Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(296)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/ssl/sslsock.c

Issue 1882433002: Removing NSS files and USE_OPENSSL flag (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fixing header ordering. Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/socket/ssl_client_socket_unittest.cc ('K') | « net/third_party/nss/ssl/sslsnce.c ('k') | net/third_party/nss/ssl/sslt.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 /*
2 * vtables (and methods that call through them) for the 4 types of
3 * SSLSockets supported. Only one type is still supported.
4 * Various other functions.
5 *
6 * This Source Code Form is subject to the terms of the Mozilla Public
7 * License, v. 2.0. If a copy of the MPL was not distributed with this
8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
9 #include "seccomon.h"
10 #include "cert.h"
11 #include "keyhi.h"
12 #include "ssl.h"
13 #include "sslimpl.h"
14 #include "sslproto.h"
15 #include "nspr.h"
16 #include "private/pprio.h"
17 #ifndef NO_PKCS11_BYPASS
18 #include "blapi.h"
19 #endif
20 #include "nss.h"
21 #include "pk11pqg.h"
22
23 #define SET_ERROR_CODE /* reminder */
24
25 static const sslSocketOps ssl_default_ops = { /* No SSL. */
26 ssl_DefConnect,
27 NULL,
28 ssl_DefBind,
29 ssl_DefListen,
30 ssl_DefShutdown,
31 ssl_DefClose,
32 ssl_DefRecv,
33 ssl_DefSend,
34 ssl_DefRead,
35 ssl_DefWrite,
36 ssl_DefGetpeername,
37 ssl_DefGetsockname
38 };
39
40 static const sslSocketOps ssl_secure_ops = { /* SSL. */
41 ssl_SecureConnect,
42 NULL,
43 ssl_DefBind,
44 ssl_DefListen,
45 ssl_SecureShutdown,
46 ssl_SecureClose,
47 ssl_SecureRecv,
48 ssl_SecureSend,
49 ssl_SecureRead,
50 ssl_SecureWrite,
51 ssl_DefGetpeername,
52 ssl_DefGetsockname
53 };
54
55 /*
56 ** default settings for socket enables
57 */
58 static sslOptions ssl_defaults = {
59 { siBuffer, NULL, 0 }, /* nextProtoNego */
60 PR_TRUE, /* useSecurity */
61 PR_FALSE, /* useSocks */
62 PR_FALSE, /* requestCertificate */
63 2, /* requireCertificate */
64 PR_FALSE, /* handshakeAsClient */
65 PR_FALSE, /* handshakeAsServer */
66 PR_FALSE,
67 /* enableSSL2 */ /* now defaults to off in NSS 3.13 */
68 PR_FALSE, /* unusedBit9 */
69 PR_FALSE, /* unusedBit10 */
70 PR_FALSE, /* noCache */
71 PR_FALSE, /* fdx */
72 PR_FALSE,
73 /* v2CompatibleHello */ /* now defaults to off in NSS 3.13 */
74 PR_TRUE, /* detectRollBack */
75 PR_FALSE, /* noStepDown */
76 PR_FALSE, /* bypassPKCS11 */
77 PR_FALSE, /* noLocks */
78 PR_FALSE, /* enableSessionTickets */
79 PR_FALSE, /* enableDeflate */
80 2, /* enableRenegotiation (default: requires extension ) */
81 PR_FALSE, /* requireSafeNegotiation */
82 PR_FALSE, /* enableFalseStart */
83 PR_TRUE, /* cbcRandomIV */
84 PR_FALSE, /* enableOCSPStapling */
85 PR_TRUE, /* enableNPN */
86 PR_FALSE, /* enableALPN */
87 PR_TRUE, /* reuseServerECDHEKey */
88 PR_FALSE, /* enableFallbackSCSV */
89 PR_TRUE, /* enableServerDhe */
90 PR_FALSE, /* enableExtendedMS */
91 PR_FALSE, /* enableSignedCertTimestamps */
92 };
93
94 /*
95 * default range of enabled SSL/TLS protocols
96 */
97 static SSLVersionRange versions_defaults_stream = {
98 SSL_LIBRARY_VERSION_TLS_1_0,
99 SSL_LIBRARY_VERSION_TLS_1_2
100 };
101
102 static SSLVersionRange versions_defaults_datagram = {
103 SSL_LIBRARY_VERSION_TLS_1_1,
104 SSL_LIBRARY_VERSION_TLS_1_2
105 };
106
107 #define VERSIONS_DEFAULTS(variant) \
108 (variant == ssl_variant_stream ? &versions_defaults_stream : \
109 &versions_defaults_datagram)
110 #define VERSIONS_POLICY_MIN(variant) \
111 (variant == ssl_variant_stream ? NSS_TLS_VERSION_MIN_POLICY : \
112 NSS_DTLS_VERSION_MIN_POLICY)
113 #define VERSIONS_POLICY_MAX(variant) \
114 (variant == ssl_variant_stream ? NSS_TLS_VERSION_MAX_POLICY : \
115 NSS_DTLS_VERSION_MAX_POLICY)
116
117 sslSessionIDLookupFunc ssl_sid_lookup;
118 sslSessionIDCacheFunc ssl_sid_cache;
119 sslSessionIDUncacheFunc ssl_sid_uncache;
120
121 static PRBool ssl_inited = PR_FALSE;
122 static PRDescIdentity ssl_layer_id;
123
124 PRBool locksEverDisabled; /* implicitly PR_FALSE */
125 PRBool ssl_force_locks; /* implicitly PR_FALSE */
126 int ssl_lock_readers = 1; /* default true. */
127 char ssl_debug;
128 char ssl_trace;
129 FILE *ssl_trace_iob;
130 FILE *ssl_keylog_iob;
131 char lockStatus[] = "Locks are ENABLED. ";
132 #define LOCKSTATUS_OFFSET 10 /* offset of ENABLED */
133
134 /* SRTP_NULL_HMAC_SHA1_80 and SRTP_NULL_HMAC_SHA1_32 are not implemented. */
135 static const PRUint16 srtpCiphers[] = {
136 SRTP_AES128_CM_HMAC_SHA1_80,
137 SRTP_AES128_CM_HMAC_SHA1_32,
138 0
139 };
140
141 /* forward declarations. */
142 static sslSocket *ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant variant);
143 static SECStatus ssl_MakeLocks(sslSocket *ss);
144 static void ssl_SetDefaultsFromEnvironment(void);
145 static PRStatus ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack,
146 PRDescIdentity id);
147
148 /************************************************************************/
149
150 /*
151 ** Lookup a socket structure from a file descriptor.
152 ** Only functions called through the PRIOMethods table should use this.
153 ** Other app-callable functions should use ssl_FindSocket.
154 */
155 static sslSocket *
156 ssl_GetPrivate(PRFileDesc *fd)
157 {
158 sslSocket *ss;
159
160 PORT_Assert(fd != NULL);
161 PORT_Assert(fd->methods->file_type == PR_DESC_LAYERED);
162 PORT_Assert(fd->identity == ssl_layer_id);
163
164 if (fd->methods->file_type != PR_DESC_LAYERED ||
165 fd->identity != ssl_layer_id) {
166 PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
167 return NULL;
168 }
169
170 ss = (sslSocket *)fd->secret;
171 /* Set ss->fd lazily. We can't rely on the value of ss->fd set by
172 * ssl_PushIOLayer because another PR_PushIOLayer call will switch the
173 * contents of the PRFileDesc pointed by ss->fd and the new layer.
174 * See bug 807250.
175 */
176 ss->fd = fd;
177 return ss;
178 }
179
180 /* This function tries to find the SSL layer in the stack.
181 * It searches for the first SSL layer at or below the argument fd,
182 * and failing that, it searches for the nearest SSL layer above the
183 * argument fd. It returns the private sslSocket from the found layer.
184 */
185 sslSocket *
186 ssl_FindSocket(PRFileDesc *fd)
187 {
188 PRFileDesc *layer;
189 sslSocket *ss;
190
191 PORT_Assert(fd != NULL);
192 PORT_Assert(ssl_layer_id != 0);
193
194 layer = PR_GetIdentitiesLayer(fd, ssl_layer_id);
195 if (layer == NULL) {
196 PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
197 return NULL;
198 }
199
200 ss = (sslSocket *)layer->secret;
201 /* Set ss->fd lazily. We can't rely on the value of ss->fd set by
202 * ssl_PushIOLayer because another PR_PushIOLayer call will switch the
203 * contents of the PRFileDesc pointed by ss->fd and the new layer.
204 * See bug 807250.
