 951 TLSFinished tFinished[2]; /* client, then server */ |
953 » SSL3Finished sFinished[2]; | 952 SSL3Finished sFinished[2]; |
954 » SSL3Opaque data[72]; | 953 SSL3Opaque data[72]; |
955 } finishedMsgs; | 954 } finishedMsgs; |
956 #ifndef NSS_DISABLE_ECC | 955 #ifndef NSS_DISABLE_ECC |
957 PRUint32 negotiatedECCurves; /* bit mask */ | 956 PRUint32 negotiatedECCurves; /* bit mask */ |
958 #endif /* NSS_DISABLE_ECC */ | 957 #endif /* NSS_DISABLE_ECC */ |
959 | 958 |
960 PRBool authCertificatePending; | 959 PRBool authCertificatePending; |
961 /* Which function should SSL_RestartHandshake* call if we're blocked? | 960 /* Which function should SSL_RestartHandshake* call if we're blocked? |
962 * One of NULL, ssl3_SendClientSecondRound, ssl3_FinishHandshake, | 961 * One of NULL, ssl3_SendClientSecondRound, ssl3_FinishHandshake, |
963 * or ssl3_AlwaysFail */ | 962 * or ssl3_AlwaysFail */ |
964 sslRestartTarget restartTarget; | 963 sslRestartTarget restartTarget; |
965 /* Shared state between ssl3_HandleFinished and ssl3_FinishHandshake */ | 964 /* Shared state between ssl3_HandleFinished and ssl3_FinishHandshake */ |
966 PRBool cacheSID; | 965 PRBool cacheSID; |
967 | 966 |
968 PRBool canFalseStart; /* Can/did we False Start */ | 967 PRBool canFalseStart; /* Can/did we False Start */ |
969 /* Which preliminaryinfo values have been set. */ | 968 /* Which preliminaryinfo values have been set. */ |
970 PRUint32 preliminaryInfo; | 969 PRUint32 preliminaryInfo; |
971 | 970 |
972 /* clientSigAndHash contains the contents of the signature_algorithms | 971 /* clientSigAndHash contains the contents of the signature_algorithms |
973 * extension (if any) from the client. This is only valid for TLS 1.2 | 972 * extension (if any) from the client. This is only valid for TLS 1.2 |
974 * or later. */ | 973 * or later. */ |
975 SSLSignatureAndHashAlg *clientSigAndHash; | 974 SSLSignatureAndHashAlg *clientSigAndHash; |
976 unsigned int numClientSigAndHash; | 975 unsigned int numClientSigAndHash; |
977 | 976 |
978 /* This group of values is used for DTLS */ | 977 /* This group of values is used for DTLS */ |
979 PRUint16 sendMessageSeq; /* The sending message sequence | 978 PRUint16 sendMessageSeq; /* The sending message sequence |
980 » » » » » * number */ | 979 * number */ |
981 PRCList lastMessageFlight; /* The last message flight we | 980 PRCList lastMessageFlight; /* The last message flight we |
982 » » » » » * sent */ | 981 * sent */ |
983 PRUint16 maxMessageSent; /* The largest message we sent */ | 982 PRUint16 maxMessageSent; /* The largest message we sent */ |
984 PRUint16 recvMessageSeq; /* The receiving message sequence | 983 PRUint16 recvMessageSeq; /* The receiving message sequence |
985 » » » » » * number */ | 984 * number */ |
986 sslBuffer recvdFragments; /* The fragments we have received in | 985 sslBuffer recvdFragments; /* The fragments we have received in |
987 » » » » » * a bitmask */ | 986 * a bitmask */ |
988 PRInt32 recvdHighWater; /* The high water mark for fragments | 987 PRInt32 recvdHighWater; /* The high water mark for fragments |
989 » » » » » * received. -1 means no reassembly | 988 * received. -1 means no reassembly |
990 » » » » » * in progress. */ | 989 * in progress. */ |
991 unsigned char cookie[32]; /* The cookie */ | 990 unsigned char cookie[32]; /* The cookie */ |
992 unsigned char cookieLen; /* The length of the cookie */ | 991 unsigned char cookieLen; /* The length of the cookie */ |
993 PRIntervalTime rtTimerStarted; /* When the timer was started */ | 992 PRIntervalTime rtTimerStarted; /* When the timer was started */ |
994 DTLSTimerCb rtTimerCb; /* The function to call on expiry */ | 993 DTLSTimerCb rtTimerCb; /* The function to call on expiry */ |
995 PRUint32 rtTimeoutMs; /* The length of the current timeout | 994 PRUint32 rtTimeoutMs; /* The length of the current timeout |
996 » » » » » * used for backoff (in ms) */ | 995 * used for backoff (in ms) */ |
997 PRUint32 rtRetries; /* The retry counter */ | 996 PRUint32 rtRetries; /* The retry counter */ |
| 997 |
| 998 /* This group of values is used for TLS 1.3 and above */ |
| 999 PRCList remoteKeyShares; /* The other side's public keys */ |
| 1000 PK11SymKey *xSS; /* Extracted static secret */ |
| 1001 PK11SymKey *xES; /* Extracted ephemeral secret */ |
| 1002 PK11SymKey *trafficSecret; /* The source key to use to generate |
| 1003 * traffic keys */ |
| 1004 PK11SymKey *clientFinishedSecret; /* Used for client Finished */ |
| 1005 PK11SymKey *serverFinishedSecret; /* Used for server Finished */ |
| 1006 unsigned char certReqContext[255]; /* Ties CertificateRequest |
| 1007 * to Certificate */ |
| 1008 PRUint8 certReqContextLen; /* Length of the context |
| 1009 * cannot be greater than 255. */ |
998 } SSL3HandshakeState; | 1010 } SSL3HandshakeState; |
999 | 1011 |
1000 | |
1001 | |
1002 /* | 1012 /* |
1003 ** This is the "ssl3" struct, as in "ss->ssl3". | 1013 ** This is the "ssl3" struct, as in "ss->ssl3". |
1004 ** note: | 1014 ** note: |
1005 ** usually, crSpec == cwSpec and prSpec == pwSpec. | 1015 ** usually, crSpec == cwSpec and prSpec == pwSpec. |
1006 ** Sometimes, crSpec == pwSpec and prSpec == cwSpec. | 1016 ** Sometimes, crSpec == pwSpec and prSpec == cwSpec. |
1007 ** But there are never more than 2 actual specs. | 1017 ** But there are never more than 2 actual specs. |
1008 ** No spec must ever be modified if either "current" pointer points to it. | 1018 ** No spec must ever be modified if either "current" pointer points to it. |
1009 */ | 1019 */ |
1010 struct ssl3StateStr { | 1020 struct ssl3StateStr { |
1011 | 1021 |
1012 /* | 1022 /* |
1013 ** The following Specs and Spec pointers must be protected using the | 1023 ** The following Specs and Spec pointers must be protected using the |
1014 ** Spec Lock. | 1024 ** Spec Lock. |
1015 */ | 1025 */ |
1016 ssl3CipherSpec * crSpec; » /* current read spec. */ | 1026 ssl3CipherSpec *crSpec; /* current read spec. */ |
1017 ssl3CipherSpec * prSpec; » /* pending read spec. */ | 1027 ssl3CipherSpec *prSpec; /* pending read spec. */ |
1018 ssl3CipherSpec * cwSpec; » /* current write spec. */ | 1028 ssl3CipherSpec *cwSpec; /* current write spec. */ |
1019 ssl3CipherSpec * pwSpec; » /* pending write spec. */ | 1029 ssl3CipherSpec *pwSpec; /* pending write spec. */ |
1020 | 1030 |
1021 CERTCertificate * clientCertificate; /* used by client */ | 1031 CERTCertificate *clientCertificate; /* used by client */ |
1022 SECKEYPrivateKey * clientPrivateKey; /* used by client */ | 1032 SECKEYPrivateKey *clientPrivateKey; /* used by client */ |
1023 /* platformClientKey is present even when NSS_PLATFORM_CLIENT_AUTH is not | 1033 CERTCertificateList *clientCertChain; /* used by client */ |
1024 * defined in order to allow cleaner conditional code. | 1034 PRBool sendEmptyCert; /* used by client */ |
1025 * At most one of clientPrivateKey and platformClientKey may be set. */ | |
1026 PlatformKey platformClientKey; /* used by client */ | |
1027 CERTCertificateList *clientCertChain; /* used by client */ | |
1028 PRBool sendEmptyCert; /* used by client */ | |
1029 | 1035 |
1030 SECKEYPrivateKey *channelID; /* used by client */ | 1036 SECKEYPrivateKey *channelID; /* used by client */ |
1031 SECKEYPublicKey *channelIDPub; /* used by client */ | 1037 SECKEYPublicKey *channelIDPub; /* used by client */ |
1032 | 1038 |
1033 int policy; | 1039 int policy; |
1034 » » » /* This says what cipher suites we can do, and should | 1040 /* This says what cipher suites we can do, and should |
1035 » » » * be either SSL_ALLOWED or SSL_RESTRICTED | 1041 * be either SSL_ALLOWED or SSL_RESTRICTED |
1036 » » » */ | 1042 */ |
1037 PLArenaPool * peerCertArena; | 1043 PLArenaPool *peerCertArena; |
1038 » » » /* These are used to keep track of the peer CA */ | 1044 /* These are used to keep track of the peer CA */ |
1039 void * peerCertChain; | 1045 void *peerCertChain; |
1040 » » » /* chain while we are trying to validate it. */ | 1046 /* chain while we are trying to validate it. */ |
1041 CERTDistNames * ca_list; | 1047 CERTDistNames *ca_list; |
1042 » » » /* used by server. trusted CAs for this socket. */ | 1048 /* used by server. trusted CAs for this socket. */ |
1043 PRBool initialized; | 1049 PRBool initialized; |
1044 SSL3HandshakeState hs; | 1050 SSL3HandshakeState hs; |
1045 ssl3CipherSpec specs[2];» /* one is current, one is pending. */ | 1051 ssl3CipherSpec specs[2]; /* one is current, one is pending. */ |
1046 | 1052 |
1047 /* In a client: if the server supports Next Protocol Negotiation, then | 1053 /* In a client: if the server supports Next Protocol Negotiation, then |
1048 * this is the protocol that was negotiated. | 1054 * this is the protocol that was negotiated. |
1049 */ | 1055 */ |
1050 SECItem» » nextProto; | 1056 SECItem nextProto; |
1051 SSLNextProtoState nextProtoState; | 1057 SSLNextProtoState nextProtoState; |
1052 | 1058 |
1053 PRUint16 mtu; /* Our estimate of the MTU */ | 1059 PRUint16 mtu; /* Our estimate of the MTU */ |
1054 | 1060 |
1055 /* DTLS-SRTP cipher suite preferences (if any) */ | 1061 /* DTLS-SRTP cipher suite preferences (if any) */ |
1056 PRUint16 dtlsSRTPCiphers[MAX_DTLS_SRTP_CIPHER_SUITES]; | 1062 PRUint16 dtlsSRTPCiphers[MAX_DTLS_SRTP_CIPHER_SUITES]; |
1057 PRUint16 dtlsSRTPCipherCount; | 1063 PRUint16 dtlsSRTPCipherCount; |
1058 PRUint16 dtlsSRTPCipherSuite;» /* 0 if not selected */ | 1064 PRUint16 dtlsSRTPCipherSuite; /* 0 if not selected */ |
1059 PRBool fatalAlertSent; | 1065 PRBool fatalAlertSent; |
1060 PRUint16 numDHEGroups; /* used by server */ | 1066 PRUint16 numDHEGroups; /* used by server */ |
1061 SSLDHEGroupType * dheGroups; /* used by server */ | 1067 SSLDHEGroupType *dheGroups; /* used by server */ |
1062 PRBool dheWeakGroupEnabled; /* used by server */ | 1068 PRBool dheWeakGroupEnabled; /* used by server */ |
1063 | 1069 |
1064 /* TLS 1.2 introduces separate signature algorithm negotiation. | 1070 /* TLS 1.2 introduces separate signature algorithm negotiation. |
1065 * This is our preference order. */ | 1071 * This is our preference order. */ |
1066 SSLSignatureAndHashAlg signatureAlgorithms[MAX_SIGNATURE_ALGORITHMS]; | 1072 SSLSignatureAndHashAlg signatureAlgorithms[MAX_SIGNATURE_ALGORITHMS]; |
1067 unsigned int signatureAlgorithmCount; | 1073 unsigned int signatureAlgorithmCount; |
| 1074 |
| 1075 /* The version to check if we fell back from our highest version |
| 1076 * of TLS. Default is 0 in which case we check against the maximum |
| 1077 * configured version for this socket. Used only on the client. */ |
| 1078 SSL3ProtocolVersion downgradeCheckVersion; |
1068 }; | 1079 }; |
1069 | 1080 |
1070 #define DTLS_MAX_MTU 1500U /* Ethernet MTU but without subtracting the | 1081 /* Ethernet MTU but without subtracting the headers, |
1071 » » » » * headers, so slightly larger than expected */ | 1082 * so slightly larger than expected */ |
| 1083 #define DTLS_MAX_MTU 1500U |
1072 #define IS_DTLS(ss) (ss->protocolVariant == ssl_variant_datagram) | 1084 #define IS_DTLS(ss) (ss->protocolVariant == ssl_variant_datagram) |
1073 | 1085 |
1074 typedef struct { | 1086 typedef struct { |
1075 SSL3ContentType type; | 1087 SSL3ContentType type; |
1076 SSL3ProtocolVersion version; | 1088 SSL3ProtocolVersion version; |
1077 SSL3SequenceNumber seq_num; /* DTLS only */ | 1089 SSL3SequenceNumber seq_num; /* DTLS only */ |
1078 sslBuffer * buf; | 1090 sslBuffer *buf; |
1079 } SSL3Ciphertext; | 1091 } SSL3Ciphertext; |
1080 | 1092 |
1081 struct ssl3KeyPairStr { | 1093 struct ssl3KeyPairStr { |
1082 SECKEYPrivateKey * privKey; | 1094 SECKEYPrivateKey *privKey; |
1083 SECKEYPublicKey * pubKey; | 1095 SECKEYPublicKey *pubKey; |
1084 PRInt32 refCount;» /* use PR_Atomic calls for this. */ | 1096 PRInt32 refCount; /* use PR_Atomic calls for this. */ |
1085 }; | 1097 }; |
1086 | 1098 |
1087 struct ssl3DHParamsStr { | 1099 struct ssl3DHParamsStr { |
1088 SECItem prime; /* p */ | 1100 SECItem prime; /* p */ |
1089 SECItem base; /* g */ | 1101 SECItem base; /* g */ |
1090 }; | 1102 }; |
1091 | 1103 |
1092 typedef struct SSLWrappedSymWrappingKeyStr { | 1104 typedef struct SSLWrappedSymWrappingKeyStr { |
1093 SSL3Opaque wrappedSymmetricWrappingkey[512]; | 1105 SSL3Opaque wrappedSymmetricWrappingkey[512]; |
1094 CK_MECHANISM_TYPE symWrapMechanism; | 1106 CK_MECHANISM_TYPE symWrapMechanism; |
1095 » » /* unwrapped symmetric wrapping key uses this mechanism */ | 1107 /* unwrapped symmetric wrapping key uses this mechanism */ |