205 */
206 ss->fd = layer;
207 return ss;
208 }
209
210 static sslSocket *
211 ssl_DupSocket(sslSocket *os)
212 {
213 sslSocket *ss;
214 SECStatus rv;
215
216 ss = ssl_NewSocket((PRBool)(!os->opt.noLocks), os->protocolVariant);
217 if (ss) {
218 ss->opt = os->opt;
219 ss->opt.useSocks = PR_FALSE;
220 ss->vrange = os->vrange;
221
222 ss->peerID = !os->peerID ? NULL : PORT_Strdup(os->peerID);
223 ss->url = !os->url ? NULL : PORT_Strdup(os->url);
224
225 ss->ops = os->ops;
226 ss->rTimeout = os->rTimeout;
227 ss->wTimeout = os->wTimeout;
228 ss->cTimeout = os->cTimeout;
229 ss->dbHandle = os->dbHandle;
230
231 /* copy ssl2&3 policy & prefs, even if it's not selected (yet) */
232 ss->allowedByPolicy = os->allowedByPolicy;
233 ss->maybeAllowedByPolicy = os->maybeAllowedByPolicy;
234 ss->chosenPreference = os->chosenPreference;
235 PORT_Memcpy(ss->cipherSuites, os->cipherSuites, sizeof os->cipherSuites) ;
236 PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, os->ssl3.dtlsSRTPCiphers,
237 sizeof(PRUint16) * os->ssl3.dtlsSRTPCipherCount);
238 ss->ssl3.dtlsSRTPCipherCount = os->ssl3.dtlsSRTPCipherCount;
239 PORT_Memcpy(ss->ssl3.signatureAlgorithms, os->ssl3.signatureAlgorithms,
240 sizeof(ss->ssl3.signatureAlgorithms[0]) *
241 os->ssl3.signatureAlgorithmCount);
242 ss->ssl3.signatureAlgorithmCount = os->ssl3.signatureAlgorithmCount;
243 ss->ssl3.downgradeCheckVersion = os->ssl3.downgradeCheckVersion;
244
245 ss->ssl3.dheWeakGroupEnabled = os->ssl3.dheWeakGroupEnabled;
246 ss->ssl3.numDHEGroups = os->ssl3.numDHEGroups;
247 if (os->ssl3.dheGroups) {
248 ss->ssl3.dheGroups = PORT_NewArray(SSLDHEGroupType,
249 os->ssl3.numDHEGroups);
250 if (!ss->ssl3.dheGroups) {
251 goto loser;
252 }
253 PORT_Memcpy(ss->ssl3.dheGroups, os->ssl3.dheGroups,
254 sizeof(SSLDHEGroupType) * os->ssl3.numDHEGroups);
255 } else {
256 ss->ssl3.dheGroups = NULL;
257 }
258
259 if (os->cipherSpecs) {
260 ss->cipherSpecs = (unsigned char *)PORT_Alloc(os->sizeCipherSpecs);
261 if (ss->cipherSpecs)
262 PORT_Memcpy(ss->cipherSpecs, os->cipherSpecs,
263 os->sizeCipherSpecs);
264 ss->sizeCipherSpecs = os->sizeCipherSpecs;
265 ss->preferredCipher = os->preferredCipher;
266 } else {
267 ss->cipherSpecs = NULL; /* produced lazily */
268 ss->sizeCipherSpecs = 0;
269 ss->preferredCipher = NULL;
270 }
271 if (ss->opt.useSecurity) {
272 /* This int should be SSLKEAType, but CC on Irix complains,
273 * during the for loop.
274 */
275 int i;
276 sslServerCerts *oc = os->serverCerts;
277 sslServerCerts *sc = ss->serverCerts;
278
279 for (i = kt_null; i < kt_kea_size; i++, oc++, sc++) {
280 if (oc->serverCert && oc->serverCertChain) {
281 sc->serverCert = CERT_DupCertificate(oc->serverCert);
282 sc->serverCertChain = CERT_DupCertList(oc->serverCertChain);
283 if (!sc->serverCertChain)
284 goto loser;
285 } else {
286 sc->serverCert = NULL;
287 sc->serverCertChain = NULL;
288 }
289 sc->serverKeyPair = oc->serverKeyPair ? ssl3_GetKeyPairRef(oc->s erverKeyPair)
290 : NULL;
291 if (oc->serverKeyPair && !sc->serverKeyPair)
292 goto loser;
293 sc->serverKeyBits = oc->serverKeyBits;
294 ss->certStatusArray[i] = !os->certStatusArray[i] ? NULL : SECITE M_DupArray(NULL, os->certStatusArray[i]);
295 }
296 ss->stepDownKeyPair = !os->stepDownKeyPair ? NULL : ssl3_GetKeyPairR ef(os->stepDownKeyPair);
297 ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL : ssl3_G etKeyPairRef(os->ephemeralECDHKeyPair);
298 ss->dheKeyPair = !os->dheKeyPair ? NULL : ssl3_GetKeyPairRef(os->dhe KeyPair);
299 ss->dheParams = os->dheParams;
300
301 /*
302 * XXX the preceding CERT_ and SECKEY_ functions can fail and return NULL.
303 * XXX We should detect this, and not just march on with NULL pointe rs.
304 */
305 ss->authCertificate = os->authCertificate;
306 ss->authCertificateArg = os->authCertificateArg;
307 ss->getClientAuthData = os->getClientAuthData;
308 ss->getClientAuthDataArg = os->getClientAuthDataArg;
309 ss->sniSocketConfig = os->sniSocketConfig;
310 ss->sniSocketConfigArg = os->sniSocketConfigArg;
311 ss->handleBadCert = os->handleBadCert;
312 ss->badCertArg = os->badCertArg;
313 ss->handshakeCallback = os->handshakeCallback;
314 ss->handshakeCallbackData = os->handshakeCallbackData;
315 ss->canFalseStartCallback = os->canFalseStartCallback;
316 ss->canFalseStartCallbackData = os->canFalseStartCallbackData;
317 ss->pkcs11PinArg = os->pkcs11PinArg;
318 ss->getChannelID = os->getChannelID;
319 ss->getChannelIDArg = os->getChannelIDArg;
320
321 /* Create security data */
322 rv = ssl_CopySecurityInfo(ss, os);
323 if (rv != SECSuccess) {
324 goto loser;
325 }
326 }
327 }
328 return ss;
329
330 loser:
331 ssl_FreeSocket(ss);
332 return NULL;
333 }
334
335 static void
336 ssl_DestroyLocks(sslSocket *ss)
337 {
338 /* Destroy locks. */
339 if (ss->firstHandshakeLock) {
340 PZ_DestroyMonitor(ss->firstHandshakeLock);
341 ss->firstHandshakeLock = NULL;
342 }
343 if (ss->ssl3HandshakeLock) {
344 PZ_DestroyMonitor(ss->ssl3HandshakeLock);
345 ss->ssl3HandshakeLock = NULL;
346 }
347 if (ss->specLock) {
348 NSSRWLock_Destroy(ss->specLock);
349 ss->specLock = NULL;
350 }
351
352 if (ss->recvLock) {
353 PZ_DestroyLock(ss->recvLock);
354 ss->recvLock = NULL;
355 }
356 if (ss->sendLock) {
357 PZ_DestroyLock(ss->sendLock);
358 ss->sendLock = NULL;
359 }
360 if (ss->xmitBufLock) {
361 PZ_DestroyMonitor(ss->xmitBufLock);
362 ss->xmitBufLock = NULL;
363 }
364 if (ss->recvBufLock) {
365 PZ_DestroyMonitor(ss->recvBufLock);
366 ss->recvBufLock = NULL;
367 }
368 }
369
370 /* Caller holds any relevant locks */
371 static void
372 ssl_DestroySocketContents(sslSocket *ss)
373 {
374 /* "i" should be of type SSLKEAType, but CC on IRIX complains during
375 * the for loop.
376 */
377 int i;
378
379 /* Free up socket */
380 ssl_DestroySecurityInfo(&ss->sec);
381
382 ssl3_DestroySSL3Info(ss);
383
384 PORT_Free(ss->saveBuf.buf);
385 PORT_Free(ss->pendingBuf.buf);
386 ssl_DestroyGather(&ss->gs);
387
388 if (ss->peerID != NULL)
389 PORT_Free(ss->peerID);
390 if (ss->url != NULL)
391 PORT_Free((void *)ss->url); /* CONST */
392 if (ss->cipherSpecs) {
393 PORT_Free(ss->cipherSpecs);
394 ss->cipherSpecs = NULL;
395 ss->sizeCipherSpecs = 0;
396 }
397
398 /* Clean up server configuration */
399 for (i = kt_null; i < kt_kea_size; i++) {
400 sslServerCerts *sc = ss->serverCerts + i;
401 if (sc->serverCert != NULL)
402 CERT_DestroyCertificate(sc->serverCert);
403 if (sc->serverCertChain != NULL)
404 CERT_DestroyCertificateList(sc->serverCertChain);
405 if (sc->serverKeyPair != NULL)
406 ssl3_FreeKeyPair(sc->serverKeyPair);
407 if (ss->certStatusArray[i] != NULL) {
408 SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE);
409 ss->certStatusArray[i] = NULL;
410 }
411 if (ss->signedCertTimestamps[i].data) {
412 SECITEM_FreeItem(&ss->signedCertTimestamps[i], PR_FALSE);
413 }
414 }
415 if (ss->stepDownKeyPair) {
416 ssl3_FreeKeyPair(ss->stepDownKeyPair);
417 ss->stepDownKeyPair = NULL;
418 }
419 if (ss->ephemeralECDHKeyPair) {
420 ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
421 ss->ephemeralECDHKeyPair = NULL;
422 }
423 if (ss->dheKeyPair) {
424 ssl3_FreeKeyPair(ss->dheKeyPair);
425 ss->dheKeyPair = NULL;
426 }
427 SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE);
428 if (ss->xtnData.sniNameArr) {
429 PORT_Free(ss->xtnData.sniNameArr);
430 ss->xtnData.sniNameArr = NULL;
431 }
432 }
433
434 /*
435 * free an sslSocket struct, and all the stuff that hangs off of it
436 */
437 void
438 ssl_FreeSocket(sslSocket *ss)
439 {
440 /* Get every lock you can imagine!
441 ** Caller already holds these:
442 ** SSL_LOCK_READER(ss);
443 ** SSL_LOCK_WRITER(ss);
444 */
445 ssl_Get1stHandshakeLock(ss);
446 ssl_GetRecvBufLock(ss);
447 ssl_GetSSL3HandshakeLock(ss);
448 ssl_GetXmitBufLock(ss);
449 ssl_GetSpecWriteLock(ss);
450
451 ssl_DestroySocketContents(ss);
452
453 /* Release all the locks acquired above. */
454 SSL_UNLOCK_READER(ss);
455 SSL_UNLOCK_WRITER(ss);
456 ssl_Release1stHandshakeLock(ss);
457 ssl_ReleaseRecvBufLock(ss);
458 ssl_ReleaseSSL3HandshakeLock(ss);
459 ssl_ReleaseXmitBufLock(ss);
460 ssl_ReleaseSpecWriteLock(ss);
461
462 ssl_DestroyLocks(ss);
463
464 #ifdef DEBUG
465 PORT_Memset(ss, 0x1f, sizeof *ss);
466 #endif
467 PORT_Free(ss);
468 return;
469 }
470
471 /************************************************************************/
472 SECStatus
473 ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled)
474 {
475 PRFileDesc *osfd = ss->fd->lower;
476 SECStatus rv = SECFailure;
477 PRSocketOptionData opt;
478
479 opt.option = PR_SockOpt_NoDelay;
480 opt.value.no_delay = (PRBool)!enabled;
481
482 if (osfd->methods->setsocketoption) {
483 rv = (SECStatus)osfd->methods->setsocketoption(osfd, &opt);
484 } else {
485 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
486 }
487
488 return rv;
489 }
490
491 static void
492 ssl_ChooseOps(sslSocket *ss)
493 {
494 ss->ops = ss->opt.useSecurity ? &ssl_secure_ops : &ssl_default_ops;
495 }
496
497 /* Called from SSL_Enable (immediately below) */
498 static SECStatus
499 PrepareSocket(sslSocket *ss)
500 {
501 SECStatus rv = SECSuccess;
502
503 ssl_ChooseOps(ss);
504 return rv;
505 }
506
507 SECStatus
508 SSL_Enable(PRFileDesc *fd, int which, PRBool on)
509 {
510 return SSL_OptionSet(fd, which, on);
511 }
512
513 #ifndef NO_PKCS11_BYPASS
514 static const PRCallOnceType pristineCallOnce;
515 static PRCallOnceType setupBypassOnce;
516
517 static SECStatus
518 SSL_BypassShutdown(void *appData, void *nssData)
519 {
520 /* unload freeBL shared library from memory */
521 BL_Unload();
522 setupBypassOnce = pristineCallOnce;
523 return SECSuccess;
524 }
525
526 static PRStatus
527 SSL_BypassRegisterShutdown(void)
528 {
529 SECStatus rv = NSS_RegisterShutdown(SSL_BypassShutdown, NULL);
530 PORT_Assert(SECSuccess == rv);
531 return SECSuccess == rv ? PR_SUCCESS : PR_FAILURE;
532 }
533 #endif
534
535 static PRStatus
536 SSL_BypassSetup(void)
537 {
538 #ifdef NO_PKCS11_BYPASS
539 /* Guarantee binary compatibility */
540 return PR_SUCCESS;
541 #else
542 return PR_CallOnce(&setupBypassOnce, &SSL_BypassRegisterShutdown);
543 #endif
544 }
545
546 static PRBool ssl_VersionIsSupportedByPolicy(
547 SSLProtocolVariant protocolVariant, SSL3ProtocolVersion version);
548
549 /* Implements the semantics for SSL_OptionSet(SSL_ENABLE_TLS, on) described in
550 * ssl.h in the section "SSL version range setting API".
551 */
552 static void
553 ssl_EnableTLS(SSLVersionRange *vrange, PRBool on)
554 {
555 if (on) {
556 /* don't turn it on if tls1.0 disallowed by by policy */
557 if (!ssl_VersionIsSupportedByPolicy(ssl_variant_stream,
558 SSL_LIBRARY_VERSION_TLS_1_0)) {
559 return;
560 }
561 }
562 if (SSL3_ALL_VERSIONS_DISABLED(vrange)) {
563 if (on) {
564 vrange->min = SSL_LIBRARY_VERSION_TLS_1_0;
565 vrange->max = SSL_LIBRARY_VERSION_TLS_1_0;
566 } /* else don't change anything */
567 return;
568 }
569
570 if (on) {
571 /* Expand the range of enabled version to include TLS 1.0 */
572 vrange->min = PR_MIN(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
573 vrange->max = PR_MAX(vrange->max, SSL_LIBRARY_VERSION_TLS_1_0);
574 } else {
575 /* Disable all TLS versions, leaving only SSL 3.0 if it was enabled */
576 if (vrange->min == SSL_LIBRARY_VERSION_3_0) {
577 vrange->max = SSL_LIBRARY_VERSION_3_0;
578 } else {
579 /* Only TLS was enabled, so now no versions are. */
580 vrange->min = SSL_LIBRARY_VERSION_NONE;
581 vrange->max = SSL_LIBRARY_VERSION_NONE;
582 }
583 }
584 }
585
586 /* Implements the semantics for SSL_OptionSet(SSL_ENABLE_SSL3, on) described in
587 * ssl.h in the section "SSL version range setting API".
588 */
589 static void
590 ssl_EnableSSL3(SSLVersionRange *vrange, PRBool on)
591 {
592 if (on) {
593 /* don't turn it on if ssl3 disallowed by by policy */
594 if (!ssl_VersionIsSupportedByPolicy(ssl_variant_stream,
595 SSL_LIBRARY_VERSION_3_0)) {
596 return;
597 }
598 }
599 if (SSL3_ALL_VERSIONS_DISABLED(vrange)) {
600 if (on) {
601 vrange->min = SSL_LIBRARY_VERSION_3_0;
602 vrange->max = SSL_LIBRARY_VERSION_3_0;
603 } /* else don't change anything */
604 return;
605 }
606
607 if (on) {
608 /* Expand the range of enabled versions to include SSL 3.0. We know
609 * SSL 3.0 or some version of TLS is already enabled at this point, so
610 * we don't need to change vrange->max.
611 */
612 vrange->min = SSL_LIBRARY_VERSION_3_0;
613 } else {
614 /* Disable SSL 3.0, leaving TLS unaffected. */
615 if (vrange->max > SSL_LIBRARY_VERSION_3_0) {
616 vrange->min = PR_MAX(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
617 } else {
618 /* Only SSL 3.0 was enabled, so now no versions are. */
619 vrange->min = SSL_LIBRARY_VERSION_NONE;
620 vrange->max = SSL_LIBRARY_VERSION_NONE;
621 }
622 }
623 }
624
625 SECStatus
626 SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
627 {
628 sslSocket *ss = ssl_FindSocket(fd);
629 SECStatus rv = SECSuccess;
630 PRBool holdingLocks;
631
632 if (!ss) {
633 SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd));
634 return SECFailure;
635 }
636
637 holdingLocks = (!ss->opt.noLocks);
638 ssl_Get1stHandshakeLock(ss);
639 ssl_GetSSL3HandshakeLock(ss);
640
641 switch (which) {
642 case SSL_SOCKS:
643 ss->opt.useSocks = PR_FALSE;
644 rv = PrepareSocket(ss);
645 if (on) {
646 PORT_SetError(SEC_ERROR_INVALID_ARGS);
647 rv = SECFailure;
648 }
649 break;
650
651 case SSL_SECURITY:
652 ss->opt.useSecurity = on;
653 rv = PrepareSocket(ss);
654 break;
655
656 case SSL_REQUEST_CERTIFICATE:
657 ss->opt.requestCertificate = on;
658 break;
659
660 case SSL_REQUIRE_CERTIFICATE:
661 ss->opt.requireCertificate = on;
662 break;
663
664 case SSL_HANDSHAKE_AS_CLIENT:
665 if (ss->opt.handshakeAsServer && on) {
666 PORT_SetError(SEC_ERROR_INVALID_ARGS);
667 rv = SECFailure;
668 break;
669 }
670 ss->opt.handshakeAsClient = on;
671 break;
672
673 case SSL_HANDSHAKE_AS_SERVER:
674 if (ss->opt.handshakeAsClient && on) {
675 PORT_SetError(SEC_ERROR_INVALID_ARGS);
676 rv = SECFailure;
677 break;
678 }
679 ss->opt.handshakeAsServer = on;
680 break;
681
682 case SSL_ENABLE_TLS:
683 if (IS_DTLS(ss)) {
684 if (on) {
685 PORT_SetError(SEC_ERROR_INVALID_ARGS);
686 rv = SECFailure; /* not allowed */
687 }
688 break;
689 }
690 ssl_EnableTLS(&ss->vrange, on);
691 ss->preferredCipher = NULL;
692 if (ss->cipherSpecs) {
693 PORT_Free(ss->cipherSpecs);
694 ss->cipherSpecs = NULL;
695 ss->sizeCipherSpecs = 0;
696 }
697 break;
698
699 case SSL_ENABLE_SSL3:
700 if (IS_DTLS(ss)) {
701 if (on) {
702 PORT_SetError(SEC_ERROR_INVALID_ARGS);
703 rv = SECFailure; /* not allowed */
704 }
705 break;
706 }
707 ssl_EnableSSL3(&ss->vrange, on);
708 ss->preferredCipher = NULL;
709 if (ss->cipherSpecs) {
710 PORT_Free(ss->cipherSpecs);
711 ss->cipherSpecs = NULL;
712 ss->sizeCipherSpecs = 0;
713 }
714 break;
715
716 case SSL_ENABLE_SSL2:
717 if (IS_DTLS(ss)) {
718 if (on) {
719 PORT_SetError(SEC_ERROR_INVALID_ARGS);
720 rv = SECFailure; /* not allowed */
721 }
722 break;
723 }
724 if (on) {
725 /* don't turn it on if ssl2 disallowed by by policy */
726 if (!ssl_VersionIsSupportedByPolicy(ssl_variant_stream,
727 SSL_LIBRARY_VERSION_2)) {