1096 CK_MECHANISM_TYPE asymWrapMechanism; | 1108 CK_MECHANISM_TYPE asymWrapMechanism; |
1097 » » /* mechanism used to wrap the SymmetricWrappingKey using | 1109 /* mechanism used to wrap the SymmetricWrappingKey using |
1098 » » * server's public and/or private keys. */ | 1110 * server's public and/or private keys. */ |
1099 SSL3KEAType exchKeyType; /* type of keys used to wrap SymWrapKey*/ | 1111 SSL3KEAType exchKeyType; /* type of keys used to wrap SymWrapKey*/ |
1100 PRInt32 symWrapMechIndex; | 1112 PRInt32 symWrapMechIndex; |
1101 PRUint16 wrappedSymKeyLen; | 1113 PRUint16 wrappedSymKeyLen; |
1102 } SSLWrappedSymWrappingKey; | 1114 } SSLWrappedSymWrappingKey; |
1103 | 1115 |
1104 typedef struct SessionTicketStr { | 1116 typedef struct SessionTicketStr { |
1105 PRUint16 ticket_version; | 1117 PRUint16 ticket_version; |
1106 SSL3ProtocolVersion ssl_version; | 1118 SSL3ProtocolVersion ssl_version; |
1107 ssl3CipherSuite cipher_suite; | 1119 ssl3CipherSuite cipher_suite; |
1108 SSLCompressionMethod compression_method; | 1120 SSLCompressionMethod compression_method; |
1109 SSLSignType authAlgorithm; | 1121 SSLSignType authAlgorithm; |
1110 PRUint32 authKeyBits; | 1122 PRUint32 authKeyBits; |
1111 SSLKEAType keaType; | 1123 SSLKEAType keaType; |
1112 PRUint32 keaKeyBits; | 1124 PRUint32 keaKeyBits; |
1113 /* | 1125 /* |
1114 * exchKeyType and msWrapMech contain meaningful values only if | 1126 * exchKeyType and msWrapMech contain meaningful values only if |
1115 * ms_is_wrapped is true. | 1127 * ms_is_wrapped is true. |
1116 */ | 1128 */ |
1117 PRUint8 ms_is_wrapped; | 1129 PRUint8 ms_is_wrapped; |
1118 SSLKEAType exchKeyType; /* XXX(wtc): same as keaType above? */ | 1130 SSLKEAType exchKeyType; /* XXX(wtc): same as keaType above? */ |
1119 CK_MECHANISM_TYPE msWrapMech; | 1131 CK_MECHANISM_TYPE msWrapMech; |
1120 PRUint16 ms_length; | 1132 PRUint16 ms_length; |
1121 SSL3Opaque master_secret[48]; | 1133 SSL3Opaque master_secret[48]; |
1122 PRBool extendedMasterSecretUsed; | 1134 PRBool extendedMasterSecretUsed; |
1123 ClientIdentity client_identity; | 1135 ClientIdentity client_identity; |
1124 SECItem peer_cert; | 1136 SECItem peer_cert; |
1125 PRUint32 timestamp; | 1137 PRUint32 timestamp; |
1126 SECItem srvName; /* negotiated server name */ | 1138 SECItem srvName; /* negotiated server name */ |
1127 } SessionTicket; | 1139 } SessionTicket; |
1128 | 1140 |
1129 /* | 1141 /* |
1130 * SSL2 buffers used in SSL3. | 1142 * SSL2 buffers used in SSL3. |
1131 * writeBuf in the SecurityInfo maintained by sslsecur.c is used | 1143 * writeBuf in the SecurityInfo maintained by sslsecur.c is used |
1132 * to hold the data just about to be passed to the kernel | 1144 * to hold the data just about to be passed to the kernel |
1133 * sendBuf in the ConnectInfo maintained by sslcon.c is used | 1145 * sendBuf in the ConnectInfo maintained by sslcon.c is used |
1134 * to hold handshake messages as they are accumulated | 1146 * to hold handshake messages as they are accumulated |
1135 */ | 1147 */ |
1136 | 1148 |
1137 /* | 1149 /* |
1138 ** This is "ci", as in "ss->sec.ci". | 1150 ** This is "ci", as in "ss->sec.ci". |
1139 ** | 1151 ** |
1140 ** Protection: All the variables in here are protected by | 1152 ** Protection: All the variables in here are protected by |
1141 ** firstHandshakeLock AND (in ssl3) ssl3HandshakeLock | 1153 ** firstHandshakeLock AND (in ssl3) ssl3HandshakeLock |
1142 */ | 1154 */ |
1143 struct sslConnectInfoStr { | 1155 struct sslConnectInfoStr { |
1144 /* outgoing handshakes appended to this. */ | 1156 /* outgoing handshakes appended to this. */ |
1145 sslBuffer sendBuf;» /*xmitBufLock*/ /* ssl 2 & 3 */ | 1157 sslBuffer sendBuf; /*xmitBufLock*/ /* ssl 2 & 3 */ |
1146 | 1158 |
1147 PRIPv6Addr peer; /* ssl 2 & 3 */ | 1159 PRIPv6Addr peer; /* ssl 2 & 3 */ |
1148 unsigned short port; /* ssl 2 & 3 */ | 1160 unsigned short port; /* ssl 2 & 3 */ |
1149 | 1161 |
1150 sslSessionID *sid; /* ssl 2 & 3 */ | 1162 sslSessionID *sid; /* ssl 2 & 3 */ |
1151 | 1163 |
1152 /* see CIS_HAVE defines below for the bit values in *elements. */ | 1164 /* see CIS_HAVE defines below for the bit values in *elements. */ |
1153 char elements;» » » » » /* ssl2 only */ | 1165 char elements; /* ssl2 only */ |
1154 char requiredElements;» » » » /* ssl2 only */ | 1166 char requiredElements; /* ssl2 only */ |
1155 char sentElements; /* ssl2 only */ | 1167 char sentElements; /* ssl2 only */ |
1156 | 1168 |
1157 char sentFinished; /* ssl2 only */ | 1169 char sentFinished; /* ssl2 only */ |
1158 | 1170 |
1159 /* Length of server challenge. Used by client when saving challenge */ | 1171 /* Length of server challenge. Used by client when saving challenge */ |
1160 int serverChallengeLen; /* ssl2 only */ | 1172 int serverChallengeLen; /* ssl2 only */ |
1161 /* type of authentication requested by server */ | 1173 /* type of authentication requested by server */ |
1162 unsigned char authType; /* ssl2 only */ | 1174 unsigned char authType; /* ssl2 only */ |
1163 | 1175 |
1164 /* Challenge sent by client to server in client-hello message */ | 1176 /* Challenge sent by client to server in client-hello message */ |
1165 /* SSL3 gets a copy of this. See ssl3_StartHandshakeHash(). */ | 1177 /* SSL3 gets a copy of this. See ssl3_StartHandshakeHash(). */ |
1166 unsigned char clientChallenge[SSL_MAX_CHALLENGE_BYTES]; /* ssl 2 & 3 */ | 1178 unsigned char clientChallenge[SSL_MAX_CHALLENGE_BYTES]; /* ssl 2 & 3 */ |
1167 | 1179 |
1168 /* Connection-id sent by server to client in server-hello message */ | 1180 /* Connection-id sent by server to client in server-hello message */ |
1169 unsigned char connectionID[SSL_CONNECTIONID_BYTES];» /* ssl2 only */ | 1181 unsigned char connectionID[SSL_CONNECTIONID_BYTES]; /* ssl2 only */ |
1170 | 1182 |
1171 /* Challenge sent by server to client in request-certificate message */ | 1183 /* Challenge sent by server to client in request-certificate message */ |
1172 unsigned char serverChallenge[SSL_MAX_CHALLENGE_BYTES];» /* ssl2 only */ | 1184 unsigned char serverChallenge[SSL_MAX_CHALLENGE_BYTES]; /* ssl2 only */ |
1173 | 1185 |
1174 /* Information kept to handle a request-certificate message */ | 1186 /* Information kept to handle a request-certificate message */ |
1175 unsigned char readKey[SSL_MAX_MASTER_KEY_BYTES];» » /* ssl2 only */ | 1187 unsigned char readKey[SSL_MAX_MASTER_KEY_BYTES]; /* ssl2 only */ |
1176 unsigned char writeKey[SSL_MAX_MASTER_KEY_BYTES];»» /* ssl2 only */ | 1188 unsigned char writeKey[SSL_MAX_MASTER_KEY_BYTES]; /* ssl2 only */ |
1177 unsigned keySize;» » » » » /* ssl2 only */ | 1189 unsigned keySize; /* ssl2 only */ |
1178 }; | 1190 }; |
1179 | 1191 |
1180 /* bit values for ci->elements, ci->requiredElements, sentElements. */ | 1192 /* bit values for ci->elements, ci->requiredElements, sentElements. */ |
1181 #define CIS_HAVE_MASTER_KEY» » 0x01 | 1193 #define CIS_HAVE_MASTER_KEY 0x01 |
1182 #define CIS_HAVE_CERTIFICATE» » 0x02 | 1194 #define CIS_HAVE_CERTIFICATE 0x02 |
1183 #define CIS_HAVE_FINISHED» » 0x04 | 1195 #define CIS_HAVE_FINISHED 0x04 |
1184 #define CIS_HAVE_VERIFY»» » 0x08 | 1196 #define CIS_HAVE_VERIFY 0x08 |
1185 | 1197 |
1186 /* Note: The entire content of this struct and whatever it points to gets | 1198 /* Note: The entire content of this struct and whatever it points to gets |
1187 * blown away by SSL_ResetHandshake(). This is "sec" as in "ss->sec". | 1199 * blown away by SSL_ResetHandshake(). This is "sec" as in "ss->sec". |
1188 * | 1200 * |
1189 * Unless otherwise specified below, the contents of this struct are | 1201 * Unless otherwise specified below, the contents of this struct are |
1190 * protected by firstHandshakeLock AND (in ssl3) ssl3HandshakeLock. | 1202 * protected by firstHandshakeLock AND (in ssl3) ssl3HandshakeLock. |
1191 */ | 1203 */ |
1192 struct sslSecurityInfoStr { | 1204 struct sslSecurityInfoStr { |
1193 sslSendFunc send;» » » /*xmitBufLock*/»/* ssl 2 & 3 */ | 1205 sslSendFunc send; /*xmitBufLock*/ /* ssl 2 & 3 */ |
1194 int isServer;» » » /* Spec Lock?*/»/* ssl 2 & 3 */ | 1206 int isServer; /* Spec Lock?*/ /* ssl 2 & 3 */ |
1195 sslBuffer writeBuf;» » » /*xmitBufLock*/»/* ssl 2 & 3 */ | 1207 sslBuffer writeBuf; /*xmitBufLock*/ /* ssl 2 & 3 */ |
1196 | 1208 |
1197 int cipherType;» » » » /* ssl 2 & 3 */ | 1209 int cipherType; /* ssl 2 & 3 */ |
1198 int keyBits;» » » » » /* ssl 2 & 3 */ | 1210 int keyBits; /* ssl 2 & 3 */ |
1199 int secretKeyBits;» » » » /* ssl 2 & 3 */ | 1211 int secretKeyBits; /* ssl 2 & 3 */ |
1200 CERTCertificate *localCert;»» » » » /* ssl 2 & 3 */ | 1212 CERTCertificate *localCert; /* ssl 2 & 3 */ |
1201 CERTCertificate *peerCert;» » » » » /* ssl 2 & 3 */ | 1213 CERTCertificate *peerCert; /* ssl 2 & 3 */ |
1202 SECKEYPublicKey *peerKey;» » » » » /* ssl3 only */ | 1214 SECKEYPublicKey *peerKey; /* ssl3 only */ |
1203 | 1215 |
1204 SSLSignType authAlgorithm; | 1216 SSLSignType authAlgorithm; |
1205 PRUint32 authKeyBits; | 1217 PRUint32 authKeyBits; |
1206 SSLKEAType keaType; | 1218 SSLKEAType keaType; |
1207 PRUint32 keaKeyBits; | 1219 PRUint32 keaKeyBits; |
1208 | 1220 |
1209 /* | 1221 /* |
1210 ** Procs used for SID cache (nonce) management. | 1222 ** Procs used for SID cache (nonce) management. |
1211 ** Different implementations exist for clients/servers | 1223 ** Different implementations exist for clients/servers |
1212 ** The lookup proc is only used for servers. Baloney! | 1224 ** The lookup proc is only used for servers. Baloney! |
1213 */ | 1225 */ |
1214 sslSessionIDCacheFunc cache;» » » » /* ssl 2 & 3 */ | 1226 sslSessionIDCacheFunc cache; /* ssl 2 & 3 */ |
1215 sslSessionIDUncacheFunc uncache;» » » » /* ssl 2 & 3 */ | 1227 sslSessionIDUncacheFunc uncache; /* ssl 2 & 3 */ |
1216 | 1228 |
1217 /* | 1229 /* |
1218 ** everything below here is for ssl2 only. | 1230 ** everything below here is for ssl2 only. |
1219 ** This stuff is equivalent to SSL3's "spec", and is protected by the | 1231 ** This stuff is equivalent to SSL3's "spec", and is protected by the |
1220 ** same "Spec Lock" as used for SSL3's specs. | 1232 ** same "Spec Lock" as used for SSL3's specs. |
1221 */ | 1233 */ |
1222 PRUint32 sendSequence;» » /*xmitBufLock*/»/* ssl2 only */ | 1234 PRUint32 sendSequence; /*xmitBufLock*/ /* ssl2 only */ |
1223 PRUint32 rcvSequence;» » /*recvBufLock*/»/* ssl2 only */ | 1235 PRUint32 rcvSequence; /*recvBufLock*/ /* ssl2 only */ |
1224 | 1236 |
1225 /* Hash information; used for one-way-hash functions (MD2, MD5, etc.) */ | 1237 /* Hash information; used for one-way-hash functions (MD2, MD5, etc.) */ |
1226 const SECHashObject *hash;» » /* Spec Lock */ /* ssl2 only */ | 1238 const SECHashObject *hash; /* Spec Lock */ /* ssl2 only */ |
1227 void *hashcx;» » » /* Spec Lock */»/* ssl2 only */ | 1239 void *hashcx; /* Spec Lock */ /* ssl2 only */ |
1228 | 1240 |
1229 SECItem sendSecret;» » /* Spec Lock */»/* ssl2 only */ | 1241 SECItem sendSecret; /* Spec Lock */ /* ssl2 only */ |
1230 SECItem rcvSecret;»» » /* Spec Lock */»/* ssl2 only */ | 1242 SECItem rcvSecret; /* Spec Lock */ /* ssl2 only */ |
1231 | 1243 |
1232 /* Session cypher contexts; one for each direction */ | 1244 /* Session cypher contexts; one for each direction */ |
1233 void *readcx;» » » /* Spec Lock */»/* ssl2 only */ | 1245 void *readcx; /* Spec Lock */ /* ssl2 only */ |
1234 void *writecx;» » » /* Spec Lock */»/* ssl2 only */ | 1246 void *writecx; /* Spec Lock */ /* ssl2 only */ |
1235 SSLCipher enc;» » » /* Spec Lock */»/* ssl2 only */ | 1247 SSLCipher enc; /* Spec Lock */ /* ssl2 only */ |
1236 SSLCipher dec;» » » /* Spec Lock */»/* ssl2 only */ | 1248 SSLCipher dec; /* Spec Lock */ /* ssl2 only */ |
1237 void (*destroy)(void *, PRBool);» /* Spec Lock */»/* ssl2 only */ | 1249 void (*destroy)(void *, PRBool); /* Spec Lock */ /* ssl2 only */ |
1238 | 1250 |
1239 /* Blocking information for the session cypher */ | 1251 /* Blocking information for the session cypher */ |
1240 int blockShift;» » /* Spec Lock */»/* ssl2 only */ | 1252 int blockShift; /* Spec Lock */ /* ssl2 only */ |
1241 int blockSize;»» » /* Spec Lock */»/* ssl2 only */ | 1253 int blockSize; /* Spec Lock */ /* ssl2 only */ |
1242 | 1254 |
1243 /* These are used during a connection handshake */ | 1255 /* These are used during a connection handshake */ |
1244 sslConnectInfo ci;» » » » » /* ssl 2 & 3 */ | 1256 sslConnectInfo ci; /* ssl 2 & 3 */ |
1245 | |
1246 }; | 1257 }; |
1247 | 1258 |
1248 /* | 1259 /* |