728 break;
729 }
730 }
731 ss->opt.enableSSL2 = on;
732 if (on) {
733 ss->opt.v2CompatibleHello = on;
734 }
735 ss->preferredCipher = NULL;
736 if (ss->cipherSpecs) {
737 PORT_Free(ss->cipherSpecs);
738 ss->cipherSpecs = NULL;
739 ss->sizeCipherSpecs = 0;
740 }
741 break;
742
743 case SSL_NO_CACHE:
744 ss->opt.noCache = on;
745 break;
746
747 case SSL_ENABLE_FDX:
748 if (on && ss->opt.noLocks) {
749 PORT_SetError(SEC_ERROR_INVALID_ARGS);
750 rv = SECFailure;
751 }
752 ss->opt.fdx = on;
753 break;
754
755 case SSL_V2_COMPATIBLE_HELLO:
756 if (IS_DTLS(ss)) {
757 if (on) {
758 PORT_SetError(SEC_ERROR_INVALID_ARGS);
759 rv = SECFailure; /* not allowed */
760 }
761 break;
762 }
763 ss->opt.v2CompatibleHello = on;
764 if (!on) {
765 ss->opt.enableSSL2 = on;
766 }
767 break;
768
769 case SSL_ROLLBACK_DETECTION:
770 ss->opt.detectRollBack = on;
771 break;
772
773 case SSL_NO_STEP_DOWN:
774 ss->opt.noStepDown = on;
775 if (on)
776 SSL_DisableExportCipherSuites(fd);
777 break;
778
779 case SSL_BYPASS_PKCS11:
780 if (ss->handshakeBegun) {
781 PORT_SetError(PR_INVALID_STATE_ERROR);
782 rv = SECFailure;
783 } else {
784 if (PR_FALSE != on) {
785 if (PR_SUCCESS == SSL_BypassSetup()) {
786 #ifdef NO_PKCS11_BYPASS
787 ss->opt.bypassPKCS11 = PR_FALSE;
788 #else
789 ss->opt.bypassPKCS11 = on;
790 #endif
791 } else {
792 rv = SECFailure;
793 }
794 } else {
795 ss->opt.bypassPKCS11 = PR_FALSE;
796 }
797 }
798 break;
799
800 case SSL_NO_LOCKS:
801 if (on && ss->opt.fdx) {
802 PORT_SetError(SEC_ERROR_INVALID_ARGS);
803 rv = SECFailure;
804 }
805 if (on && ssl_force_locks)
806 on = PR_FALSE; /* silent override */
807 ss->opt.noLocks = on;
808 if (on) {
809 locksEverDisabled = PR_TRUE;
810 strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
811 } else if (!holdingLocks) {
812 rv = ssl_MakeLocks(ss);
813 if (rv != SECSuccess) {
814 ss->opt.noLocks = PR_TRUE;
815 }
816 }
817 break;
818
819 case SSL_ENABLE_SESSION_TICKETS:
820 ss->opt.enableSessionTickets = on;
821 break;
822
823 case SSL_ENABLE_DEFLATE:
824 ss->opt.enableDeflate = on;
825 break;
826
827 case SSL_ENABLE_RENEGOTIATION:
828 ss->opt.enableRenegotiation = on;
829 break;
830
831 case SSL_REQUIRE_SAFE_NEGOTIATION:
832 ss->opt.requireSafeNegotiation = on;
833 break;
834
835 case SSL_ENABLE_FALSE_START:
836 ss->opt.enableFalseStart = on;
837 break;
838
839 case SSL_CBC_RANDOM_IV:
840 ss->opt.cbcRandomIV = on;
841 break;
842
843 case SSL_ENABLE_OCSP_STAPLING:
844 ss->opt.enableOCSPStapling = on;
845 break;
846
847 case SSL_ENABLE_NPN:
848 ss->opt.enableNPN = on;
849 break;
850
851 case SSL_ENABLE_ALPN:
852 ss->opt.enableALPN = on;
853 break;
854
855 case SSL_REUSE_SERVER_ECDHE_KEY:
856 ss->opt.reuseServerECDHEKey = on;
857 break;
858
859 case SSL_ENABLE_FALLBACK_SCSV:
860 ss->opt.enableFallbackSCSV = on;
861 break;
862
863 case SSL_ENABLE_SERVER_DHE:
864 ss->opt.enableServerDhe = on;
865 break;
866
867 case SSL_ENABLE_EXTENDED_MASTER_SECRET:
868 ss->opt.enableExtendedMS = on;
869 break;
870
871 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
872 ss->opt.enableSignedCertTimestamps = on;
873 break;
874
875 default:
876 PORT_SetError(SEC_ERROR_INVALID_ARGS);
877 rv = SECFailure;
878 }
879
880 /* We can't use the macros for releasing the locks here,
881 * because ss->opt.noLocks might have changed just above.
882 * We must release these locks (monitors) here, if we aquired them above,
883 * regardless of the current value of ss->opt.noLocks.
884 */
885 if (holdingLocks) {
886 PZ_ExitMonitor((ss)->ssl3HandshakeLock);
887 PZ_ExitMonitor((ss)->firstHandshakeLock);
888 }
889
890 return rv;
891 }
892
893 SECStatus
894 SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
895 {
896 sslSocket *ss = ssl_FindSocket(fd);
897 SECStatus rv = SECSuccess;
898 PRBool on = PR_FALSE;
899
900 if (!pOn) {
901 PORT_SetError(SEC_ERROR_INVALID_ARGS);
902 return SECFailure;
903 }
904 if (!ss) {
905 SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd));
906 *pOn = PR_FALSE;
907 return SECFailure;
908 }
909
910 ssl_Get1stHandshakeLock(ss);
911 ssl_GetSSL3HandshakeLock(ss);
912
913 switch (which) {
914 case SSL_SOCKS:
915 on = PR_FALSE;
916 break;
917 case SSL_SECURITY:
918 on = ss->opt.useSecurity;
919 break;
920 case SSL_REQUEST_CERTIFICATE:
921 on = ss->opt.requestCertificate;
922 break;
923 case SSL_REQUIRE_CERTIFICATE:
924 on = ss->opt.requireCertificate;
925 break;
926 case SSL_HANDSHAKE_AS_CLIENT:
927 on = ss->opt.handshakeAsClient;
928 break;
929 case SSL_HANDSHAKE_AS_SERVER:
930 on = ss->opt.handshakeAsServer;
931 break;
932 case SSL_ENABLE_TLS:
933 on = ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_0;
934 break;
935 case SSL_ENABLE_SSL3:
936 on = ss->vrange.min == SSL_LIBRARY_VERSION_3_0;
937 break;
938 case SSL_ENABLE_SSL2:
939 on = ss->opt.enableSSL2;
940 break;
941 case SSL_NO_CACHE:
942 on = ss->opt.noCache;
943 break;
944 case SSL_ENABLE_FDX:
945 on = ss->opt.fdx;
946 break;
947 case SSL_V2_COMPATIBLE_HELLO:
948 on = ss->opt.v2CompatibleHello;
949 break;
950 case SSL_ROLLBACK_DETECTION:
951 on = ss->opt.detectRollBack;
952 break;
953 case SSL_NO_STEP_DOWN:
954 on = ss->opt.noStepDown;
955 break;
956 case SSL_BYPASS_PKCS11:
957 on = ss->opt.bypassPKCS11;
958 break;
959 case SSL_NO_LOCKS:
960 on = ss->opt.noLocks;
961 break;
962 case SSL_ENABLE_SESSION_TICKETS:
963 on = ss->opt.enableSessionTickets;
964 break;
965 case SSL_ENABLE_DEFLATE:
966 on = ss->opt.enableDeflate;
967 break;
968 case SSL_ENABLE_RENEGOTIATION:
969 on = ss->opt.enableRenegotiation;
970 break;
971 case SSL_REQUIRE_SAFE_NEGOTIATION:
972 on = ss->opt.requireSafeNegotiation;
973 break;
974 case SSL_ENABLE_FALSE_START:
975 on = ss->opt.enableFalseStart;
976 break;
977 case SSL_CBC_RANDOM_IV:
978 on = ss->opt.cbcRandomIV;
979 break;
980 case SSL_ENABLE_OCSP_STAPLING:
981 on = ss->opt.enableOCSPStapling;
982 break;
983 case SSL_ENABLE_NPN:
984 on = ss->opt.enableNPN;
985 break;
986 case SSL_ENABLE_ALPN:
987 on = ss->opt.enableALPN;
988 break;
989 case SSL_REUSE_SERVER_ECDHE_KEY:
990 on = ss->opt.reuseServerECDHEKey;
991 break;
992 case SSL_ENABLE_FALLBACK_SCSV:
993 on = ss->opt.enableFallbackSCSV;
994 break;
995 case SSL_ENABLE_SERVER_DHE:
996 on = ss->opt.enableServerDhe;
997 break;
998 case SSL_ENABLE_EXTENDED_MASTER_SECRET:
999 on = ss->opt.enableExtendedMS;
1000 break;
1001 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
1002 on = ss->opt.enableSignedCertTimestamps;
1003 break;
1004
1005 default:
1006 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1007 rv = SECFailure;
1008 }
1009
1010 ssl_ReleaseSSL3HandshakeLock(ss);
1011 ssl_Release1stHandshakeLock(ss);
1012
1013 *pOn = on;
1014 return rv;
1015 }
1016
1017 SECStatus
1018 SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
1019 {
1020 SECStatus rv = SECSuccess;
1021 PRBool on = PR_FALSE;
1022
1023 if (!pOn) {
1024 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1025 return SECFailure;
1026 }
1027
1028 ssl_SetDefaultsFromEnvironment();
1029
1030 switch (which) {
1031 case SSL_SOCKS:
1032 on = PR_FALSE;
1033 break;
1034 case SSL_SECURITY:
1035 on = ssl_defaults.useSecurity;
1036 break;
1037 case SSL_REQUEST_CERTIFICATE:
1038 on = ssl_defaults.requestCertificate;
1039 break;
1040 case SSL_REQUIRE_CERTIFICATE:
1041 on = ssl_defaults.requireCertificate;
1042 break;
1043 case SSL_HANDSHAKE_AS_CLIENT:
1044 on = ssl_defaults.handshakeAsClient;
1045 break;
1046 case SSL_HANDSHAKE_AS_SERVER:
1047 on = ssl_defaults.handshakeAsServer;
1048 break;
1049 case SSL_ENABLE_TLS:
1050 on = versions_defaults_stream.max >= SSL_LIBRARY_VERSION_TLS_1_0;
1051 break;
1052 case SSL_ENABLE_SSL3:
1053 on = versions_defaults_stream.min == SSL_LIBRARY_VERSION_3_0;
1054 break;
1055 case SSL_ENABLE_SSL2:
1056 on = ssl_defaults.enableSSL2;
1057 break;
1058 case SSL_NO_CACHE:
1059 on = ssl_defaults.noCache;
1060 break;
1061 case SSL_ENABLE_FDX:
1062 on = ssl_defaults.fdx;
1063 break;
1064 case SSL_V2_COMPATIBLE_HELLO:
1065 on = ssl_defaults.v2CompatibleHello;
1066 break;
1067 case SSL_ROLLBACK_DETECTION:
1068 on = ssl_defaults.detectRollBack;
1069 break;
1070 case SSL_NO_STEP_DOWN:
1071 on = ssl_defaults.noStepDown;
1072 break;
1073 case SSL_BYPASS_PKCS11:
1074 on = ssl_defaults.bypassPKCS11;
1075 break;
1076 case SSL_NO_LOCKS:
1077 on = ssl_defaults.noLocks;
1078 break;
1079 case SSL_ENABLE_SESSION_TICKETS:
1080 on = ssl_defaults.enableSessionTickets;
1081 break;
1082 case SSL_ENABLE_DEFLATE:
1083 on = ssl_defaults.enableDeflate;
1084 break;
1085 case SSL_ENABLE_RENEGOTIATION:
1086 on = ssl_defaults.enableRenegotiation;
1087 break;
1088 case SSL_REQUIRE_SAFE_NEGOTIATION:
1089 on = ssl_defaults.requireSafeNegotiation;
1090 break;
1091 case SSL_ENABLE_FALSE_START:
1092 on = ssl_defaults.enableFalseStart;
1093 break;
1094 case SSL_CBC_RANDOM_IV:
1095 on = ssl_defaults.cbcRandomIV;
1096 break;
1097 case SSL_ENABLE_OCSP_STAPLING:
1098 on = ssl_defaults.enableOCSPStapling;
1099 break;
1100 case SSL_ENABLE_NPN:
1101 on = ssl_defaults.enableNPN;
1102 break;
1103 case SSL_ENABLE_ALPN:
1104 on = ssl_defaults.enableALPN;
1105 break;
1106 case SSL_REUSE_SERVER_ECDHE_KEY:
1107 on = ssl_defaults.reuseServerECDHEKey;
1108 break;
1109 case SSL_ENABLE_FALLBACK_SCSV:
1110 on = ssl_defaults.enableFallbackSCSV;
1111 break;
1112 case SSL_ENABLE_SERVER_DHE:
1113 on = ssl_defaults.enableServerDhe;
1114 break;
1115 case SSL_ENABLE_EXTENDED_MASTER_SECRET:
1116 on = ssl_defaults.enableExtendedMS;
1117 break;
1118 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
1119 on = ssl_defaults.enableSignedCertTimestamps;
1120 break;
1121
1122 default:
1123 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1124 rv = SECFailure;
1125 }
1126
1127 *pOn = on;
1128 return rv;
1129 }
1130
1131 /* XXX Use Global Lock to protect this stuff. */
1132 SECStatus
1133 SSL_EnableDefault(int which, PRBool on)
1134 {
1135 return SSL_OptionSetDefault(which, on);
1136 }
1137
1138 SECStatus
1139 SSL_OptionSetDefault(PRInt32 which, PRBool on)
1140 {
1141 SECStatus status = ssl_Init();
1142
1143 if (status != SECSuccess) {
1144 return status;
1145 }
1146
1147 ssl_SetDefaultsFromEnvironment();
1148
1149 switch (which) {
1150 case SSL_SOCKS:
1151 ssl_defaults.useSocks = PR_FALSE;
1152 if (on) {
1153 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1154 return SECFailure;
1155 }
1156 break;
1157
1158 case SSL_SECURITY:
1159 ssl_defaults.useSecurity = on;
1160 break;
1161
1162 case SSL_REQUEST_CERTIFICATE:
1163 ssl_defaults.requestCertificate = on;
1164 break;
1165
1166 case SSL_REQUIRE_CERTIFICATE:
1167 ssl_defaults.requireCertificate = on;
1168 break;
1169
1170 case SSL_HANDSHAKE_AS_CLIENT:
1171 if (ssl_defaults.handshakeAsServer && on) {
1172 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1173 return SECFailure;
1174 }
1175 ssl_defaults.handshakeAsClient = on;
1176 break;
1177
1178 case SSL_HANDSHAKE_AS_SERVER:
1179 if (ssl_defaults.handshakeAsClient && on) {
1180 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1181 return SECFailure;
1182 }
1183 ssl_defaults.handshakeAsServer = on;
1184 break;
1185
1186 case SSL_ENABLE_TLS:
1187 ssl_EnableTLS(&versions_defaults_stream, on);
1188 break;
1189
1190 case SSL_ENABLE_SSL3:
1191 ssl_EnableSSL3(&versions_defaults_stream, on);
1192 break;
1193
1194 case SSL_ENABLE_SSL2:
1195 if (on) {
1196 /* don't turn it on if ssl2 disallowed by by policy */
1197 if (!ssl_VersionIsSupportedByPolicy(ssl_variant_stream,
1198 SSL_LIBRARY_VERSION_2)) {
1199 break;
1200 }
1201 }
1202 ssl_defaults.enableSSL2 = on;
1203 if (on) {
1204 ssl_defaults.v2CompatibleHello = on;
1205 }
1206 break;
1207
1208 case SSL_NO_CACHE:
1209 ssl_defaults.noCache = on;
1210 break;
1211
1212 case SSL_ENABLE_FDX:
1213 if (on && ssl_defaults.noLocks) {
1214 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1215 return SECFailure;
1216 }
1217 ssl_defaults.fdx = on;
1218 break;
1219
1220 case SSL_V2_COMPATIBLE_HELLO:
1221 ssl_defaults.v2CompatibleHello = on;
1222 if (!on) {
1223 ssl_defaults.enableSSL2 = on;
1224 }
1225 break;
1226
1227 case SSL_ROLLBACK_DETECTION:
1228 ssl_defaults.detectRollBack = on;
1229 break;
1230
1231 case SSL_NO_STEP_DOWN:
1232 ssl_defaults.noStepDown = on;
1233 if (on)
1234 SSL_DisableDefaultExportCipherSuites();
1235 break;
1236
1237 case SSL_BYPASS_PKCS11:
1238 if (PR_FALSE != on) {
1239 if (PR_SUCCESS == SSL_BypassSetup()) {
1240 #ifdef NO_PKCS11_BYPASS
1241 ssl_defaults.bypassPKCS11 = PR_FALSE;
1242 #else
1243 ssl_defaults.bypassPKCS11 = on;
1244 #endif
1245 } else {
1246 return SECFailure;
1247 }
1248 } else {
1249 ssl_defaults.bypassPKCS11 = PR_FALSE;
1250 }
1251 break;
1252
1253 case SSL_NO_LOCKS:
1254 if (on && ssl_defaults.fdx) {
1255 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1256 return SECFailure;
1257 }
1258 if (on && ssl_force_locks)
1259 on = PR_FALSE; /* silent override */
1260 ssl_defaults.noLocks = on;
1261 if (on) {
1262 locksEverDisabled = PR_TRUE;
1263 strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
1264 }
1265 break;
1266
1267 case SSL_ENABLE_SESSION_TICKETS:
1268 ssl_defaults.enableSessionTickets = on;
1269 break;
1270
1271 case SSL_ENABLE_DEFLATE:
1272 ssl_defaults.enableDeflate = on;
1273 break;
1274
1275 case SSL_ENABLE_RENEGOTIATION:
1276 ssl_defaults.enableRenegotiation = on;
1277 break;
1278
1279 case SSL_REQUIRE_SAFE_NEGOTIATION:
1280 ssl_defaults.requireSafeNegotiation = on;
1281 break;
1282
1283 case SSL_ENABLE_FALSE_START:
1284 ssl_defaults.enableFalseStart = on;
1285 break;
1286
1287 case SSL_CBC_RANDOM_IV:
1288 ssl_defaults.cbcRandomIV = on;
1289 break;
1290
1291 case SSL_ENABLE_OCSP_STAPLING:
1292 ssl_defaults.enableOCSPStapling = on;
1293 break;
1294
1295 case SSL_ENABLE_NPN:
1296 ssl_defaults.enableNPN = on;
1297 break;
1298
1299 case SSL_ENABLE_ALPN:
1300 ssl_defaults.enableALPN = on;
1301 break;
1302
1303 case SSL_REUSE_SERVER_ECDHE_KEY:
1304 ssl_defaults.reuseServerECDHEKey = on;
1305 break;
1306
1307 case SSL_ENABLE_FALLBACK_SCSV:
1308 ssl_defaults.enableFallbackSCSV = on;
1309 break;
1310
1311 case SSL_ENABLE_SERVER_DHE:
1312 ssl_defaults.enableServerDhe = on;
1313 break;
1314
1315 case SSL_ENABLE_EXTENDED_MASTER_SECRET:
1316 ssl_defaults.enableExtendedMS = on;
1317 break;
1318
1319 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
1320 ssl_defaults.enableSignedCertTimestamps = on;
1321 break;
1322
1323 default:
1324 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1325 return SECFailure;
1326 }
1327 return SECSuccess;
1328 }
1329
1330 /* function tells us if the cipher suite is one that we no longer support. */
1331 static PRBool
1332 ssl_IsRemovedCipherSuite(PRInt32 suite)
1333 {
1334 switch (suite) {
1335 case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
1336 case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:
1337 case SSL_FORTEZZA_DMS_WITH_RC4_128_SHA:
1338 return PR_TRUE;
1339 default:
1340 return PR_FALSE;
1341 }
1342 }
1343
1344 /* Part of the public NSS API.
1345 * Since this is a global (not per-socket) setting, we cannot use the
1346 * HandshakeLock to protect this. Probably want a global lock.