1249 ** SSL Socket struct | 1260 ** SSL Socket struct |
1250 ** | 1261 ** |
1251 ** Protection: XXX | 1262 ** Protection: XXX |
1252 */ | 1263 */ |
1253 struct sslSocketStr { | 1264 struct sslSocketStr { |
1254 PRFileDesc *» fd; | 1265 PRFileDesc *fd; |
1255 | 1266 |
1256 /* Pointer to operations vector for this socket */ | 1267 /* Pointer to operations vector for this socket */ |
1257 const sslSocketOps * ops; | 1268 const sslSocketOps *ops; |
1258 | 1269 |
1259 /* SSL socket options */ | 1270 /* SSL socket options */ |
1260 sslOptions opt; | 1271 sslOptions opt; |
1261 /* Enabled version range */ | 1272 /* Enabled version range */ |
1262 SSLVersionRange vrange; | 1273 SSLVersionRange vrange; |
1263 | 1274 |
1264 /* State flags */ | 1275 /* State flags */ |
1265 unsigned long clientAuthRequested; | 1276 unsigned long clientAuthRequested; |
1266 unsigned long delayDisabled; /* Nagle delay disabled */ | 1277 unsigned long delayDisabled; /* Nagle delay disabled */ |
1267 unsigned long firstHsDone; /* first handshake is complete. */ | 1278 unsigned long firstHsDone; /* first handshake is complete. */ |
1268 unsigned long enoughFirstHsDone; /* enough of the first handshake is | 1279 unsigned long enoughFirstHsDone; /* enough of the first handshake is |
1269 » » » » » * done for callbacks to be able to | 1280 * done for callbacks to be able to |
1270 » » » » » * retrieve channel security | 1281 * retrieve channel security |
1271 » » » » » * parameters from the SSL socket. */ | 1282 * parameters from the SSL socket. */ |
1272 unsigned long handshakeBegun; | 1283 unsigned long handshakeBegun; |
1273 unsigned long lastWriteBlocked; | 1284 unsigned long lastWriteBlocked; |
1274 unsigned long recvdCloseNotify; /* received SSL EOF. */ | 1285 unsigned long recvdCloseNotify; /* received SSL EOF. */ |
1275 unsigned long TCPconnected; | 1286 unsigned long TCPconnected; |
1276 unsigned long appDataBuffered; | 1287 unsigned long appDataBuffered; |
1277 unsigned long peerRequestedProtection; /* from old renegotiation */ | 1288 unsigned long peerRequestedProtection; /* from old renegotiation */ |
1278 | 1289 |
1279 /* version of the protocol to use */ | 1290 /* version of the protocol to use */ |
1280 SSL3ProtocolVersion version; | 1291 SSL3ProtocolVersion version; |
1281 SSL3ProtocolVersion clientHelloVersion; /* version sent in client hello. */ | 1292 SSL3ProtocolVersion clientHelloVersion; /* version sent in client hello. */ |
1282 | 1293 |
1283 sslSecurityInfo sec;» » /* not a pointer any more */ | 1294 sslSecurityInfo sec; /* not a pointer any more */ |
1284 | 1295 |
1285 /* protected by firstHandshakeLock AND (in ssl3) ssl3HandshakeLock. */ | 1296 /* protected by firstHandshakeLock AND (in ssl3) ssl3HandshakeLock. */ |
1286 const char *url;» » » » /* ssl 2 & 3 */ | 1297 const char *url; /* ssl 2 & 3 */ |
1287 | 1298 |
1288 sslHandshakeFunc handshake;»» » » /*firstHandshakeLock*/ | 1299 sslHandshakeFunc handshake; /*firstHandshakeLock*/ |
1289 sslHandshakeFunc nextHandshake;» » » /*firstHandshakeLock*/ | 1300 sslHandshakeFunc nextHandshake; /*firstHandshakeLock*/ |
1290 sslHandshakeFunc securityHandshake;»» » /*firstHandshakeLock*/ | 1301 sslHandshakeFunc securityHandshake; /*firstHandshakeLock*/ |
1291 | 1302 |
1292 /* the following variable is only used with socks or other proxies. */ | 1303 /* the following variable is only used with socks or other proxies. */ |
1293 char * peerID;» /* String uniquely identifies target server. */ | 1304 char *peerID; /* String uniquely identifies target server. */ |
1294 | 1305 |
1295 unsigned char * cipherSpecs; | 1306 unsigned char *cipherSpecs; |
1296 unsigned int sizeCipherSpecs; | 1307 unsigned int sizeCipherSpecs; |
1297 const unsigned char * preferredCipher; | 1308 const unsigned char *preferredCipher; |
1298 | 1309 |
1299 /* TLS ClientCertificateTypes requested during HandleCertificateRequest. */ | 1310 /* TLS ClientCertificateTypes requested during HandleCertificateRequest. */ |
1300 /* Will be NULL at all other times. */ | 1311 /* Will be NULL at all other times. */ |
1301 const SECItem *requestedCertTypes; | 1312 const SECItem *requestedCertTypes; |
1302 | 1313 |
1303 ssl3KeyPair * stepDownKeyPair;» /* RSA step down keys */ | 1314 ssl3KeyPair *stepDownKeyPair; /* RSA step down keys */ |
1304 | 1315 |
1305 const ssl3DHParams *dheParams; /* DHE param */ | 1316 const ssl3DHParams *dheParams; /* DHE param */ |
1306 ssl3KeyPair * dheKeyPair; /* DHE keys */ | 1317 ssl3KeyPair *dheKeyPair; /* DHE keys */ |
1307 | 1318 |
1308 /* Callbacks */ | 1319 /* Callbacks */ |
1309 SSLAuthCertificate authCertificate; | 1320 SSLAuthCertificate authCertificate; |
1310 void *authCertificateArg; | 1321 void *authCertificateArg; |
1311 SSLGetClientAuthData getClientAuthData; | 1322 SSLGetClientAuthData getClientAuthData; |
1312 void *getClientAuthDataArg; | 1323 void *getClientAuthDataArg; |
1313 #ifdef NSS_PLATFORM_CLIENT_AUTH | 1324 SSLSNISocketConfig sniSocketConfig; |
1314 SSLGetPlatformClientAuthData getPlatformClientAuthData; | 1325 void *sniSocketConfigArg; |
1315 void *getPlatformClientAuthDataArg; | 1326 SSLBadCertHandler handleBadCert; |
1316 #endif /* NSS_PLATFORM_CLIENT_AUTH */ | 1327 void *badCertArg; |
1317 SSLSNISocketConfig sniSocketConfig; | 1328 SSLHandshakeCallback handshakeCallback; |
1318 void *sniSocketConfigArg; | 1329 void *handshakeCallbackData; |
1319 SSLBadCertHandler handleBadCert; | 1330 SSLCanFalseStartCallback canFalseStartCallback; |
1320 void *badCertArg; | 1331 void *canFalseStartCallbackData; |
1321 SSLHandshakeCallback handshakeCallback; | 1332 void *pkcs11PinArg; |
1322 void *handshakeCallbackData; | 1333 SSLNextProtoCallback nextProtoCallback; |
1323 SSLCanFalseStartCallback canFalseStartCallback; | 1334 void *nextProtoArg; |
1324 void *canFalseStartCallbackData; | 1335 |
1325 void *pkcs11PinArg; | |
1326 SSLNextProtoCallback nextProtoCallback; | |
1327 void *nextProtoArg; | |
1328 SSLClientChannelIDCallback getChannelID; | 1336 SSLClientChannelIDCallback getChannelID; |
1329 void *getChannelIDArg; | 1337 void *getChannelIDArg; |
1330 | 1338 |
1331 PRIntervalTime rTimeout; /* timeout for NSPR I/O */ | 1339 PRIntervalTime rTimeout; /* timeout for NSPR I/O */ |
1332 PRIntervalTime wTimeout; /* timeout for NSPR I/O */ | 1340 PRIntervalTime wTimeout; /* timeout for NSPR I/O */ |
1333 PRIntervalTime cTimeout; /* timeout for NSPR I/O */ | 1341 PRIntervalTime cTimeout; /* timeout for NSPR I/O */ |
1334 | 1342 |
1335 PZLock * recvLock;» /* lock against multiple reader threads. */ | 1343 PZLock *recvLock; /* lock against multiple reader threads. */ |
1336 PZLock * sendLock;» /* lock against multiple sender threads. */ | 1344 PZLock *sendLock; /* lock against multiple sender threads. */ |
1337 | 1345 |
1338 PZMonitor * recvBufLock;» /* locks low level recv buffers. */ | 1346 PZMonitor *recvBufLock; /* locks low level recv buffers. */ |
1339 PZMonitor * xmitBufLock;» /* locks low level xmit buffers. */ | 1347 PZMonitor *xmitBufLock; /* locks low level xmit buffers. */ |
1340 | 1348 |
1341 /* Only one thread may operate on the socket until the initial handshake | 1349 /* Only one thread may operate on the socket until the initial handshake |
1342 ** is complete. This Monitor ensures that. Since SSL2 handshake is | 1350 ** is complete. This Monitor ensures that. Since SSL2 handshake is |
1343 ** only done once, this is also effectively the SSL2 handshake lock. | 1351 ** only done once, this is also effectively the SSL2 handshake lock. |
1344 */ | 1352 */ |
1345 PZMonitor * firstHandshakeLock; | 1353 PZMonitor *firstHandshakeLock; |
1346 | 1354 |
1347 /* This monitor protects the ssl3 handshake state machine data. | 1355 /* This monitor protects the ssl3 handshake state machine data. |
1348 ** Only one thread (reader or writer) may be in the ssl3 handshake state | 1356 ** Only one thread (reader or writer) may be in the ssl3 handshake state |
1349 ** machine at any time. */ | 1357 ** machine at any time. */ |
1350 PZMonitor * ssl3HandshakeLock; | 1358 PZMonitor *ssl3HandshakeLock; |
1351 | 1359 |
1352 /* reader/writer lock, protects the secret data needed to encrypt and MAC | 1360 /* reader/writer lock, protects the secret data needed to encrypt and MAC |
1353 ** outgoing records, and to decrypt and MAC check incoming ciphertext | 1361 ** outgoing records, and to decrypt and MAC check incoming ciphertext |
1354 ** records. */ | 1362 ** records. */ |
1355 NSSRWLock * specLock; | 1363 NSSRWLock *specLock; |
1356 | 1364 |
1357 /* handle to perm cert db (and implicitly to the temp cert db) used | 1365 /* handle to perm cert db (and implicitly to the temp cert db) used |
1358 ** with this socket. | 1366 ** with this socket. |
1359 */ | 1367 */ |
1360 CERTCertDBHandle * dbHandle; | 1368 CERTCertDBHandle *dbHandle; |
1361 | 1369 |
1362 PRThread * writerThread; /* thread holds SSL_LOCK_WRITER lock */ | 1370 PRThread *writerThread; /* thread holds SSL_LOCK_WRITER lock */ |
1363 | 1371 |
1364 PRUint16» shutdownHow; » /* See ssl_SHUTDOWN defines below. */ | 1372 PRUint16 shutdownHow; /* See ssl_SHUTDOWN defines below. */ |
1365 | 1373 |
1366 PRUint16» allowedByPolicy; /* copy of global policy bits. */ | 1374 PRUint16 allowedByPolicy; /* copy of global policy bits. */ |
1367 PRUint16» maybeAllowedByPolicy; /* copy of global policy bits. */ | 1375 PRUint16 maybeAllowedByPolicy; /* copy of global policy bits. */ |
1368 PRUint16» chosenPreference; /* SSL2 cipher preferences. */ | 1376 PRUint16 chosenPreference; /* SSL2 cipher preferences. */ |
1369 | 1377 |
1370 sslHandshakingType handshaking; | 1378 sslHandshakingType handshaking; |
1371 | 1379 |
1372 /* Gather object used for gathering data */ | 1380 /* Gather object used for gathering data */ |
1373 sslGather gs;» » » » /*recvBufLock*/ | 1381 sslGather gs; /*recvBufLock*/ |
1374 | 1382 |
1375 sslBuffer saveBuf;» » » » /*xmitBufLock*/ | 1383 sslBuffer saveBuf; /*xmitBufLock*/ |
1376 sslBuffer pendingBuf;» » » /*xmitBufLock*/ | 1384 sslBuffer pendingBuf; /*xmitBufLock*/ |
1377 | 1385 |
1378 /* Configuration state for server sockets */ | 1386 /* Configuration state for server sockets */ |
1379 /* server cert and key for each KEA type */ | 1387 /* server cert and key for each KEA type */ |
1380 sslServerCerts serverCerts[kt_kea_size]; | 1388 sslServerCerts serverCerts[kt_kea_size]; |
1381 /* each cert needs its own status */ | 1389 /* each cert needs its own status */ |
1382 SECItemArray * certStatusArray[kt_kea_size]; | 1390 SECItemArray *certStatusArray[kt_kea_size]; |
| 1391 /* Serialized signed certificate timestamps to be sent to the client |
| 1392 ** in a TLS extension (server only). Each certificate needs its own |
| 1393 ** timestamps item. |
| 1394 */ |
| 1395 SECItem signedCertTimestamps[kt_kea_size]; |
1383 | 1396 |
1384 ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED]; | 1397 ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED]; |
1385 ssl3KeyPair * ephemeralECDHKeyPair; /* for ECDHE-* handshake */ | 1398 ssl3KeyPair *ephemeralECDHKeyPair; /* for ECDHE-* handshake */ |
1386 | 1399 |
1387 /* SSL3 state info. Formerly was a pointer */ | 1400 /* SSL3 state info. Formerly was a pointer */ |
1388 ssl3State ssl3; | 1401 ssl3State ssl3; |
1389 | 1402 |
1390 /* | 1403 /* |
1391 * TLS extension related data. | 1404 * TLS extension related data. |
1392 */ | 1405 */ |
1393 /* True when the current session is a stateless resume. */ | 1406 /* True when the current session is a stateless resume. */ |
1394 PRBool statelessResume; | 1407 PRBool statelessResume; |
1395 TLSExtensionData xtnData; | 1408 TLSExtensionData xtnData; |
1396 | 1409 |
1397 /* Whether we are doing stream or datagram mode */ | 1410 /* Whether we are doing stream or datagram mode */ |
1398 SSLProtocolVariant protocolVariant; | 1411 SSLProtocolVariant protocolVariant; |
1399 }; | 1412 }; |
1400 | 1413 |
1401 | 1414 /* All the global data items declared here should be protected using the |
1402 | |
1403 /* All the global data items declared here should be protected using the | |
1404 ** ssl_global_data_lock, which is a reader/writer lock. | 1415 ** ssl_global_data_lock, which is a reader/writer lock. |
1405 */ | 1416 */ |
1406 extern NSSRWLock * ssl_global_data_lock; | 1417 extern NSSRWLock *ssl_global_data_lock; |
1407 extern char ssl_debug; | 1418 extern char ssl_debug; |
1408 extern char ssl_trace; | 1419 extern char ssl_trace; |
1409 extern FILE * ssl_trace_iob; | 1420 extern FILE *ssl_trace_iob; |