1347 */
1348 SECStatus
1349 SSL_SetPolicy(long which, int policy)
1350 {
1351 if ((which & 0xfffe) == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) {
1352 /* one of the two old FIPS ciphers */
1353 if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA)
1354 which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA;
1355 else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA)
1356 which = SSL_RSA_FIPS_WITH_DES_CBC_SHA;
1357 }
1358 if (ssl_IsRemovedCipherSuite(which))
1359 return SECSuccess;
1360 return SSL_CipherPolicySet(which, policy);
1361 }
1362
1363 SECStatus
1364 ssl_CipherPolicySet(PRInt32 which, PRInt32 policy)
1365 {
1366 SECStatus rv = SECSuccess;
1367
1368 if (ssl_IsRemovedCipherSuite(which)) {
1369 rv = SECSuccess;
1370 } else if (SSL_IS_SSL2_CIPHER(which)) {
1371 rv = ssl2_SetPolicy(which, policy);
1372 } else {
1373 rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy);
1374 }
1375 return rv;
1376 }
1377 SECStatus
1378 SSL_CipherPolicySet(PRInt32 which, PRInt32 policy)
1379 {
1380 SECStatus rv = ssl_Init();
1381
1382 if (rv != SECSuccess) {
1383 return rv;
1384 }
1385 return ssl_CipherPolicySet(which, policy);
1386 }
1387
1388 SECStatus
1389 SSL_CipherPolicyGet(PRInt32 which, PRInt32 *oPolicy)
1390 {
1391 SECStatus rv;
1392
1393 if (!oPolicy) {
1394 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1395 return SECFailure;
1396 }
1397 if (ssl_IsRemovedCipherSuite(which)) {
1398 *oPolicy = SSL_NOT_ALLOWED;
1399 rv = SECSuccess;
1400 } else if (SSL_IS_SSL2_CIPHER(which)) {
1401 rv = ssl2_GetPolicy(which, oPolicy);
1402 } else {
1403 rv = ssl3_GetPolicy((ssl3CipherSuite)which, oPolicy);
1404 }
1405 return rv;
1406 }
1407
1408 /* Part of the public NSS API.
1409 * Since this is a global (not per-socket) setting, we cannot use the
1410 * HandshakeLock to protect this. Probably want a global lock.
1411 * These changes have no effect on any sslSockets already created.
1412 */
1413 SECStatus
1414 SSL_EnableCipher(long which, PRBool enabled)
1415 {
1416 if ((which & 0xfffe) == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) {
1417 /* one of the two old FIPS ciphers */
1418 if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA)
1419 which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA;
1420 else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA)
1421 which = SSL_RSA_FIPS_WITH_DES_CBC_SHA;
1422 }
1423 if (ssl_IsRemovedCipherSuite(which))
1424 return SECSuccess;
1425 return SSL_CipherPrefSetDefault(which, enabled);
1426 }
1427
1428 SECStatus
1429 ssl_CipherPrefSetDefault(PRInt32 which, PRBool enabled)
1430 {
1431 SECStatus rv = SECSuccess;
1432
1433 if (ssl_IsRemovedCipherSuite(which))
1434 return SECSuccess;
1435 if (enabled && ssl_defaults.noStepDown && SSL_IsExportCipherSuite(which)) {
1436 PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
1437 return SECFailure;
1438 }
1439 if (SSL_IS_SSL2_CIPHER(which)) {
1440 rv = ssl2_CipherPrefSetDefault(which, enabled);
1441 } else {
1442 rv = ssl3_CipherPrefSetDefault((ssl3CipherSuite)which, enabled);
1443 }
1444 return rv;
1445 }
1446
1447 SECStatus
1448 SSL_CipherPrefSetDefault(PRInt32 which, PRBool enabled)
1449 {
1450 SECStatus rv = ssl_Init();
1451
1452 if (rv != SECSuccess) {
1453 return rv;
1454 }
1455 return ssl_CipherPrefSetDefault(which, enabled);
1456 }
1457
1458 SECStatus
1459 SSL_CipherPrefGetDefault(PRInt32 which, PRBool *enabled)
1460 {
1461 SECStatus rv;
1462
1463 if (!enabled) {
1464 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1465 return SECFailure;
1466 }
1467 if (ssl_IsRemovedCipherSuite(which)) {
1468 *enabled = PR_FALSE;
1469 rv = SECSuccess;
1470 } else if (SSL_IS_SSL2_CIPHER(which)) {
1471 rv = ssl2_CipherPrefGetDefault(which, enabled);
1472 } else {
1473 rv = ssl3_CipherPrefGetDefault((ssl3CipherSuite)which, enabled);
1474 }
1475 return rv;
1476 }
1477
1478 SECStatus
1479 SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled)
1480 {
1481 SECStatus rv;
1482 sslSocket *ss = ssl_FindSocket(fd);
1483
1484 if (!ss) {
1485 SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefSet", SSL_GETPID(), fd));
1486 return SECFailure;
1487 }
1488 if (ssl_IsRemovedCipherSuite(which))
1489 return SECSuccess;
1490 if (enabled && ss->opt.noStepDown && SSL_IsExportCipherSuite(which)) {
1491 PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
1492 return SECFailure;
1493 }
1494 if (SSL_IS_SSL2_CIPHER(which)) {
1495 rv = ssl2_CipherPrefSet(ss, which, enabled);
1496 } else {
1497 rv = ssl3_CipherPrefSet(ss, (ssl3CipherSuite)which, enabled);
1498 }
1499 return rv;
1500 }
1501
1502 SECStatus
1503 SSL_CipherOrderSet(PRFileDesc *fd, const PRUint16 *ciphers, unsigned int len)
1504 {
1505 sslSocket *ss = ssl_FindSocket(fd);
1506
1507 if (!ss) {
1508 SSL_DBG(("%d: SSL[%d]: bad socket in CipherOrderSet", SSL_GETPID(),
1509 fd));
1510 return SECFailure;
1511 }
1512 return ssl3_CipherOrderSet(ss, ciphers, len);
1513 }
1514
1515 SECStatus
1516 SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 which, PRBool *enabled)
1517 {
1518 SECStatus rv;
1519 sslSocket *ss = ssl_FindSocket(fd);
1520
1521 if (!enabled) {
1522 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1523 return SECFailure;
1524 }
1525 if (!ss) {
1526 SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefGet", SSL_GETPID(), fd));
1527 *enabled = PR_FALSE;
1528 return SECFailure;
1529 }
1530 if (ssl_IsRemovedCipherSuite(which)) {
1531 *enabled = PR_FALSE;
1532 rv = SECSuccess;
1533 } else if (SSL_IS_SSL2_CIPHER(which)) {
1534 rv = ssl2_CipherPrefGet(ss, which, enabled);
1535 } else {
1536 rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled);
1537 }
1538 return rv;
1539 }
1540
1541 SECStatus
1542 NSS_SetDomesticPolicy(void)
1543 {
1544 SECStatus status = SECSuccess;
1545 const PRUint16 *cipher;
1546 SECStatus rv;
1547 PRUint32 policy;
1548
1549 /* If we've already defined some policy oids, skip changing them */
1550 rv = NSS_GetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, &policy);
1551 if ((rv == SECSuccess) && (policy & NSS_USE_POLICY_IN_SSL)) {
1552 return ssl_Init(); /* make sure the policies have bee loaded */
1553 }
1554
1555 for (cipher = SSL_ImplementedCiphers; *cipher != 0; ++cipher) {
1556 status = SSL_SetPolicy(*cipher, SSL_ALLOWED);
1557 if (status != SECSuccess)
1558 break;
1559 }
1560 return status;
1561 }
1562
1563 SECStatus
1564 NSS_SetExportPolicy(void)
1565 {
1566 return NSS_SetDomesticPolicy();
1567 }
1568
1569 SECStatus
1570 NSS_SetFrancePolicy(void)
1571 {
1572 return NSS_SetDomesticPolicy();
1573 }
1574
1575 SECStatus
1576 SSL_DHEGroupPrefSet(PRFileDesc *fd,
1577 SSLDHEGroupType *groups,
1578 PRUint16 num_groups)
1579 {
1580 sslSocket *ss;
1581
1582 if ((num_groups && !groups) || (!num_groups && groups)) {
1583 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1584 return SECFailure;
1585 }
1586
1587 ss = ssl_FindSocket(fd);
1588 if (!ss) {
1589 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_DHEGroupPrefSet", SSL_GETPID(), fd));
1590 return SECFailure;
1591 }
1592
1593 if (ss->ssl3.dheGroups) {
1594 PORT_Free(ss->ssl3.dheGroups);
1595 ss->ssl3.dheGroups = NULL;
1596 ss->ssl3.numDHEGroups = 0;
1597 }
1598
1599 if (groups) {
1600 ss->ssl3.dheGroups = PORT_NewArray(SSLDHEGroupType, num_groups);
1601 if (!ss->ssl3.dheGroups) {
1602 PORT_SetError(SEC_ERROR_NO_MEMORY);
1603 return SECFailure;
1604 }
1605 PORT_Memcpy(ss->ssl3.dheGroups, groups,
1606 sizeof(SSLDHEGroupType) * num_groups);
1607 }
1608 return SECSuccess;
1609 }
1610
1611 PRCallOnceType gWeakDHParamsRegisterOnce;
1612 int gWeakDHParamsRegisterError;
1613
1614 PRCallOnceType gWeakDHParamsOnce;
1615 int gWeakDHParamsError;