1410 extern FILE * ssl_keylog_iob; | 1421 extern FILE *ssl_keylog_iob; |
1411 extern CERTDistNames * ssl3_server_ca_list; | 1422 extern CERTDistNames *ssl3_server_ca_list; |
1412 extern PRUint32 ssl_sid_timeout; | 1423 extern PRUint32 ssl_sid_timeout; |
1413 extern PRUint32 ssl3_sid_timeout; | 1424 extern PRUint32 ssl3_sid_timeout; |
1414 | 1425 |
1415 extern const char * const ssl_cipherName[]; | 1426 extern const char *const ssl_cipherName[]; |
1416 extern const char * const ssl3_cipherName[]; | 1427 extern const char *const ssl3_cipherName[]; |
1417 | 1428 |
1418 extern sslSessionIDLookupFunc ssl_sid_lookup; | 1429 extern sslSessionIDLookupFunc ssl_sid_lookup; |
1419 extern sslSessionIDCacheFunc ssl_sid_cache; | 1430 extern sslSessionIDCacheFunc ssl_sid_cache; |
1420 extern sslSessionIDUncacheFunc ssl_sid_uncache; | 1431 extern sslSessionIDUncacheFunc ssl_sid_uncache; |
1421 | 1432 |
1422 /************************************************************************/ | 1433 /************************************************************************/ |
1423 | 1434 |
1424 SEC_BEGIN_PROTOS | 1435 SEC_BEGIN_PROTOS |
1425 | 1436 |
1426 /* Functions for handling SECItemArrays, added in NSS 3.15 */ | |
1427 extern SECItemArray *SECITEM_AllocArray(PLArenaPool *arena, | |
1428 SECItemArray *array, | |
1429 unsigned int len); | |
1430 extern SECItemArray *SECITEM_DupArray(PLArenaPool *arena, | |
1431 const SECItemArray *from); | |
1432 extern void SECITEM_FreeArray(SECItemArray *array, PRBool freeit); | |
1433 extern void SECITEM_ZfreeArray(SECItemArray *array, PRBool freeit); | |
1434 | |
1435 /* Internal initialization and installation of the SSL error tables */ | 1437 /* Internal initialization and installation of the SSL error tables */ |
1436 extern SECStatus ssl_Init(void); | 1438 extern SECStatus ssl_Init(void); |
1437 extern SECStatus ssl_InitializePRErrorTable(void); | 1439 extern SECStatus ssl_InitializePRErrorTable(void); |
1438 | 1440 |
1439 /* Implementation of ops for default (non socks, non secure) case */ | 1441 /* Implementation of ops for default (non socks, non secure) case */ |
1440 extern int ssl_DefConnect(sslSocket *ss, const PRNetAddr *addr); | 1442 extern int ssl_DefConnect(sslSocket *ss, const PRNetAddr *addr); |
1441 extern PRFileDesc *ssl_DefAccept(sslSocket *ss, PRNetAddr *addr); | 1443 extern PRFileDesc *ssl_DefAccept(sslSocket *ss, PRNetAddr *addr); |
1442 extern int ssl_DefBind(sslSocket *ss, const PRNetAddr *addr); | 1444 extern int ssl_DefBind(sslSocket *ss, const PRNetAddr *addr); |
1443 extern int ssl_DefListen(sslSocket *ss, int backlog); | 1445 extern int ssl_DefListen(sslSocket *ss, int backlog); |
1444 extern int ssl_DefShutdown(sslSocket *ss, int how); | 1446 extern int ssl_DefShutdown(sslSocket *ss, int how); |
1445 extern int ssl_DefClose(sslSocket *ss); | 1447 extern int ssl_DefClose(sslSocket *ss); |
1446 extern int ssl_DefRecv(sslSocket *ss, unsigned char *buf, int len, int flags); | 1448 extern int ssl_DefRecv(sslSocket *ss, unsigned char *buf, int len, int flags); |
1447 extern int ssl_DefSend(sslSocket *ss, const unsigned char *buf, | 1449 extern int ssl_DefSend(sslSocket *ss, const unsigned char *buf, |
1448 » » int len, int flags); | 1450 int len, int flags); |
1449 extern int ssl_DefRead(sslSocket *ss, unsigned char *buf, int len); | 1451 extern int ssl_DefRead(sslSocket *ss, unsigned char *buf, int len); |
1450 extern int ssl_DefWrite(sslSocket *ss, const unsigned char *buf, int len); | 1452 extern int ssl_DefWrite(sslSocket *ss, const unsigned char *buf, int len); |
1451 extern int ssl_DefGetpeername(sslSocket *ss, PRNetAddr *name); | 1453 extern int ssl_DefGetpeername(sslSocket *ss, PRNetAddr *name); |
1452 extern int ssl_DefGetsockname(sslSocket *ss, PRNetAddr *name); | 1454 extern int ssl_DefGetsockname(sslSocket *ss, PRNetAddr *name); |
1453 extern int ssl_DefGetsockopt(sslSocket *ss, PRSockOption optname, | 1455 extern int ssl_DefGetsockopt(sslSocket *ss, PRSockOption optname, |
1454 » » » void *optval, PRInt32 *optlen); | 1456 void *optval, PRInt32 *optlen); |
1455 extern int ssl_DefSetsockopt(sslSocket *ss, PRSockOption optname, | 1457 extern int ssl_DefSetsockopt(sslSocket *ss, PRSockOption optname, |
1456 » » » const void *optval, PRInt32 optlen); | 1458 const void *optval, PRInt32 optlen); |
1457 | 1459 |
1458 /* Implementation of ops for socks only case */ | 1460 /* Implementation of ops for socks only case */ |
1459 extern int ssl_SocksConnect(sslSocket *ss, const PRNetAddr *addr); | 1461 extern int ssl_SocksConnect(sslSocket *ss, const PRNetAddr *addr); |
1460 extern PRFileDesc *ssl_SocksAccept(sslSocket *ss, PRNetAddr *addr); | 1462 extern PRFileDesc *ssl_SocksAccept(sslSocket *ss, PRNetAddr *addr); |
1461 extern int ssl_SocksBind(sslSocket *ss, const PRNetAddr *addr); | 1463 extern int ssl_SocksBind(sslSocket *ss, const PRNetAddr *addr); |
1462 extern int ssl_SocksListen(sslSocket *ss, int backlog); | 1464 extern int ssl_SocksListen(sslSocket *ss, int backlog); |
1463 extern int ssl_SocksGetsockname(sslSocket *ss, PRNetAddr *name); | 1465 extern int ssl_SocksGetsockname(sslSocket *ss, PRNetAddr *name); |
1464 extern int ssl_SocksRecv(sslSocket *ss, unsigned char *buf, int len, int flags); | 1466 extern int ssl_SocksRecv(sslSocket *ss, unsigned char *buf, int len, int flags); |
1465 extern int ssl_SocksSend(sslSocket *ss, const unsigned char *buf, | 1467 extern int ssl_SocksSend(sslSocket *ss, const unsigned char *buf, |
1466 » » » int len, int flags); | 1468 int len, int flags); |
1467 extern int ssl_SocksRead(sslSocket *ss, unsigned char *buf, int len); | 1469 extern int ssl_SocksRead(sslSocket *ss, unsigned char *buf, int len); |
1468 extern int ssl_SocksWrite(sslSocket *ss, const unsigned char *buf, int len); | 1470 extern int ssl_SocksWrite(sslSocket *ss, const unsigned char *buf, int len); |
1469 | 1471 |
1470 /* Implementation of ops for secure only case */ | 1472 /* Implementation of ops for secure only case */ |
1471 extern int ssl_SecureConnect(sslSocket *ss, const PRNetAddr *addr); | 1473 extern int ssl_SecureConnect(sslSocket *ss, const PRNetAddr *addr); |
1472 extern PRFileDesc *ssl_SecureAccept(sslSocket *ss, PRNetAddr *addr); | 1474 extern PRFileDesc *ssl_SecureAccept(sslSocket *ss, PRNetAddr *addr); |
1473 extern int ssl_SecureRecv(sslSocket *ss, unsigned char *buf, | 1475 extern int ssl_SecureRecv(sslSocket *ss, unsigned char *buf, |
1474 » » » int len, int flags); | 1476 int len, int flags); |
1475 extern int ssl_SecureSend(sslSocket *ss, const unsigned char *buf, | 1477 extern int ssl_SecureSend(sslSocket *ss, const unsigned char *buf, |
1476 » » » int len, int flags); | 1478 int len, int flags); |
1477 extern int ssl_SecureRead(sslSocket *ss, unsigned char *buf, int len); | 1479 extern int ssl_SecureRead(sslSocket *ss, unsigned char *buf, int len); |
1478 extern int ssl_SecureWrite(sslSocket *ss, const unsigned char *buf, int len); | 1480 extern int ssl_SecureWrite(sslSocket *ss, const unsigned char *buf, int len); |
1479 extern int ssl_SecureShutdown(sslSocket *ss, int how); | 1481 extern int ssl_SecureShutdown(sslSocket *ss, int how); |
1480 extern int ssl_SecureClose(sslSocket *ss); | 1482 extern int ssl_SecureClose(sslSocket *ss); |
1481 | 1483 |
1482 /* Implementation of ops for secure socks case */ | 1484 /* Implementation of ops for secure socks case */ |
1483 extern int ssl_SecureSocksConnect(sslSocket *ss, const PRNetAddr *addr); | 1485 extern int ssl_SecureSocksConnect(sslSocket *ss, const PRNetAddr *addr); |
1484 extern PRFileDesc *ssl_SecureSocksAccept(sslSocket *ss, PRNetAddr *addr); | 1486 extern PRFileDesc *ssl_SecureSocksAccept(sslSocket *ss, PRNetAddr *addr); |
1485 extern PRFileDesc *ssl_FindTop(sslSocket *ss); | 1487 extern PRFileDesc *ssl_FindTop(sslSocket *ss); |
1486 | 1488 |
1487 /* Gather funcs. */ | 1489 /* Gather funcs. */ |
1488 extern sslGather * ssl_NewGather(void); | 1490 extern sslGather *ssl_NewGather(void); |
1489 extern SECStatus ssl_InitGather(sslGather *gs); | 1491 extern SECStatus ssl_InitGather(sslGather *gs); |
1490 extern void ssl_DestroyGather(sslGather *gs); | 1492 extern void ssl_DestroyGather(sslGather *gs); |
1491 extern int ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags); | 1493 extern int ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags); |
1492 extern int ssl2_GatherRecord(sslSocket *ss, int flags); | 1494 extern int ssl2_GatherRecord(sslSocket *ss, int flags); |
1493 extern SECStatus ssl_GatherRecord1stHandshake(sslSocket *ss); | 1495 extern SECStatus ssl_GatherRecord1stHandshake(sslSocket *ss); |
1494 | 1496 |
1495 extern SECStatus ssl2_HandleClientHelloMessage(sslSocket *ss); | 1497 extern SECStatus ssl2_HandleClientHelloMessage(sslSocket *ss); |
1496 extern SECStatus ssl2_HandleServerHelloMessage(sslSocket *ss); | 1498 extern SECStatus ssl2_HandleServerHelloMessage(sslSocket *ss); |
1497 | 1499 |
1498 extern SECStatus ssl_CreateSecurityInfo(sslSocket *ss); | 1500 extern SECStatus ssl_CreateSecurityInfo(sslSocket *ss); |
1499 extern SECStatus ssl_CopySecurityInfo(sslSocket *ss, sslSocket *os); | 1501 extern SECStatus ssl_CopySecurityInfo(sslSocket *ss, sslSocket *os); |
1500 extern void ssl_ResetSecurityInfo(sslSecurityInfo *sec, PRBool doMemset); | 1502 extern void ssl_ResetSecurityInfo(sslSecurityInfo *sec, PRBool doMemset); |
1501 extern void ssl_DestroySecurityInfo(sslSecurityInfo *sec); | 1503 extern void ssl_DestroySecurityInfo(sslSecurityInfo *sec); |
1502 | 1504 |
1503 extern void ssl_PrintBuf(sslSocket *ss, const char *msg, const void *cp,
int len); | 1505 extern void ssl_PrintBuf(sslSocket *ss, const char *msg, const void *cp, int len
); |
1504 extern void ssl_DumpMsg(sslSocket *ss, unsigned char *bp, unsigned len); | 1506 extern void ssl_DumpMsg(sslSocket *ss, unsigned char *bp, unsigned len); |
1505 | 1507 |
1506 extern int ssl_SendSavedWriteData(sslSocket *ss); | 1508 extern int ssl_SendSavedWriteData(sslSocket *ss); |
1507 extern SECStatus ssl_SaveWriteData(sslSocket *ss, | 1509 extern SECStatus ssl_SaveWriteData(sslSocket *ss, |
1508 const void* p, unsigned int l); | 1510 const void *p, unsigned int l); |
1509 extern SECStatus ssl2_BeginClientHandshake(sslSocket *ss); | 1511 extern SECStatus ssl2_BeginClientHandshake(sslSocket *ss); |
1510 extern SECStatus ssl2_BeginServerHandshake(sslSocket *ss); | 1512 extern SECStatus ssl2_BeginServerHandshake(sslSocket *ss); |
1511 extern int ssl_Do1stHandshake(sslSocket *ss); | 1513 extern int ssl_Do1stHandshake(sslSocket *ss); |
1512 | 1514 |
1513 extern SECStatus sslBuffer_Grow(sslBuffer *b, unsigned int newLen); | 1515 extern SECStatus sslBuffer_Grow(sslBuffer *b, unsigned int newLen); |
1514 extern SECStatus sslBuffer_Append(sslBuffer *b, const void * data, | 1516 extern SECStatus sslBuffer_Append(sslBuffer *b, const void *data, |
1515 » » unsigned int len); | 1517 unsigned int len); |
1516 | 1518 |
1517 extern void ssl2_UseClearSendFunc(sslSocket *ss); | 1519 extern void ssl2_UseClearSendFunc(sslSocket *ss); |
1518 extern void ssl_ChooseSessionIDProcs(sslSecurityInfo *sec); | 1520 extern void ssl_ChooseSessionIDProcs(sslSecurityInfo *sec); |
1519 | 1521 |
1520 extern sslSessionID *ssl3_NewSessionID(sslSocket *ss, PRBool is_server); | 1522 extern sslSessionID *ssl3_NewSessionID(sslSocket *ss, PRBool is_server); |
1521 extern sslSessionID *ssl_LookupSID(const PRIPv6Addr *addr, PRUint16 port, | 1523 extern sslSessionID *ssl_LookupSID(const PRIPv6Addr *addr, PRUint16 port, |
1522 const char *peerID, const char *urlSvrName); | 1524 const char *peerID, const char *urlSvrName); |
1523 extern void ssl_FreeSID(sslSessionID *sid); | 1525 extern void ssl_FreeSID(sslSessionID *sid); |
1524 | 1526 |
1525 extern int ssl3_SendApplicationData(sslSocket *ss, const PRUint8 *in, | 1527 extern int ssl3_SendApplicationData(sslSocket *ss, const PRUint8 *in, |
1526 » » » » int len, int flags); | 1528 int len, int flags); |
1527 | 1529 |
1528 extern PRBool ssl_FdIsBlocking(PRFileDesc *fd); | 1530 extern PRBool ssl_FdIsBlocking(PRFileDesc *fd); |
1529 | 1531 |
1530 extern PRBool ssl_SocketIsBlocking(sslSocket *ss); | 1532 extern PRBool ssl_SocketIsBlocking(sslSocket *ss); |
1531 | 1533 |
1532 extern void ssl3_SetAlwaysBlock(sslSocket *ss); | 1534 extern void ssl3_SetAlwaysBlock(sslSocket *ss); |
1533 | 1535 |
1534 extern SECStatus ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled); | 1536 extern SECStatus ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled); |
1535 | 1537 |
1536 extern void ssl_FinishHandshake(sslSocket *ss); | 1538 extern void ssl_FinishHandshake(sslSocket *ss); |
1537 | 1539 |
1538 /* Returns PR_TRUE if we are still waiting for the server to respond to our | 1540 extern SECStatus ssl_CipherPolicySet(PRInt32 which, PRInt32 policy); |
1539 * client second round. Once we've received any part of the server's second | 1541 |
1540 * round then we don't bother trying to false start since it is almost always | 1542 extern SECStatus ssl_CipherPrefSetDefault(PRInt32 which, PRBool enabled); |
1541 * the case that the NewSessionTicket, ChangeCipherSoec, and Finished messages | 1543 |
1542 * were sent in the same packet and we want to process them all at the same | 1544 extern SECStatus ssl3_ConstrainRangeByPolicy(void); |
1543 * time. If we were to try to false start in the middle of the server's second | 1545 |
1544 * round, then we would increase the number of I/O operations | 1546 /* Returns PR_TRUE if we are still waiting for the server to complete its |
1545 * (SSL_ForceHandshake/PR_Recv/PR_Send/etc.) needed to finish the handshake. | 1547 * response to our client second round. Once we've received the Finished from |
| 1548 * the server then there is no need to check false start. |
1546 */ | 1549 */ |
1547 extern PRBool ssl3_WaitingForStartOfServerSecondRound(sslSocket *ss); | 1550 extern PRBool ssl3_WaitingForServerSecondRound(sslSocket *ss); |
1548 | 1551 |
1549 extern SECStatus | 1552 extern SECStatus |
1550 ssl3_CompressMACEncryptRecord(ssl3CipherSpec * cwSpec, | 1553 ssl3_CompressMACEncryptRecord(ssl3CipherSpec *cwSpec, |
1551 » » PRBool isServer, | 1554 PRBool isServer, |
1552 » » » PRBool isDTLS, | 1555 PRBool isDTLS, |
1553 » » » PRBool capRecordVersion, | 1556 PRBool capRecordVersion, |
1554 SSL3ContentType type, | 1557 SSL3ContentType type, |
1555 » » const SSL3Opaque * pIn, | 1558 const SSL3Opaque *pIn, |
1556 » » PRUint32 contentLen, | 1559 PRUint32 contentLen, |
1557 » » sslBuffer * wrBuf); | 1560 sslBuffer *wrBuf); |
1558 extern PRInt32 ssl3_SendRecord(sslSocket *ss, DTLSEpoch epoch, | |
1559 » » » » SSL3ContentType type, | |
1560 const SSL3Opaque* pIn, PRInt32 nIn, | |
1561 PRInt32 flags); | |
1562 | 1561 |
1563 #ifdef NSS_ENABLE_ZLIB | 1562 extern PRInt32 ssl3_SendRecord(sslSocket *ss, DTLSEpoch epoch, |
| 1563 SSL3ContentType type, |
| 1564 const SSL3Opaque *pIn, PRInt32 nIn, |
| 1565 PRInt32 flags); |
| 1566 |
| 1567 #ifdef NSS_SSL_ENABLE_ZLIB |
1564 /* | 1568 /* |
1565 * The DEFLATE algorithm can result in an expansion of 0.1% + 12 bytes. For a | 1569 * The DEFLATE algorithm can result in an expansion of 0.1% + 12 bytes. For a |
1566 * maximum TLS record payload of 2**14 bytes, that's 29 bytes. | 1570 * maximum TLS record payload of 2**14 bytes, that's 29 bytes. |
1567 */ | 1571 */ |
1568 #define SSL3_COMPRESSION_MAX_EXPANSION 29 | 1572 #define SSL3_COMPRESSION_MAX_EXPANSION 29 |
1569 #else /* !NSS_ENABLE_ZLIB */ | 1573 #else /* !NSS_SSL_ENABLE_ZLIB */ |
1570 #define SSL3_COMPRESSION_MAX_EXPANSION 0 | 1574 #define SSL3_COMPRESSION_MAX_EXPANSION 0 |
1571 #endif | 1575 #endif |
1572 | 1576 |
1573 /* | 1577 /* |
1574 * make sure there is room in the write buffer for padding and | 1578 * make sure there is room in the write buffer for padding and |
1575 * other compression and cryptographic expansions. | 1579 * other compression and cryptographic expansions. |
1576 */ | 1580 */ |
1577 #define SSL3_BUFFER_FUDGE 100 + SSL3_COMPRESSION_MAX_EXPANSION | 1581 #define SSL3_BUFFER_FUDGE 100 + SSL3_COMPRESSION_MAX_EXPANSION |
1578 | 1582 |
1579 #define SSL_LOCK_READER(ss)» » if (ss->recvLock) PZ_Lock(ss->recvLock) | 1583 #define SSL_LOCK_READER(ss) \ |
1580 #define SSL_UNLOCK_READER(ss)» » if (ss->recvLock) PZ_Unlock(ss->recvLock
) | 1584 if (ss->recvLock) \ |
1581 #define SSL_LOCK_WRITER(ss)» » if (ss->sendLock) PZ_Lock(ss->sendLock) | 1585 PZ_Lock(ss->recvLock) |
1582 #define SSL_UNLOCK_WRITER(ss)» » if (ss->sendLock) PZ_Unlock(ss->sendLock
) | 1586 #define SSL_UNLOCK_READER(ss) \ |
| 1587 if (ss->recvLock) \ |
| 1588 PZ_Unlock(ss->recvLock) |
| 1589 #define SSL_LOCK_WRITER(ss) \ |
| 1590 if (ss->sendLock) \ |
| 1591 PZ_Lock(ss->sendLock) |
| 1592 #define SSL_UNLOCK_WRITER(ss) \ |
| 1593 if (ss->sendLock) \ |
| 1594 PZ_Unlock(ss->sendLock) |
1583 | 1595 |
1584 /* firstHandshakeLock -> recvBufLock */ | 1596 /* firstHandshakeLock -> recvBufLock */ |
1585 #define ssl_Get1stHandshakeLock(ss) \ | 1597 #define ssl_Get1stHandshakeLock(ss) \ |
1586 { if (!ss->opt.noLocks) { \ | 1598 { \ |
1587 » PORT_Assert(PZ_InMonitor((ss)->firstHandshakeLock) || \ | 1599 if (!ss->opt.noLocks) { \ |
1588 » » !ssl_HaveRecvBufLock(ss)); \ | 1600 PORT_Assert(PZ_InMonitor((ss)->firstHandshakeLock) || \ |
1589 » PZ_EnterMonitor((ss)->firstHandshakeLock); \ | 1601 !ssl_HaveRecvBufLock(ss)); \ |
1590 } } | 1602 PZ_EnterMonitor((ss)->firstHandshakeLock); \ |
1591 #define ssl_Release1stHandshakeLock(ss) \ | 1603 } \ |
1592 { if (!ss->opt.noLocks) PZ_ExitMonitor((ss)->firstHandshakeLock); } | 1604 } |
1593 #define ssl_Have1stHandshakeLock(ss) \ | 1605 #define ssl_Release1stHandshakeLock(ss) \ |
| 1606 { \ |
| 1607 if (!ss->opt.noLocks) \ |
| 1608 PZ_ExitMonitor((ss)->firstHandshakeLock); \ |
| 1609 } |
| 1610 #define ssl_Have1stHandshakeLock(ss) \ |
1594 (PZ_InMonitor((ss)->firstHandshakeLock)) | 1611 (PZ_InMonitor((ss)->firstHandshakeLock)) |
1595 | 1612 |
1596 /* ssl3HandshakeLock -> xmitBufLock */ | 1613 /* ssl3HandshakeLock -> xmitBufLock */ |
1597 #define ssl_GetSSL3HandshakeLock(ss)» \ | 1614 #define ssl_GetSSL3HandshakeLock(ss) \ |
1598 { if (!ss->opt.noLocks) { \ | 1615 { \ |
1599 » PORT_Assert(!ssl_HaveXmitBufLock(ss)); \ | 1616 if (!ss->opt.noLocks) { \ |
1600 » PZ_EnterMonitor((ss)->ssl3HandshakeLock); \ | 1617 PORT_Assert(!ssl_HaveXmitBufLock(ss)); \ |
1601 } } | 1618 PZ_EnterMonitor((ss)->ssl3HandshakeLock); \ |
1602 #define ssl_ReleaseSSL3HandshakeLock(ss) \ | 1619 } \ |
1603 { if (!ss->opt.noLocks) PZ_ExitMonitor((ss)->ssl3HandshakeLock); } | 1620 } |
1604 #define ssl_HaveSSL3HandshakeLock(ss)» \ | 1621 #define ssl_ReleaseSSL3HandshakeLock(ss) \ |
| 1622 { \ |
| 1623 if (!ss->opt.noLocks) \ |
| 1624 PZ_ExitMonitor((ss)->ssl3HandshakeLock); \ |
| 1625 } |
| 1626 #define ssl_HaveSSL3HandshakeLock(ss) \ |
1605 (PZ_InMonitor((ss)->ssl3HandshakeLock)) | 1627 (PZ_InMonitor((ss)->ssl3HandshakeLock)) |
1606 | 1628 |
1607 #define ssl_GetSpecReadLock(ss)»» \ | 1629 #define ssl_GetSpecReadLock(ss) \ |
1608 { if (!ss->opt.noLocks) NSSRWLock_LockRead((ss)->specLock); } | 1630 { \ |
1609 #define ssl_ReleaseSpecReadLock(ss)» \ | 1631 if (!ss->opt.noLocks) \ |
1610 { if (!ss->opt.noLocks) NSSRWLock_UnlockRead((ss)->specLock); } | 1632 NSSRWLock_LockRead((ss)->specLock); \ |
| 1633 } |
| 1634 #define ssl_ReleaseSpecReadLock(ss) \ |
| 1635 { \ |
| 1636 if (!ss->opt.noLocks) \ |
| 1637 NSSRWLock_UnlockRead((ss)->specLock); \ |
| 1638 } |
1611 /* NSSRWLock_HaveReadLock is not exported so there's no | 1639 /* NSSRWLock_HaveReadLock is not exported so there's no |
1612 * ssl_HaveSpecReadLock macro. */ | 1640 * ssl_HaveSpecReadLock macro. */ |
1613 | 1641 |
1614 #define ssl_GetSpecWriteLock(ss)» \ | 1642 #define ssl_GetSpecWriteLock(ss) \ |
1615 { if (!ss->opt.noLocks) NSSRWLock_LockWrite((ss)->specLock); } | 1643 { \ |
1616 #define ssl_ReleaseSpecWriteLock(ss)» \ | 1644 if (!ss->opt.noLocks) \ |
1617 { if (!ss->opt.noLocks) NSSRWLock_UnlockWrite((ss)->specLock); } | 1645 NSSRWLock_LockWrite((ss)->specLock); \ |
1618 #define ssl_HaveSpecWriteLock(ss)» \ | 1646 } |
| 1647 #define ssl_ReleaseSpecWriteLock(ss) \ |
| 1648 { \ |
| 1649 if (!ss->opt.noLocks) \ |
| 1650 NSSRWLock_UnlockWrite((ss)->specLock); \ |
| 1651 } |
| 1652 #define ssl_HaveSpecWriteLock(ss) \ |
1619 (NSSRWLock_HaveWriteLock((ss)->specLock)) | 1653 (NSSRWLock_HaveWriteLock((ss)->specLock)) |
1620 | 1654 |
1621 /* recvBufLock -> ssl3HandshakeLock -> xmitBufLock */ | 1655 /* recvBufLock -> ssl3HandshakeLock -> xmitBufLock */ |
1622 #define ssl_GetRecvBufLock(ss)» » \ | 1656 #define ssl_GetRecvBufLock(ss) \ |
1623 { if (!ss->opt.noLocks) { \ | 1657 { \ |
1624 » PORT_Assert(!ssl_HaveSSL3HandshakeLock(ss)); \ | 1658 if (!ss->opt.noLocks) { \ |
1625 » PORT_Assert(!ssl_HaveXmitBufLock(ss)); \ | 1659 PORT_Assert(!ssl_HaveSSL3HandshakeLock(ss)); \ |
1626 » PZ_EnterMonitor((ss)->recvBufLock); \ | 1660 PORT_Assert(!ssl_HaveXmitBufLock(ss)); \ |
1627 } } | 1661 PZ_EnterMonitor((ss)->recvBufLock); \ |
1628 #define ssl_ReleaseRecvBufLock(ss)» \ | 1662 } \ |
1629 { if (!ss->opt.noLocks) PZ_ExitMonitor( (ss)->recvBufLock); } | 1663 } |
1630 #define ssl_HaveRecvBufLock(ss)»» \ | 1664 #define ssl_ReleaseRecvBufLock(ss) \ |
| 1665 { \ |
| 1666 if (!ss->opt.noLocks) \ |
| 1667 PZ_ExitMonitor((ss)->recvBufLock); \ |
| 1668 } |
| 1669 #define ssl_HaveRecvBufLock(ss) \ |
1631 (PZ_InMonitor((ss)->recvBufLock)) | 1670 (PZ_InMonitor((ss)->recvBufLock)) |
1632 | 1671 |
1633 /* xmitBufLock -> specLock */ | 1672 /* xmitBufLock -> specLock */ |
1634 #define ssl_GetXmitBufLock(ss)» » \ | 1673 #define ssl_GetXmitBufLock(ss) \ |
1635 { if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->xmitBufLock); } | 1674 { \ |
1636 #define ssl_ReleaseXmitBufLock(ss)» \ | 1675 if (!ss->opt.noLocks) \ |
1637 { if (!ss->opt.noLocks) PZ_ExitMonitor( (ss)->xmitBufLock); } | 1676 PZ_EnterMonitor((ss)->xmitBufLock); \ |
1638 #define ssl_HaveXmitBufLock(ss)»» \ | 1677 } |
| 1678 #define ssl_ReleaseXmitBufLock(ss) \ |
| 1679 { \ |
| 1680 if (!ss->opt.noLocks) \ |
| 1681 PZ_ExitMonitor((ss)->xmitBufLock); \ |
| 1682 } |
| 1683 #define ssl_HaveXmitBufLock(ss) \ |
1639 (PZ_InMonitor((ss)->xmitBufLock)) | 1684 (PZ_InMonitor((ss)->xmitBufLock)) |
1640 | 1685 |
1641 /* Placeholder value used in version ranges when SSL 3.0 and all | 1686 /* Placeholder value used in version ranges when SSL 3.0 and all |
1642 * versions of TLS are disabled. | 1687 * versions of TLS are disabled. |
1643 */ | 1688 */ |
1644 #define SSL_LIBRARY_VERSION_NONE 0 | 1689 #define SSL_LIBRARY_VERSION_NONE 0 |
1645 | 1690 |
1646 /* SSL_LIBRARY_VERSION_MAX_SUPPORTED is the maximum version that this version | 1691 /* SSL_LIBRARY_VERSION_MAX_SUPPORTED is the maximum version that this version |
1647 * of libssl supports. Applications should use SSL_VersionRangeGetSupported at | 1692 * of libssl supports. Applications should use SSL_VersionRangeGetSupported at |
1648 * runtime to determine which versions are supported by the version of libssl | 1693 * runtime to determine which versions are supported by the version of libssl |
1649 * in use. | 1694 * in use. |
1650 */ | 1695 */ |
1651 #ifdef NSS_ENABLE_TLS_1_3 | 1696 #ifdef NSS_ENABLE_TLS_1_3 |
1652 #define SSL_LIBRARY_VERSION_MAX_SUPPORTED SSL_LIBRARY_VERSION_TLS_1_3 | 1697 #define SSL_LIBRARY_VERSION_MAX_SUPPORTED SSL_LIBRARY_VERSION_TLS_1_3 |
1653 #else | 1698 #else |
1654 #define SSL_LIBRARY_VERSION_MAX_SUPPORTED SSL_LIBRARY_VERSION_TLS_1_2 | 1699 #define SSL_LIBRARY_VERSION_MAX_SUPPORTED SSL_LIBRARY_VERSION_TLS_1_2 |
1655 #endif | 1700 #endif |
1656 | 1701 |
1657 /* Rename this macro SSL_ALL_VERSIONS_DISABLED when SSL 2.0 is removed. */ | 1702 /* Rename this macro SSL_ALL_VERSIONS_DISABLED when SSL 2.0 is removed. */ |
1658 #define SSL3_ALL_VERSIONS_DISABLED(vrange) \ | 1703 #define SSL3_ALL_VERSIONS_DISABLED(vrange) \ |
1659 ((vrange)->min == SSL_LIBRARY_VERSION_NONE) | 1704 ((vrange)->min == SSL_LIBRARY_VERSION_NONE) |
1660 | 1705 |
1661 extern PRBool ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant, | 1706 extern PRBool ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant, |
1662 » » » » SSL3ProtocolVersion version); | 1707 SSL3ProtocolVersion version); |
1663 | 1708 |
1664 extern SECStatus ssl3_KeyAndMacDeriveBypass(ssl3CipherSpec * pwSpec, | 1709 extern SECStatus ssl3_KeyAndMacDeriveBypass(ssl3CipherSpec *pwSpec, |
1665 » » const unsigned char * cr, const unsigned char * sr, | 1710 const unsigned char *cr, const unsig
ned char *sr, |
1666 » » PRBool isTLS, PRBool isExport); | 1711 PRBool isTLS, PRBool isExport); |
1667 extern SECStatus ssl3_MasterSecretDeriveBypass( ssl3CipherSpec * pwSpec, | 1712 extern SECStatus ssl3_MasterSecretDeriveBypass(ssl3CipherSpec *pwSpec, |
1668 » » const unsigned char * cr, const unsigned char * sr, | 1713 const unsigned char *cr, const un
signed char *sr, |
1669 » » const SECItem * pms, PRBool isTLS, PRBool isRSA); | 1714 const SECItem *pms, PRBool isTLS,
PRBool isRSA); |
1670 | 1715 |