1616 /* As our code allocates type PQGParams, we'll keep it around,
1617 * even though we only make use of it's parameters through gWeakDHParam. */
1618 static PQGParams *gWeakParamsPQG;
1619 static ssl3DHParams *gWeakDHParams;
1620
1621 static PRStatus
1622 ssl3_CreateWeakDHParams(void)
1623 {
1624 PQGVerify *vfy;
1625 SECStatus rv, passed;
1626
1627 PORT_Assert(!gWeakDHParams && !gWeakParamsPQG);
1628
1629 rv = PK11_PQG_ParamGenV2(1024, 160, 64 /*maximum seed that will work*/,
1630 &gWeakParamsPQG, &vfy);
1631 if (rv != SECSuccess) {
1632 gWeakDHParamsError = PORT_GetError();
1633 return PR_FAILURE;
1634 }
1635
1636 rv = PK11_PQG_VerifyParams(gWeakParamsPQG, vfy, &passed);
1637 if (rv != SECSuccess || passed != SECSuccess) {
1638 SSL_DBG(("%d: PK11_PQG_VerifyParams failed in ssl3_CreateWeakDHParams",
1639 SSL_GETPID()));
1640 gWeakDHParamsError = PORT_GetError();
1641 return PR_FAILURE;
1642 }
1643
1644 gWeakDHParams = PORT_ArenaNew(gWeakParamsPQG->arena, ssl3DHParams);
1645 if (!gWeakDHParams) {
1646 gWeakDHParamsError = PORT_GetError();
1647 return PR_FAILURE;
1648 }
1649
1650 gWeakDHParams->prime.data = gWeakParamsPQG->prime.data;
1651 gWeakDHParams->prime.len = gWeakParamsPQG->prime.len;
1652 gWeakDHParams->base.data = gWeakParamsPQG->base.data;
1653 gWeakDHParams->base.len = gWeakParamsPQG->base.len;
1654
1655 PK11_PQG_DestroyVerify(vfy);
1656 return PR_SUCCESS;
1657 }
1658
1659 static SECStatus
1660 ssl3_WeakDHParamsShutdown(void *appData, void *nssData)
1661 {
1662 if (gWeakParamsPQG) {
1663 PK11_PQG_DestroyParams(gWeakParamsPQG);
1664 gWeakParamsPQG = NULL;
1665 gWeakDHParams = NULL;
1666 }
1667 return SECSuccess;
1668 }
1669
1670 static PRStatus
1671 ssl3_WeakDHParamsRegisterShutdown(void)
1672 {
1673 SECStatus rv;
1674 rv = NSS_RegisterShutdown(ssl3_WeakDHParamsShutdown, NULL);
1675 if (rv != SECSuccess) {
1676 gWeakDHParamsRegisterError = PORT_GetError();
1677 }
1678 return (PRStatus)rv;
1679 }
1680
1681 /* global init strategy inspired by ssl3_CreateECDHEphemeralKeys */
1682 SECStatus
1683 SSL_EnableWeakDHEPrimeGroup(PRFileDesc *fd, PRBool enabled)
1684 {
1685 sslSocket *ss;
1686 PRStatus status;
1687
1688 if (enabled) {
1689 status = PR_CallOnce(&gWeakDHParamsRegisterOnce,
1690 ssl3_WeakDHParamsRegisterShutdown);
1691 if (status != PR_SUCCESS) {
1692 PORT_SetError(gWeakDHParamsRegisterError);
1693 return SECFailure;
1694 }
1695
1696 status = PR_CallOnce(&gWeakDHParamsOnce, ssl3_CreateWeakDHParams);
1697 if (status != PR_SUCCESS) {
1698 PORT_SetError(gWeakDHParamsError);
1699 return SECFailure;
1700 }
1701 }
1702
1703 if (!fd)
1704 return SECSuccess;
1705
1706 ss = ssl_FindSocket(fd);
1707 if (!ss) {
1708 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_DHEGroupPrefSet", SSL_GETPID(), fd));
1709 return SECFailure;
1710 }
1711
1712 ss->ssl3.dheWeakGroupEnabled = enabled;
1713 return SECSuccess;
1714 }
1715
1716 SECStatus
1717 SSL_GetChannelBinding(PRFileDesc *fd,
1718 SSLChannelBindingType binding_type,
1719 unsigned char *out,
1720 unsigned int *outLen,
1721 unsigned int outLenMax)
1722 {
1723 sslSocket *ss = ssl_FindSocket(fd);
1724
1725 if (!ss) {
1726 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetChannelBinding",
1727 SSL_GETPID(), fd));
1728 return SECFailure;
1729 }
1730
1731 if (binding_type != SSL_CHANNEL_BINDING_TLS_UNIQUE) {
1732 PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
1733 return SECFailure;
1734 }
1735
1736 return ssl3_GetTLSUniqueChannelBinding(ss, out, outLen, outLenMax);
1737 }
1738
1739 #include "dhe-param.c"
1740
1741 static const SSLDHEGroupType ssl_default_dhe_groups[] = {
1742 ssl_ff_dhe_2048_group
1743 };
1744
1745 /* Keep this array synchronized with the index definitions in SSLDHEGroupType */
1746 static const ssl3DHParams *all_ssl3DHParams[] = {
1747 NULL, /* ssl_dhe_group_none */
1748 &ff_dhe_2048,
1749 &ff_dhe_3072,
1750 &ff_dhe_4096,
1751 &ff_dhe_6144,
1752 &ff_dhe_8192,
1753 };
1754
1755 static SSLDHEGroupType
1756 selectDHEGroup(sslSocket *ss, const SSLDHEGroupType *groups, PRUint16 num_groups )
1757 {
1758 if (!groups || !num_groups)
1759 return ssl_dhe_group_none;
1760
1761 /* We don't have automatic group parameter selection yet
1762 * (potentially) based on socket parameters, e.g. key sizes.
1763 * For now, we return the first available group from the allowed list. */
1764 return groups[0];
1765 }
1766
1767 /* Ensure DH parameters have been selected */
1768 SECStatus
1769 ssl3_SelectDHParams(sslSocket *ss)
1770 {
1771 SSLDHEGroupType selectedGroup = ssl_dhe_group_none;
1772
1773 if (ss->ssl3.dheWeakGroupEnabled) {
1774 ss->dheParams = gWeakDHParams;
1775 } else {
1776 if (ss->ssl3.dheGroups) {
1777 selectedGroup = selectDHEGroup(ss, ss->ssl3.dheGroups,
1778 ss->ssl3.numDHEGroups);
1779 } else {
1780 size_t number_of_default_groups = PR_ARRAY_SIZE(ssl_default_dhe_grou ps);
1781 selectedGroup = selectDHEGroup(ss, ssl_default_dhe_groups,
1782 number_of_default_groups);
1783 }
1784
1785 if (selectedGroup == ssl_dhe_group_none ||
1786 selectedGroup >= ssl_dhe_group_max) {
1787 return SECFailure;
1788 }
1789
1790 ss->dheParams = all_ssl3DHParams[selectedGroup];
1791 }
1792
1793 return SECSuccess;
1794 }
1795
1796 /* LOCKS ??? XXX */
1797 static PRFileDesc *
1798 ssl_ImportFD(PRFileDesc *model, PRFileDesc *fd, SSLProtocolVariant variant)
1799 {
1800 sslSocket *ns = NULL;
1801 PRStatus rv;
1802 PRNetAddr addr;
1803 SECStatus status = ssl_Init();
1804
1805 if (status != SECSuccess) {
1806 return NULL;
1807 }
1808
1809 if (model == NULL) {
1810 /* Just create a default socket if we're given NULL for the model */
1811 ns = ssl_NewSocket((PRBool)(!ssl_defaults.noLocks), variant);
1812 } else {
1813 sslSocket *ss = ssl_FindSocket(model);
1814 if (ss == NULL || ss->protocolVariant != variant) {
1815 SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ImportFD",
1816 SSL_GETPID(), model));
1817 return NULL;
1818 }
1819 ns = ssl_DupSocket(ss);
1820 }
1821 if (ns == NULL)
1822 return NULL;
1823
1824 rv = ssl_PushIOLayer(ns, fd, PR_TOP_IO_LAYER);
1825 if (rv != PR_SUCCESS) {
1826 ssl_FreeSocket(ns);
1827 SET_ERROR_CODE
1828 return NULL;
1829 }
1830 #if defined(DEBUG) || defined(FORCE_PR_ASSERT)
1831 {
1832 sslSocket *ss = ssl_FindSocket(fd);
1833 PORT_Assert(ss == ns);
1834 }
1835 #endif
1836 ns->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ns, &addr));
1837 return fd;
1838 }
1839
1840 PRFileDesc *
1841 SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd)
1842 {
1843 return ssl_ImportFD(model, fd, ssl_variant_stream);
1844 }
1845
1846 PRFileDesc *
1847 DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd)
1848 {
1849 return ssl_ImportFD(model, fd, ssl_variant_datagram);
1850 }
1851
1852 /* SSL_SetNextProtoCallback is used to select an application protocol
1853 * for ALPN and NPN. For ALPN, this runs on the server; for NPN it
1854 * runs on the client. */
1855 /* Note: The ALPN version doesn't allow for the use of a default, setting a
1856 * status of SSL_NEXT_PROTO_NO_OVERLAP is treated as a failure. */
1857 SECStatus
1858 SSL_SetNextProtoCallback(PRFileDesc *fd, SSLNextProtoCallback callback,
1859 void *arg)
1860 {
1861 sslSocket *ss = ssl_FindSocket(fd);
1862
1863 if (!ss) {
1864 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoCallback", SSL_GETP ID(),
1865 fd));
1866 return SECFailure;
1867 }
1868
1869 ssl_GetSSL3HandshakeLock(ss);
1870 ss->nextProtoCallback = callback;
1871 ss->nextProtoArg = arg;
1872 ssl_ReleaseSSL3HandshakeLock(ss);
1873
1874 return SECSuccess;
1875 }
1876
1877 /* ssl_NextProtoNegoCallback is set as an ALPN/NPN callback when
1878 * SSL_SetNextProtoNego is used.