1671 /* These functions are called from secnav, even though they're "private". */ | 1716 /* These functions are called from secnav, even though they're "private". */ |
1672 | 1717 |
1673 extern int ssl2_SendErrorMessage(struct sslSocketStr *ss, int error); | 1718 extern int ssl2_SendErrorMessage(struct sslSocketStr *ss, int error); |
1674 extern sslSocket *ssl_FindSocket(PRFileDesc *fd); | 1719 extern sslSocket *ssl_FindSocket(PRFileDesc *fd); |
1675 extern void ssl_FreeSocket(struct sslSocketStr *ssl); | 1720 extern void ssl_FreeSocket(struct sslSocketStr *ssl); |
1676 extern SECStatus SSL3_SendAlert(sslSocket *ss, SSL3AlertLevel level, | 1721 extern SECStatus SSL3_SendAlert(sslSocket *ss, SSL3AlertLevel level, |
1677 » » » » SSL3AlertDescription desc); | 1722 SSL3AlertDescription desc); |
1678 extern SECStatus ssl3_DecodeError(sslSocket *ss); | 1723 extern SECStatus ssl3_DecodeError(sslSocket *ss); |
1679 | 1724 |
1680 extern SECStatus ssl3_RestartHandshakeAfterCertReq(sslSocket * ss, | 1725 extern SECStatus ssl3_RestartHandshakeAfterCertReq(struct sslSocketStr *ss, |
1681 » » » » » CERTCertificate * cert, | 1726 CERTCertificate *cert, |
1682 » » » » » SECKEYPrivateKey * key, | 1727 SECKEYPrivateKey *key, |
1683 » » » » » CERTCertificateList *certChain); | 1728 CERTCertificateList *certChai
n); |
1684 | 1729 |
1685 extern SECStatus ssl3_RestartHandshakeAfterChannelIDReq( | 1730 extern SECStatus ssl3_RestartHandshakeAfterChannelIDReq( |
1686 sslSocket *ss, | 1731 sslSocket *ss, |
1687 SECKEYPublicKey *channelIDPub, | 1732 SECKEYPublicKey *channelIDPub, |
1688 SECKEYPrivateKey *channelID); | 1733 SECKEYPrivateKey *channelID); |
1689 | 1734 |
1690 extern SECStatus ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error); | 1735 extern SECStatus ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error); |
1691 | 1736 |
1692 /* | 1737 /* |
1693 * for dealing with SSL 3.0 clients sending SSL 2.0 format hellos | 1738 * for dealing with SSL 3.0 clients sending SSL 2.0 format hellos |
(...skipping 10 matching lines...) Expand all Loading... |
1704 | 1749 |
1705 /* | 1750 /* |
1706 * input into the SSL3 machinery from the actualy network reading code | 1751 * input into the SSL3 machinery from the actualy network reading code |
1707 */ | 1752 */ |
1708 SECStatus ssl3_HandleRecord( | 1753 SECStatus ssl3_HandleRecord( |
1709 sslSocket *ss, SSL3Ciphertext *cipher, sslBuffer *out); | 1754 sslSocket *ss, SSL3Ciphertext *cipher, sslBuffer *out); |
1710 | 1755 |
1711 int ssl3_GatherAppDataRecord(sslSocket *ss, int flags); | 1756 int ssl3_GatherAppDataRecord(sslSocket *ss, int flags); |
1712 int ssl3_GatherCompleteHandshake(sslSocket *ss, int flags); | 1757 int ssl3_GatherCompleteHandshake(sslSocket *ss, int flags); |
1713 /* | 1758 /* |
1714 * When talking to export clients or using export cipher suites, servers | 1759 * When talking to export clients or using export cipher suites, servers |
1715 * with public RSA keys larger than 512 bits need to use a 512-bit public | 1760 * with public RSA keys larger than 512 bits need to use a 512-bit public |
1716 * key, signed by the larger key. The smaller key is a "step down" key. | 1761 * key, signed by the larger key. The smaller key is a "step down" key. |
1717 * Generate that key pair and keep it around. | 1762 * Generate that key pair and keep it around. |
1718 */ | 1763 */ |
1719 extern SECStatus ssl3_CreateRSAStepDownKeys(sslSocket *ss); | 1764 extern SECStatus ssl3_CreateRSAStepDownKeys(sslSocket *ss); |
1720 | 1765 |
1721 extern SECStatus ssl3_SelectDHParams(sslSocket *ss); | 1766 extern SECStatus ssl3_SelectDHParams(sslSocket *ss); |
1722 | 1767 |
1723 #ifndef NSS_DISABLE_ECC | 1768 #ifndef NSS_DISABLE_ECC |
1724 extern void ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss); | 1769 extern void ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss); |
1725 extern PRBool ssl3_IsECCEnabled(sslSocket *ss); | 1770 extern PRBool ssl3_IsECCEnabled(sslSocket *ss); |
1726 extern SECStatus ssl3_DisableECCSuites(sslSocket * ss, | 1771 extern SECStatus ssl3_DisableECCSuites(sslSocket *ss, |
1727 const ssl3CipherSuite * suite); | 1772 const ssl3CipherSuite *suite); |
1728 extern PRUint32 ssl3_GetSupportedECCurveMask(sslSocket *ss); | 1773 extern PRUint32 ssl3_GetSupportedECCurveMask(sslSocket *ss); |
1729 | |
1730 | 1774 |
1731 /* Macro for finding a curve equivalent in strength to RSA key's */ | 1775 /* Macro for finding a curve equivalent in strength to RSA key's */ |
1732 #define SSL_RSASTRENGTH_TO_ECSTRENGTH(s) \ | 1776 /* clang-format off */ |
1733 ((s <= 1024) ? 160 \ | 1777 #define SSL_RSASTRENGTH_TO_ECSTRENGTH(s) \ |
1734 » : ((s <= 2048) ? 224 \ | 1778 ((s <= 1024) ? 160 \ |
1735 » : ((s <= 3072) ? 256 \ | 1779 : ((s <= 2048) ? 224 \ |
1736 » : ((s <= 7168) ? 384 : 521 ) ) ) ) | 1780 : ((s <= 3072) ? 256 \ |
| 1781 : ((s <= 7168) ? 384 \ |
| 1782 : 521 ) ) ) ) |
| 1783 /* clang-format on */ |
1737 | 1784 |
1738 /* Types and names of elliptic curves used in TLS */ | 1785 /* Types and names of elliptic curves used in TLS */ |
1739 typedef enum { ec_type_explicitPrime = 1, | 1786 typedef enum { ec_type_explicitPrime = 1, |
1740 » ec_type_explicitChar2Curve = 2, | 1787 ec_type_explicitChar2Curve = 2, |
1741 » ec_type_named | 1788 ec_type_named |
1742 } ECType; | 1789 } ECType; |
1743 | 1790 |
1744 typedef enum { ec_noName = 0, | 1791 typedef enum { ec_noName = 0, |
1745 » ec_sect163k1 = 1, | 1792 ec_sect163k1 = 1, |
1746 » ec_sect163r1 = 2, | 1793 ec_sect163r1 = 2, |
1747 » ec_sect163r2 = 3, | 1794 ec_sect163r2 = 3, |
1748 » ec_sect193r1 = 4, | 1795 ec_sect193r1 = 4, |
1749 » ec_sect193r2 = 5, | 1796 ec_sect193r2 = 5, |
1750 » ec_sect233k1 = 6, | 1797 ec_sect233k1 = 6, |
1751 » ec_sect233r1 = 7, | 1798 ec_sect233r1 = 7, |
1752 » ec_sect239k1 = 8, | 1799 ec_sect239k1 = 8, |
1753 » ec_sect283k1 = 9, | 1800 ec_sect283k1 = 9, |
1754 » ec_sect283r1 = 10, | 1801 ec_sect283r1 = 10, |
1755 » ec_sect409k1 = 11, | 1802 ec_sect409k1 = 11, |
1756 » ec_sect409r1 = 12, | 1803 ec_sect409r1 = 12, |
1757 » ec_sect571k1 = 13, | 1804 ec_sect571k1 = 13, |
1758 » ec_sect571r1 = 14, | 1805 ec_sect571r1 = 14, |
1759 » ec_secp160k1 = 15, | 1806 ec_secp160k1 = 15, |
1760 » ec_secp160r1 = 16, | 1807 ec_secp160r1 = 16, |
1761 » ec_secp160r2 = 17, | 1808 ec_secp160r2 = 17, |
1762 » ec_secp192k1 = 18, | 1809 ec_secp192k1 = 18, |
1763 » ec_secp192r1 = 19, | 1810 ec_secp192r1 = 19, |
1764 » ec_secp224k1 = 20, | 1811 ec_secp224k1 = 20, |
1765 » ec_secp224r1 = 21, | 1812 ec_secp224r1 = 21, |
1766 » ec_secp256k1 = 22, | 1813 ec_secp256k1 = 22, |
1767 » ec_secp256r1 = 23, | 1814 ec_secp256r1 = 23, |
1768 » ec_secp384r1 = 24, | 1815 ec_secp384r1 = 24, |
1769 » ec_secp521r1 = 25, | 1816 ec_secp521r1 = 25, |
1770 » ec_pastLastName | 1817 ec_pastLastName |
1771 } ECName; | 1818 } ECName; |
1772 | 1819 |
1773 extern SECStatus ssl3_ECName2Params(PLArenaPool *arena, ECName curve, | 1820 extern SECStatus ssl3_ECName2Params(PLArenaPool *arena, ECName curve, |
1774 » » » » SECKEYECParams *params); | 1821 SECKEYECParams *params); |
1775 ECName» ssl3_GetCurveWithECKeyStrength(PRUint32 curvemsk, int requiredECCbits); | 1822 ECName ssl3_PubKey2ECName(SECKEYPublicKey *pubKey); |
1776 | 1823 |
| 1824 ECName ssl3_GetCurveWithECKeyStrength(PRUint32 curvemsk, int requiredECCbits); |
| 1825 ECName ssl3_GetCurveNameForServerSocket(sslSocket *ss); |
1777 | 1826 |
1778 #endif /* NSS_DISABLE_ECC */ | 1827 #endif /* NSS_DISABLE_ECC */ |
1779 | 1828 |
1780 extern SECStatus ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool on); | 1829 extern SECStatus ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool on); |
1781 extern SECStatus ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *on); | 1830 extern SECStatus ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *on); |
1782 extern SECStatus ssl2_CipherPrefSetDefault(PRInt32 which, PRBool enabled); | 1831 extern SECStatus ssl2_CipherPrefSetDefault(PRInt32 which, PRBool enabled); |
1783 extern SECStatus ssl2_CipherPrefGetDefault(PRInt32 which, PRBool *enabled); | 1832 extern SECStatus ssl2_CipherPrefGetDefault(PRInt32 which, PRBool *enabled); |
1784 | 1833 |
1785 extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool
on); | 1834 extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool
on); |
1786 extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool
*on); | 1835 extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool
*on); |
1787 extern SECStatus ssl2_CipherPrefSet(sslSocket *ss, PRInt32 which, PRBool enabled
); | 1836 extern SECStatus ssl2_CipherPrefSet(sslSocket *ss, PRInt32 which, PRBool enabled
); |
1788 extern SECStatus ssl2_CipherPrefGet(sslSocket *ss, PRInt32 which, PRBool *enable
d); | 1837 extern SECStatus ssl2_CipherPrefGet(sslSocket *ss, PRInt32 which, PRBool *enable
d); |
1789 extern SECStatus ssl3_CipherOrderSet(sslSocket *ss, const ssl3CipherSuite *ciphe
r, | 1838 extern SECStatus ssl3_CipherOrderSet(sslSocket *ss, const ssl3CipherSuite *ciphe
r, |
1790 » » » » unsigned int len); | 1839 unsigned int len); |
1791 | 1840 |
1792 extern SECStatus ssl3_SetPolicy(ssl3CipherSuite which, PRInt32 policy); | 1841 extern SECStatus ssl3_SetPolicy(ssl3CipherSuite which, PRInt32 policy); |
1793 extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy); | 1842 extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy); |
1794 extern SECStatus ssl2_SetPolicy(PRInt32 which, PRInt32 policy); | 1843 extern SECStatus ssl2_SetPolicy(PRInt32 which, PRInt32 policy); |
1795 extern SECStatus ssl2_GetPolicy(PRInt32 which, PRInt32 *policy); | 1844 extern SECStatus ssl2_GetPolicy(PRInt32 which, PRInt32 *policy); |
1796 | 1845 |
1797 extern void ssl2_InitSocketPolicy(sslSocket *ss); | 1846 extern void ssl2_InitSocketPolicy(sslSocket *ss); |
1798 extern void ssl3_InitSocketPolicy(sslSocket *ss); | 1847 extern void ssl3_InitSocketPolicy(sslSocket *ss); |
1799 | 1848 |
1800 extern SECStatus ssl3_ConstructV2CipherSpecsHack(sslSocket *ss, | 1849 extern SECStatus ssl3_ConstructV2CipherSpecsHack(sslSocket *ss, |
1801 » » » » » » unsigned char *cs, int *size); | 1850 unsigned char *cs, int *size); |
1802 | 1851 |
1803 extern SECStatus ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache); | 1852 extern SECStatus ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache); |
1804 extern SECStatus ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, | 1853 extern SECStatus ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, |
1805 » » » » » PRUint32 length); | 1854 PRUint32 length); |
1806 | 1855 |
1807 extern void ssl3_DestroySSL3Info(sslSocket *ss); | 1856 extern void ssl3_DestroySSL3Info(sslSocket *ss); |
1808 | 1857 |
1809 extern SECStatus ssl3_NegotiateVersion(sslSocket *ss, | 1858 extern SECStatus ssl3_NegotiateVersion(sslSocket *ss, |
1810 » » » » SSL3ProtocolVersion peerVersion, | 1859 SSL3ProtocolVersion peerVersion, |
1811 » » » » PRBool allowLargerPeerVersion); | 1860 PRBool allowLargerPeerVersion); |
1812 | 1861 |
1813 extern SECStatus ssl_GetPeerInfo(sslSocket *ss); | 1862 extern SECStatus ssl_GetPeerInfo(sslSocket *ss); |
1814 | 1863 |
1815 #ifndef NSS_DISABLE_ECC | 1864 #ifndef NSS_DISABLE_ECC |
1816 /* ECDH functions */ | 1865 /* ECDH functions */ |
1817 extern SECStatus ssl3_SendECDHClientKeyExchange(sslSocket * ss, | 1866 extern SECStatus ssl3_SendECDHClientKeyExchange(sslSocket *ss, |
1818 » » » SECKEYPublicKey * svrPubKey); | 1867 SECKEYPublicKey *svrPubKey); |
1819 extern SECStatus ssl3_HandleECDHServerKeyExchange(sslSocket *ss, | 1868 extern SECStatus ssl3_HandleECDHServerKeyExchange(sslSocket *ss, |
1820 » » » » » SSL3Opaque *b, PRUint32 length); | 1869 SSL3Opaque *b, PRUint32 length
); |
1821 extern SECStatus ssl3_HandleECDHClientKeyExchange(sslSocket *ss, | 1870 extern SECStatus ssl3_HandleECDHClientKeyExchange(sslSocket *ss, |
1822 » » » » SSL3Opaque *b, PRUint32 length, | 1871 SSL3Opaque *b, PRUint32 length
, |
1823 SECKEYPublicKey *srvrPubKey, | 1872 SECKEYPublicKey *srvrPubKey, |
1824 SECKEYPrivateKey *srvrPrivKey); | 1873 SECKEYPrivateKey *srvrPrivKey)
; |
1825 extern SECStatus ssl3_SendECDHServerKeyExchange( | 1874 extern SECStatus ssl3_SendECDHServerKeyExchange( |
1826 sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash); | 1875 sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash); |
| 1876 SECKEYPublicKey *tls13_ImportECDHKeyShare( |
| 1877 sslSocket *ss, SSL3Opaque *b, PRUint32 length, ECName curve); |
| 1878 ECName tls13_GroupForECDHEKeyShare(ssl3KeyPair *pair); |
| 1879 unsigned int tls13_SizeOfECDHEKeyShareKEX(ssl3KeyPair *pair); |
| 1880 SECStatus tls13_EncodeECDHEKeyShareKEX(sslSocket *ss, ssl3KeyPair *pair); |
1827 #endif | 1881 #endif |
1828 | 1882 |
1829 extern SECStatus ssl3_ComputeCommonKeyHash(SSLHashType hashAlg, | 1883 extern SECStatus ssl3_ComputeCommonKeyHash(SSLHashType hashAlg, |
1830 » » » » PRUint8 * hashBuf, | 1884 PRUint8 *hashBuf, |
1831 » » » » unsigned int bufLen, SSL3Hashes *hashes, | 1885 unsigned int bufLen, SSL3Hashes *hash
es, |
1832 » » » » PRBool bypassPKCS11); | 1886 PRBool bypassPKCS11); |
1833 extern void ssl3_DestroyCipherSpec(ssl3CipherSpec *spec, PRBool freeSrvName); | 1887 extern void ssl3_DestroyCipherSpec(ssl3CipherSpec *spec, PRBool freeSrvName); |
1834 extern SECStatus ssl3_InitPendingCipherSpec(sslSocket *ss, PK11SymKey *pms); | 1888 extern SECStatus ssl3_InitPendingCipherSpec(sslSocket *ss, PK11SymKey *pms); |
1835 extern SECStatus ssl3_AppendHandshake(sslSocket *ss, const void *void_src, | 1889 extern SECStatus ssl3_AppendHandshake(sslSocket *ss, const void *void_src, |
1836 » » » PRInt32 bytes); | 1890 PRInt32 bytes); |
1837 extern SECStatus ssl3_AppendHandshakeHeader(sslSocket *ss, | 1891 extern SECStatus ssl3_AppendHandshakeHeader(sslSocket *ss, |
1838 » » » SSL3HandshakeType t, PRUint32 length); | 1892 SSL3HandshakeType t, PRUint32 length
); |
1839 extern SECStatus ssl3_AppendHandshakeNumber(sslSocket *ss, PRInt32 num, | 1893 extern SECStatus ssl3_AppendHandshakeNumber(sslSocket *ss, PRInt32 num, |
1840 » » » PRInt32 lenSize); | 1894 PRInt32 lenSize); |
1841 extern SECStatus ssl3_AppendHandshakeVariable( sslSocket *ss, | 1895 extern SECStatus ssl3_AppendHandshakeVariable(sslSocket *ss, |
1842 » » » const SSL3Opaque *src, PRInt32 bytes, PRInt32 lenSize); | 1896 const SSL3Opaque *src, PRInt32 byt
es, PRInt32 lenSize); |
1843 extern SECStatus ssl3_AppendSignatureAndHashAlgorithm( | 1897 extern SECStatus ssl3_AppendSignatureAndHashAlgorithm( |
1844 sslSocket *ss, const SSLSignatureAndHashAlg* sigAndHash); | 1898 sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash); |
1845 extern SECStatus ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRInt32 bytes, | 1899 extern SECStatus ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRInt32 bytes, |
1846 » » » SSL3Opaque **b, PRUint32 *length); | 1900 SSL3Opaque **b, PRUint32 *length); |
1847 extern PRInt32 ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRInt32 bytes, | 1901 extern PRInt32 ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRInt32 bytes, |
1848 » » » SSL3Opaque **b, PRUint32 *length); | 1902 SSL3Opaque **b, PRUint32 *length); |
1849 extern SECStatus ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i, | 1903 extern SECStatus ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i, |
1850 » » » PRInt32 bytes, SSL3Opaque **b, PRUint32 *length); | 1904 PRInt32 bytes, SSL3Opaque **b, PR
Uint32 *length); |
1851 extern PRBool ssl3_IsSupportedSignatureAlgorithm( | 1905 extern PRBool ssl3_IsSupportedSignatureAlgorithm( |
1852 const SSLSignatureAndHashAlg *alg); | 1906 const SSLSignatureAndHashAlg *alg); |
1853 extern SECStatus ssl3_CheckSignatureAndHashAlgorithmConsistency( | 1907 extern SECStatus ssl3_CheckSignatureAndHashAlgorithmConsistency( |
1854 sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash, | 1908 sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash, |
1855 CERTCertificate* cert); | 1909 CERTCertificate *cert); |
1856 extern SECStatus ssl3_ConsumeSignatureAndHashAlgorithm( | 1910 extern SECStatus ssl3_ConsumeSignatureAndHashAlgorithm( |
1857 sslSocket *ss, SSL3Opaque **b, PRUint32 *length, | 1911 sslSocket *ss, SSL3Opaque **b, PRUint32 *length, |
1858 SSLSignatureAndHashAlg *out); | 1912 SSLSignatureAndHashAlg *out); |
1859 extern SECStatus ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, | 1913 extern SECStatus ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, |
1860 » » » SECItem *buf, PRBool isTLS); | 1914 SECItem *buf, PRBool isTLS); |
1861 extern SECStatus ssl3_VerifySignedHashes(SSL3Hashes *hash, | 1915 extern SECStatus ssl3_VerifySignedHashes(SSL3Hashes *hash, |
1862 » » » CERTCertificate *cert, SECItem *buf, PRBool isTLS, | 1916 CERTCertificate *cert, SECItem *buf, PR
Bool isTLS, |
1863 » » » void *pwArg); | 1917 void *pwArg); |
1864 extern SECStatus ssl3_CacheWrappedMasterSecret(sslSocket *ss, | 1918 extern SECStatus ssl3_CacheWrappedMasterSecret(sslSocket *ss, |
1865 » » » sslSessionID *sid, ssl3CipherSpec *spec, | 1919 sslSessionID *sid, ssl3CipherSpec
*spec, |
1866 » » » SSL3KEAType effectiveExchKeyType); | 1920 SSL3KEAType effectiveExchKeyType)
; |
1867 | 1921 |
1868 /* Functions that handle ClientHello and ServerHello extensions. */ | 1922 /* Functions that handle ClientHello and ServerHello extensions. */ |
1869 extern SECStatus ssl3_HandleServerNameXtn(sslSocket * ss, | 1923 extern SECStatus ssl3_HandleServerNameXtn(sslSocket *ss, |
1870 » » » PRUint16 ex_type, SECItem *data); | 1924 PRUint16 ex_type, SECItem *data); |
1871 extern SECStatus ssl3_HandleSupportedCurvesXtn(sslSocket * ss, | 1925 extern SECStatus ssl3_HandleSupportedCurvesXtn(sslSocket *ss, |
1872 » » » PRUint16 ex_type, SECItem *data); | 1926 PRUint16 ex_type, SECItem *data); |
1873 extern SECStatus ssl3_HandleSupportedPointFormatsXtn(sslSocket * ss, | 1927 extern SECStatus ssl3_HandleSupportedPointFormatsXtn(sslSocket *ss, |
1874 » » » PRUint16 ex_type, SECItem *data); | 1928 PRUint16 ex_type, SECItem *
data); |
1875 extern SECStatus ssl3_ClientHandleSessionTicketXtn(sslSocket *ss, | 1929 extern SECStatus ssl3_ClientHandleSessionTicketXtn(sslSocket *ss, |
1876 » » » PRUint16 ex_type, SECItem *data); | 1930 PRUint16 ex_type, SECItem *da
ta); |
1877 extern SECStatus ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, | 1931 extern SECStatus ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, |
1878 » » » PRUint16 ex_type, SECItem *data); | 1932 PRUint16 ex_type, SECItem *da
ta); |
1879 | 1933 |
1880 /* ClientHello and ServerHello extension senders. | 1934 /* ClientHello and ServerHello extension senders. |
1881 * Note that not all extension senders are exposed here; only those that | 1935 * Note that not all extension senders are exposed here; only those that |
1882 * that need exposure. | 1936 * that need exposure. |
1883 */ | 1937 */ |
1884 extern PRInt32 ssl3_SendSessionTicketXtn(sslSocket *ss, PRBool append, | 1938 extern PRInt32 ssl3_SendSessionTicketXtn(sslSocket *ss, PRBool append, |
1885 » » » PRUint32 maxBytes); | 1939 PRUint32 maxBytes); |
1886 | 1940 |
1887 /* ClientHello and ServerHello extension senders. | 1941 /* ClientHello and ServerHello extension senders. |
1888 * The code is in ssl3ext.c. | 1942 * The code is in ssl3ext.c. |
1889 */ | 1943 */ |
1890 extern PRInt32 ssl3_SendServerNameXtn(sslSocket *ss, PRBool append, | 1944 extern PRInt32 ssl3_SendServerNameXtn(sslSocket *ss, PRBool append, |
1891 PRUint32 maxBytes); | 1945 PRUint32 maxBytes); |
1892 | 1946 |
1893 /* Assigns new cert, cert chain and keys to ss->serverCerts | 1947 /* Assigns new cert, cert chain and keys to ss->serverCerts |
1894 * struct. If certChain is NULL, tries to find one. Aborts if | 1948 * struct. If certChain is NULL, tries to find one. Aborts if |
1895 * fails to do so. If cert and keyPair are NULL - unconfigures | 1949 * fails to do so. If cert and keyPair are NULL - unconfigures |
1896 * sslSocket of kea type.*/ | 1950 * sslSocket of kea type.*/ |
1897 extern SECStatus ssl_ConfigSecureServer(sslSocket *ss, CERTCertificate *cert, | 1951 extern SECStatus ssl_ConfigSecureServer(sslSocket *ss, CERTCertificate *cert, |
1898 const CERTCertificateList *certChain, | 1952 const CERTCertificateList *certChain, |
1899 ssl3KeyPair *keyPair, SSLKEAType kea); | 1953 ssl3KeyPair *keyPair, SSLKEAType kea); |
1900 | 1954 |
1901 #ifndef NSS_DISABLE_ECC | 1955 #ifndef NSS_DISABLE_ECC |
1902 extern PRInt32 ssl3_SendSupportedCurvesXtn(sslSocket *ss, | 1956 extern PRInt32 ssl3_SendSupportedCurvesXtn(sslSocket *ss, |
1903 » » » PRBool append, PRUint32 maxBytes); | 1957 PRBool append, PRUint32 maxBytes); |
1904 extern PRInt32 ssl3_SendSupportedPointFormatsXtn(sslSocket *ss, | 1958 extern PRInt32 ssl3_SendSupportedPointFormatsXtn(sslSocket *ss, |
1905 » » » PRBool append, PRUint32 maxBytes); | 1959 PRBool append, PRUint32 maxByte
s); |
1906 #endif | 1960 #endif |
1907 | 1961 |
1908 /* call the registered extension handlers. */ | 1962 /* call the registered extension handlers. */ |
1909 extern SECStatus ssl3_HandleHelloExtensions(sslSocket *ss, | 1963 extern SECStatus ssl3_HandleHelloExtensions(sslSocket *ss, |
1910 » » » SSL3Opaque **b, PRUint32 *length); | 1964 SSL3Opaque **b, PRUint32 *length, |
| 1965 SSL3HandshakeType handshakeMessage); |
1911 | 1966 |
1912 /* Hello Extension related routines. */ | 1967 /* Hello Extension related routines. */ |
1913 extern PRBool ssl3_ExtensionNegotiated(sslSocket *ss, PRUint16 ex_type); | 1968 extern PRBool ssl3_ExtensionNegotiated(sslSocket *ss, PRUint16 ex_type); |
1914 extern void ssl3_SetSIDSessionTicket(sslSessionID *sid, | 1969 extern void ssl3_SetSIDSessionTicket(sslSessionID *sid, |
1915 » » » /*in/out*/ NewSessionTicket *session_ticket); | 1970 /*in/out*/ NewSessionTicket *session_ticket
); |
1916 extern SECStatus ssl3_SendNewSessionTicket(sslSocket *ss); | 1971 extern SECStatus ssl3_SendNewSessionTicket(sslSocket *ss); |
1917 extern PRBool ssl_GetSessionTicketKeys(unsigned char *keyName, | 1972 extern PRBool ssl_GetSessionTicketKeys(unsigned char *keyName, |
1918 » » » unsigned char *encKey, unsigned char *macKey); | 1973 unsigned char *encKey, unsigned char *mac
Key); |
1919 extern PRBool ssl_GetSessionTicketKeysPKCS11(SECKEYPrivateKey *svrPrivKey, | 1974 extern PRBool ssl_GetSessionTicketKeysPKCS11(SECKEYPrivateKey *svrPrivKey, |
1920 » » » SECKEYPublicKey *svrPubKey, void *pwArg, | 1975 SECKEYPublicKey *svrPubKey, void *p
wArg, |
1921 » » » unsigned char *keyName, PK11SymKey **aesKey, | 1976 unsigned char *keyName, PK11SymKey
**aesKey, |
1922 » » » PK11SymKey **macKey); | 1977 PK11SymKey **macKey); |
1923 | 1978 |
1924 /* Tell clients to consider tickets valid for this long. */ | 1979 /* Tell clients to consider tickets valid for this long. */ |
1925 #define TLS_EX_SESS_TICKET_LIFETIME_HINT (2 * 24 * 60 * 60) /* 2 days */ | 1980 #define TLS_EX_SESS_TICKET_LIFETIME_HINT (2 * 24 * 60 * 60) /* 2 days */ |
1926 #define TLS_EX_SESS_TICKET_VERSION (0x0101) | 1981 #define TLS_EX_SESS_TICKET_VERSION (0x0101) |
1927 | 1982 |
1928 extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char* data, | 1983 extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char *data, |
1929 » » » » » unsigned int length); | 1984 unsigned int length); |
1930 | 1985 |
1931 extern SECStatus ssl3_GetTLSUniqueChannelBinding(sslSocket *ss, | 1986 extern SECStatus ssl3_GetTLSUniqueChannelBinding(sslSocket *ss, |
1932 » » » » » » unsigned char *out, | 1987 unsigned char *out, |
1933 » » » » » » unsigned int *outLen, | 1988 unsigned int *outLen, |
1934 » » » » » » unsigned int outLenMax); | 1989 unsigned int outLenMax); |
1935 | 1990 |
1936 /* Construct a new NSPR socket for the app to use */ | 1991 /* Construct a new NSPR socket for the app to use */ |
1937 extern PRFileDesc *ssl_NewPRSocket(sslSocket *ss, PRFileDesc *fd); | 1992 extern PRFileDesc *ssl_NewPRSocket(sslSocket *ss, PRFileDesc *fd); |
1938 extern void ssl_FreePRSocket(PRFileDesc *fd); | 1993 extern void ssl_FreePRSocket(PRFileDesc *fd); |
1939 | 1994 |
1940 /* Internal config function so SSL3 can initialize the present state of | 1995 /* Internal config function so SSL3 can initialize the present state of |
1941 * various ciphers */ | 1996 * various ciphers */ |
1942 extern int ssl3_config_match_init(sslSocket *); | 1997 extern int ssl3_config_match_init(sslSocket *); |
1943 | 1998 |
1944 | |
1945 /* Create a new ref counted key pair object from two keys. */ | 1999 /* Create a new ref counted key pair object from two keys. */ |
1946 extern ssl3KeyPair * ssl3_NewKeyPair( SECKEYPrivateKey * privKey, | 2000 extern ssl3KeyPair *ssl3_NewKeyPair(SECKEYPrivateKey *privKey, |
1947 SECKEYPublicKey * pubKey); | 2001 SECKEYPublicKey *pubKey); |
1948 | 2002 |
1949 /* get a new reference (bump ref count) to an ssl3KeyPair. */ | 2003 /* get a new reference (bump ref count) to an ssl3KeyPair. */ |
1950 extern ssl3KeyPair * ssl3_GetKeyPairRef(ssl3KeyPair * keyPair); | 2004 extern ssl3KeyPair *ssl3_GetKeyPairRef(ssl3KeyPair *keyPair); |
1951 | 2005 |
1952 /* Decrement keypair's ref count and free if zero. */ | 2006 /* Decrement keypair's ref count and free if zero. */ |
1953 extern void ssl3_FreeKeyPair(ssl3KeyPair * keyPair); | 2007 extern void ssl3_FreeKeyPair(ssl3KeyPair *keyPair); |
1954 | 2008 |
1955 /* calls for accessing wrapping keys across processes. */ | 2009 /* calls for accessing wrapping keys across processes. */ |
1956 extern PRBool | 2010 extern PRBool |
1957 ssl_GetWrappingKey( PRInt32 symWrapMechIndex, | 2011 ssl_GetWrappingKey(PRInt32 symWrapMechIndex, |
1958 SSL3KEAType exchKeyType, | 2012 SSL3KEAType exchKeyType, |
1959 » » SSLWrappedSymWrappingKey *wswk); | 2013 SSLWrappedSymWrappingKey *wswk); |
1960 | 2014 |
1961 /* The caller passes in the new value it wants | 2015 /* The caller passes in the new value it wants |
1962 * to set. This code tests the wrapped sym key entry in the file on disk. | 2016 * to set. This code tests the wrapped sym key entry in the file on disk. |
1963 * If it is uninitialized, this function writes the caller's value into | 2017 * If it is uninitialized, this function writes the caller's value into |
1964 * the disk entry, and returns false. | 2018 * the disk entry, and returns false. |
1965 * Otherwise, it overwrites the caller's wswk with the value obtained from | 2019 * Otherwise, it overwrites the caller's wswk with the value obtained from |
1966 * the disk, and returns PR_TRUE. | 2020 * the disk, and returns PR_TRUE. |
1967 * This is all done while holding the locks/semaphores necessary to make | 2021 * This is all done while holding the locks/semaphores necessary to make |
1968 * the operation atomic. | 2022 * the operation atomic. |
1969 */ | 2023 */ |
1970 extern PRBool | 2024 extern PRBool |
1971 ssl_SetWrappingKey(SSLWrappedSymWrappingKey *wswk); | 2025 ssl_SetWrappingKey(SSLWrappedSymWrappingKey *wswk); |
1972 | 2026 |
1973 /* get rid of the symmetric wrapping key references. */ | 2027 /* get rid of the symmetric wrapping key references. */ |
1974 extern SECStatus SSL3_ShutdownServerCache(void); | 2028 extern SECStatus SSL3_ShutdownServerCache(void); |
1975 | 2029 |
1976 extern SECStatus ssl_InitSymWrapKeysLock(void); | 2030 extern SECStatus ssl_InitSymWrapKeysLock(void); |
1977 | 2031 |
1978 extern SECStatus ssl_FreeSymWrapKeysLock(void); | 2032 extern SECStatus ssl_FreeSymWrapKeysLock(void); |
1979 | 2033 |
1980 extern SECStatus ssl_InitSessionCacheLocks(void); | 2034 extern SECStatus ssl_InitSessionCacheLocks(void); |
1981 | 2035 |
1982 /***************** platform client auth ****************/ | |
1983 | |
1984 #ifdef NSS_PLATFORM_CLIENT_AUTH | |
1985 // Releases the platform key. | |
1986 extern void ssl_FreePlatformKey(PlatformKey key); | |
1987 | |
1988 // Implement the client CertificateVerify message for SSL3/TLS1.0 | |
1989 extern SECStatus ssl3_PlatformSignHashes(SSL3Hashes *hash, | |
1990 PlatformKey key, SECItem *buf, | |
1991 PRBool isTLS, KeyType keyType); | |
1992 | |
1993 // Converts a CERTCertList* (A collection of CERTCertificates) into a | |
1994 // CERTCertificateList* (A collection of SECItems), or returns NULL if | |
1995 // it cannot be converted. | |
1996 // This is to allow the platform-supplied chain to be created with purely | |
1997 // public API functions, using the preferred CERTCertList mutators, rather | |
1998 // pushing this hack to clients. | |
1999 extern CERTCertificateList* hack_NewCertificateListFromCertList( | |
2000 CERTCertList* list); | |
2001 #endif /* NSS_PLATFORM_CLIENT_AUTH */ | |
2002 | |
2003 /**************** DTLS-specific functions **************/ | 2036 /**************** DTLS-specific functions **************/ |
2004 extern void dtls_FreeQueuedMessage(DTLSQueuedMessage *msg); | 2037 extern void dtls_FreeQueuedMessage(DTLSQueuedMessage *msg); |
2005 extern void dtls_FreeQueuedMessages(PRCList *lst); | 2038 extern void dtls_FreeQueuedMessages(PRCList *lst); |
2006 extern void dtls_FreeHandshakeMessages(PRCList *lst); | 2039 extern void dtls_FreeHandshakeMessages(PRCList *lst); |
2007 | 2040 |
2008 extern SECStatus dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf); | 2041 extern SECStatus dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf); |
2009 extern SECStatus dtls_HandleHelloVerifyRequest(sslSocket *ss, | 2042 extern SECStatus dtls_HandleHelloVerifyRequest(sslSocket *ss, |
2010 » » » » » SSL3Opaque *b, PRUint32 length); | 2043 SSL3Opaque *b, PRUint32 length); |
2011 extern SECStatus dtls_StageHandshakeMessage(sslSocket *ss); | 2044 extern SECStatus dtls_StageHandshakeMessage(sslSocket *ss); |
2012 extern SECStatus dtls_QueueMessage(sslSocket *ss, SSL3ContentType type, | 2045 extern SECStatus dtls_QueueMessage(sslSocket *ss, SSL3ContentType type, |
2013 » » » » const SSL3Opaque *pIn, PRInt32 nIn); | 2046 const SSL3Opaque *pIn, PRInt32 nIn); |
2014 extern SECStatus dtls_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags); | 2047 extern SECStatus dtls_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags); |
2015 extern SECStatus dtls_CompressMACEncryptRecord(sslSocket *ss, | 2048 extern SECStatus dtls_CompressMACEncryptRecord(sslSocket *ss, |
2016 » » » » » DTLSEpoch epoch, | 2049 DTLSEpoch epoch, |
2017 » » » » » PRBool use_epoch, | 2050 PRBool use_epoch, |
2018 » » » » » SSL3ContentType type, | 2051 SSL3ContentType type, |
2019 » » » » » const SSL3Opaque *pIn, | 2052 const SSL3Opaque *pIn, |
2020 » » » » » PRUint32 contentLen, | 2053 PRUint32 contentLen, |
2021 » » » » » sslBuffer *wrBuf); | 2054 sslBuffer *wrBuf); |
2022 SECStatus ssl3_DisableNonDTLSSuites(sslSocket * ss); | 2055 SECStatus ssl3_DisableNonDTLSSuites(sslSocket *ss); |
2023 extern SECStatus dtls_StartTimer(sslSocket *ss, DTLSTimerCb cb); | 2056 extern SECStatus dtls_StartTimer(sslSocket *ss, DTLSTimerCb cb); |
2024 extern SECStatus dtls_RestartTimer(sslSocket *ss, PRBool backoff, | 2057 extern SECStatus dtls_RestartTimer(sslSocket *ss, PRBool backoff, |
2025 » » » » DTLSTimerCb cb); | 2058 DTLSTimerCb cb); |
2026 extern void dtls_CheckTimer(sslSocket *ss); | 2059 extern void dtls_CheckTimer(sslSocket *ss); |
2027 extern void dtls_CancelTimer(sslSocket *ss); | 2060 extern void dtls_CancelTimer(sslSocket *ss); |
2028 extern void dtls_FinishedTimerCb(sslSocket *ss); | 2061 extern void dtls_FinishedTimerCb(sslSocket *ss); |
2029 extern void dtls_SetMTU(sslSocket *ss, PRUint16 advertised); | 2062 extern void dtls_SetMTU(sslSocket *ss, PRUint16 advertised); |
2030 extern void dtls_InitRecvdRecords(DTLSRecvdRecords *records); | 2063 extern void dtls_InitRecvdRecords(DTLSRecvdRecords *records); |
2031 extern int dtls_RecordGetRecvd(DTLSRecvdRecords *records, PRUint64 seq); | 2064 extern int dtls_RecordGetRecvd(const DTLSRecvdRecords *records, PRUint64 seq); |
2032 extern void dtls_RecordSetRecvd(DTLSRecvdRecords *records, PRUint64 seq); | 2065 extern void dtls_RecordSetRecvd(DTLSRecvdRecords *records, PRUint64 seq); |
2033 extern void dtls_RehandshakeCleanup(sslSocket *ss); | 2066 extern void dtls_RehandshakeCleanup(sslSocket *ss); |
2034 extern SSL3ProtocolVersion | 2067 extern SSL3ProtocolVersion |
2035 dtls_TLSVersionToDTLSVersion(SSL3ProtocolVersion tlsv); | 2068 dtls_TLSVersionToDTLSVersion(SSL3ProtocolVersion tlsv); |
2036 extern SSL3ProtocolVersion | 2069 extern SSL3ProtocolVersion |
2037 dtls_DTLSVersionToTLSVersion(SSL3ProtocolVersion dtlsv); | 2070 dtls_DTLSVersionToTLSVersion(SSL3ProtocolVersion dtlsv); |
| 2071 extern PRBool dtls_IsRelevant(sslSocket *ss, const ssl3CipherSpec *crSpec, |
| 2072 const SSL3Ciphertext *cText, PRUint64 *seqNum); |
| 2073 |
| 2074 CK_MECHANISM_TYPE ssl3_Alg2Mech(SSLCipherAlgorithm calg); |
| 2075 SECStatus ssl3_SetupPendingCipherSpec(sslSocket *ss); |
| 2076 SECStatus ssl3_FlushHandshake(sslSocket *ss, PRInt32 flags); |
| 2077 SECStatus ssl3_SendCertificate(sslSocket *ss); |
| 2078 SECStatus ssl3_CompleteHandleCertificate(sslSocket *ss, |
| 2079 SSL3Opaque *b, PRUint32 length); |
| 2080 SECStatus ssl3_SendEmptyCertificate(sslSocket *ss); |
| 2081 SECStatus ssl3_SendCertificateStatus(sslSocket *ss); |
| 2082 SECStatus ssl3_CompleteHandleCertificateStatus(sslSocket *ss, SSL3Opaque *b, |
| 2083 PRUint32 length); |
| 2084 SECStatus ssl3_EncodeCertificateRequestSigAlgs(sslSocket *ss, PRUint8 *buf, |
| 2085 unsigned maxLen, PRUint32 *len); |
| 2086 void ssl3_GetCertificateRequestCAs(sslSocket *ss, int *calenp, SECItem **namesp, |
| 2087 int *nnamesp); |
| 2088 SECStatus ssl3_ParseCertificateRequestCAs(sslSocket *ss, SSL3Opaque **b, |
| 2089 PRUint32 *length, PLArenaPool *arena, |
| 2090 CERTDistNames *ca_list); |
| 2091 SECStatus ssl3_CompleteHandleCertificateRequest(sslSocket *ss, |
| 2092 SECItem *algorithms, |
| 2093 CERTDistNames *ca_list); |
| 2094 SECStatus ssl3_SendCertificateVerify(sslSocket *ss, |
| 2095 SECKEYPrivateKey *privKey); |
| 2096 SECStatus ssl3_SendServerHello(sslSocket *ss); |
| 2097 SECOidTag ssl3_TLSHashAlgorithmToOID(SSLHashType hashFunc); |
| 2098 SECStatus ssl3_ComputeHandshakeHashes(sslSocket *ss, |
| 2099 ssl3CipherSpec *spec, |
| 2100 SSL3Hashes *hashes, |
| 2101 PRUint32 sender); |
| 2102 void ssl3_BumpSequenceNumber(SSL3SequenceNumber *num); |
| 2103 PRInt32 tls13_ServerSendKeyShareXtn(sslSocket *ss, PRBool append, |
| 2104 PRUint32 maxBytes); |
| 2105 #ifndef NSS_DISABLE_ECC |
| 2106 SECStatus ssl3_CreateECDHEphemeralKeyPair(ECName ec_curve, |
| 2107 ssl3KeyPair **keyPair); |
| 2108 PK11SymKey *tls13_ComputeECDHSharedKey(sslSocket *ss, |
| 2109 SECKEYPrivateKey *myPrivKey, |
| 2110 SECKEYPublicKey *peerKey); |
| 2111 #endif |
| 2112 |
| 2113 /* Pull in TLS 1.3 functions */ |
| 2114 #include "tls13con.h" |
2038 | 2115 |
2039 /********************** misc calls *********************/ | 2116 /********************** misc calls *********************/ |
2040 | 2117 |
2041 #ifdef DEBUG | 2118 #ifdef DEBUG |
2042 extern void ssl3_CheckCipherSuiteOrderConsistency(); | 2119 extern void ssl3_CheckCipherSuiteOrderConsistency(); |
2043 #endif | 2120 #endif |
2044 | 2121 |
2045 extern int ssl_MapLowLevelError(int hiLevelError); | 2122 extern int ssl_MapLowLevelError(int hiLevelError); |
2046 | 2123 |
2047 extern PRUint32 ssl_Time(void); | 2124 extern PRUint32 ssl_Time(void); |
2048 | 2125 |
2049 extern void SSL_AtomicIncrementLong(long * x); | 2126 extern void SSL_AtomicIncrementLong(long *x); |
2050 | 2127 |
2051 SECStatus SSL_DisableDefaultExportCipherSuites(void); | 2128 SECStatus SSL_DisableDefaultExportCipherSuites(void); |
2052 SECStatus SSL_DisableExportCipherSuites(PRFileDesc * fd); | 2129 SECStatus SSL_DisableExportCipherSuites(PRFileDesc *fd); |
2053 PRBool SSL_IsExportCipherSuite(PRUint16 cipherSuite); | 2130 PRBool SSL_IsExportCipherSuite(PRUint16 cipherSuite); |
| 2131 |
| 2132 SECStatus ssl3_ApplyNSSPolicy(void); |
2054 | 2133 |
2055 extern SECStatus | 2134 extern SECStatus |
2056 ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, | 2135 ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, |
2057 const char *label, unsigned int labelLen, | 2136 const char *label, unsigned int labelLen, |
2058 const unsigned char *val, unsigned int valLen, | 2137 const unsigned char *val, unsigned int valLen, |
2059 unsigned char *out, unsigned int outLen); | 2138 unsigned char *out, unsigned int outLen); |
2060 extern SECOidTag | 2139 extern SECOidTag |
2061 ssl3_TLSHashAlgorithmToOID(SSLHashType hashFunc); | 2140 ssl3_TLSHashAlgorithmToOID(SSLHashType hashFunc); |
2062 | 2141 |
2063 #ifdef TRACE | 2142 #ifdef TRACE |
2064 #define SSL_TRACE(msg) ssl_Trace msg | 2143 #define SSL_TRACE(msg) ssl_Trace msg |
2065 #else | 2144 #else |
2066 #define SSL_TRACE(msg) | 2145 #define SSL_TRACE(msg) |
2067 #endif | 2146 #endif |
2068 | 2147 |
2069 void ssl_Trace(const char *format, ...); | 2148 void ssl_Trace(const char *format, ...); |
2070 | 2149 |
2071 SEC_END_PROTOS | 2150 SEC_END_PROTOS |
2072 | 2151 |
2073 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) | 2152 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) |
2074 #define SSL_GETPID getpid | 2153 #define SSL_GETPID getpid |
2075 #elif defined(WIN32) | 2154 #elif defined(WIN32) |
2076 extern int __cdecl _getpid(void); | 2155 extern int __cdecl _getpid(void); |
2077 #define SSL_GETPID _getpid | 2156 #define SSL_GETPID _getpid |
2078 #else | 2157 #else |
2079 #define SSL_GETPID() 0 | 2158 #define SSL_GETPID() 0 |
2080 #endif | 2159 #endif |
2081 | 2160 |
2082 #endif /* __sslimpl_h_ */ | 2161 #endif /* __sslimpl_h_ */ |
OLD | NEW |