1879 */
1880 static SECStatus
1881 ssl_NextProtoNegoCallback(void *arg, PRFileDesc *fd,
1882 const unsigned char *protos, unsigned int protos_len,
1883 unsigned char *protoOut, unsigned int *protoOutLen,
1884 unsigned int protoMaxLen)
1885 {
1886 unsigned int i, j;
1887 const unsigned char *result;
1888 sslSocket *ss = ssl_FindSocket(fd);
1889
1890 if (!ss) {
1891 SSL_DBG(("%d: SSL[%d]: bad socket in ssl_NextProtoNegoCallback",
1892 SSL_GETPID(), fd));
1893 return SECFailure;
1894 }
1895
1896 /* For each protocol in server preference, see if we support it. */
1897 for (i = 0; i < protos_len;) {
1898 for (j = 0; j < ss->opt.nextProtoNego.len;) {
1899 if (protos[i] == ss->opt.nextProtoNego.data[j] &&
1900 PORT_Memcmp(&protos[i + 1], &ss->opt.nextProtoNego.data[j + 1],
1901 protos[i]) == 0) {
1902 /* We found a match. */
1903 ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NEGOTIATED;
1904 result = &protos[i];
1905 goto found;
1906 }
1907 j += 1 + (unsigned int)ss->opt.nextProtoNego.data[j];
1908 }
1909 i += 1 + (unsigned int)protos[i];
1910 }
1911
1912 /* The other side supports the extension, and either doesn't have any
1913 * protocols configured, or none of its options match ours. In this case we
1914 * request our favoured protocol. */
1915 /* This will be treated as a failure for ALPN. */
1916 ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NO_OVERLAP;
1917 result = ss->opt.nextProtoNego.data;
1918
1919 found:
1920 if (protoMaxLen < result[0]) {
1921 PORT_SetError(SEC_ERROR_OUTPUT_LEN);
1922 return SECFailure;
1923 }
1924 memcpy(protoOut, result + 1, result[0]);
1925 *protoOutLen = result[0];
1926 return SECSuccess;
1927 }
1928
1929 SECStatus
1930 SSL_SetNextProtoNego(PRFileDesc *fd, const unsigned char *data,
1931 unsigned int length)
1932 {
1933 sslSocket *ss;
1934 SECStatus rv;
1935 SECItem dataItem = { siBuffer, (unsigned char *)data, length };
1936
1937 ss = ssl_FindSocket(fd);
1938 if (!ss) {
1939 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoNego",
1940 SSL_GETPID(), fd));
1941 return SECFailure;
1942 }
1943
1944 if (ssl3_ValidateNextProtoNego(data, length) != SECSuccess)
1945 return SECFailure;
1946
1947 ssl_GetSSL3HandshakeLock(ss);
1948 SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE);
1949 rv = SECITEM_CopyItem(NULL, &ss->opt.nextProtoNego, &dataItem);
1950 ssl_ReleaseSSL3HandshakeLock(ss);
1951
1952 if (rv != SECSuccess)
1953 return rv;
1954
1955 return SSL_SetNextProtoCallback(fd, ssl_NextProtoNegoCallback, NULL);
1956 }
1957
1958 SECStatus
1959 SSL_GetNextProto(PRFileDesc *fd, SSLNextProtoState *state, unsigned char *buf,
1960 unsigned int *bufLen, unsigned int bufLenMax)
1961 {
1962 sslSocket *ss = ssl_FindSocket(fd);
1963
1964 if (!ss) {
1965 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNextProto", SSL_GETPID(),
1966 fd));
1967 return SECFailure;
1968 }
1969
1970 if (!state || !buf || !bufLen) {
1971 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1972 return SECFailure;
1973 }
1974
1975 *state = ss->ssl3.nextProtoState;
1976
1977 if (ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NO_SUPPORT &&
1978 ss->ssl3.nextProto.data) {
1979 if (ss->ssl3.nextProto.len > bufLenMax) {
1980 PORT_SetError(SEC_ERROR_OUTPUT_LEN);
1981 return SECFailure;
1982 }
1983 PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len);
1984 *bufLen = ss->ssl3.nextProto.len;
1985 } else {
1986 *bufLen = 0;
1987 }
1988
1989 return SECSuccess;
1990 }
1991
1992 SECStatus
1993 SSL_SetSRTPCiphers(PRFileDesc *fd,
1994 const PRUint16 *ciphers,
1995 unsigned int numCiphers)
1996 {
1997 sslSocket *ss;
1998 unsigned int i;
1999
2000 ss = ssl_FindSocket(fd);
2001 if (!ss || !IS_DTLS(ss)) {
2002 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSRTPCiphers",
2003 SSL_GETPID(), fd));
2004 PORT_SetError(SEC_ERROR_INVALID_ARGS);
2005 return SECFailure;
2006 }
2007
2008 if (numCiphers > MAX_DTLS_SRTP_CIPHER_SUITES) {
2009 PORT_SetError(SEC_ERROR_INVALID_ARGS);
2010 return SECFailure;
2011 }
2012
2013 ss->ssl3.dtlsSRTPCipherCount = 0;
2014 for (i = 0; i < numCiphers; i++) {
2015 const PRUint16 *srtpCipher = srtpCiphers;
2016
2017 while (*srtpCipher) {
2018 if (ciphers[i] == *srtpCipher)
2019 break;
2020 srtpCipher++;
2021 }
2022 if (*srtpCipher) {
2023 ss->ssl3.dtlsSRTPCiphers[ss->ssl3.dtlsSRTPCipherCount++] =
2024 ciphers[i];
2025 } else {
2026 SSL_DBG(("%d: SSL[%d]: invalid or unimplemented SRTP cipher "
2027 "suite specified: 0x%04hx",
2028 SSL_GETPID(), fd,
2029 ciphers[i]));
2030 }
2031 }
2032
2033 if (ss->ssl3.dtlsSRTPCipherCount == 0) {
2034 PORT_SetError(SEC_ERROR_INVALID_ARGS);
2035 return SECFailure;
2036 }
2037
2038 return SECSuccess;
2039 }
2040
2041 SECStatus
2042 SSL_GetSRTPCipher(PRFileDesc *fd, PRUint16 *cipher)
2043 {
2044 sslSocket *ss;
2045
2046 ss = ssl_FindSocket(fd);
2047 if (!ss) {
2048 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetSRTPCipher",
2049 SSL_GETPID(), fd));
2050 PORT_SetError(SEC_ERROR_INVALID_ARGS);
2051 return SECFailure;
2052 }
2053
2054 if (!ss->ssl3.dtlsSRTPCipherSuite) {
2055 PORT_SetError(SEC_ERROR_INVALID_ARGS);
2056 return SECFailure;
2057 }
2058
2059 *cipher = ss->ssl3.dtlsSRTPCipherSuite;
2060 return SECSuccess;
2061 }
2062
2063 PRFileDesc *
2064 SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
2065 {
2066 sslSocket *sm = NULL, *ss = NULL;
2067 int i;
2068 sslServerCerts *mc = NULL;
2069 sslServerCerts *sc = NULL;
2070
2071 if (model == NULL) {
2072 PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
2073 return NULL;
2074 }
2075 sm = ssl_FindSocket(model);
2076 if (sm == NULL) {
2077 SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ReconfigFD",
2078 SSL_GETPID(), model));
2079 return NULL;
2080 }
2081 ss = ssl_FindSocket(fd);
2082 PORT_Assert(ss);
2083 if (ss == NULL) {
2084 PORT_SetError(SEC_ERROR_INVALID_ARGS);
2085 return NULL;
2086 }
2087
2088 ss->opt = sm->opt;
2089 ss->vrange = sm->vrange;
2090 PORT_Memcpy(ss->cipherSuites, sm->cipherSuites, sizeof sm->cipherSuites);
2091 PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, sm->ssl3.dtlsSRTPCiphers,
2092 sizeof(PRUint16) * sm->ssl3.dtlsSRTPCipherCount);
2093 ss->ssl3.dtlsSRTPCipherCount = sm->ssl3.dtlsSRTPCipherCount;
2094 PORT_Memcpy(ss->ssl3.signatureAlgorithms, sm->ssl3.signatureAlgorithms,
2095 sizeof(ss->ssl3.signatureAlgorithms[0]) *
2096 sm->ssl3.signatureAlgorithmCount);
2097 ss->ssl3.signatureAlgorithmCount = sm->ssl3.signatureAlgorithmCount;
2098 ss->ssl3.downgradeCheckVersion = sm->ssl3.downgradeCheckVersion;
2099
2100 if (!ss->opt.useSecurity) {
2101 PORT_SetError(SEC_ERROR_INVALID_ARGS);
2102 return NULL;
2103 }
2104 /* This int should be SSLKEAType, but CC on Irix complains,
2105 * during the for loop.
2106 */
2107 for (i = kt_null; i < kt_kea_size; i++) {
2108 mc = &(sm->serverCerts[i]);
2109 sc = &(ss->serverCerts[i]);
2110 if (mc->serverCert && mc->serverCertChain) {
2111 if (sc->serverCert) {
2112 CERT_DestroyCertificate(sc->serverCert);
2113 }
2114 sc->serverCert = CERT_DupCertificate(mc->serverCert);
2115 if (sc->serverCertChain) {
2116 CERT_DestroyCertificateList(sc->serverCertChain);
2117 }
2118 sc->serverCertChain = CERT_DupCertList(mc->serverCertChain);
2119 if (!sc->serverCertChain)
2120 goto loser;
2121 if (sm->certStatusArray[i]) {
2122 if (ss->certStatusArray[i]) {
2123 SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE);
2124 ss->certStatusArray[i] = NULL;
2125 }
2126 ss->certStatusArray[i] = SECITEM_DupArray(NULL, sm->certStatusAr ray[i]);
2127 if (!ss->certStatusArray[i])
2128 goto loser;
2129 }
2130 if (sm->signedCertTimestamps[i].data) {
2131 if (ss->signedCertTimestamps[i].data) {
2132 SECITEM_FreeItem(&ss->signedCertTimestamps[i], PR_FALSE);
2133 }
2134 if (SECITEM_CopyItem(NULL,
2135 &ss->signedCertTimestamps[i],
2136 &sm->signedCertTimestamps[i]) !=
2137 SECSuccess) {
2138 goto loser;
2139 }
2140 }
2141 }
2142 if (mc->serverKeyPair) {
2143 if (sc->serverKeyPair) {
2144 ssl3_FreeKeyPair(sc->serverKeyPair);
2145 }
2146 sc->serverKeyPair = ssl3_GetKeyPairRef(mc->serverKeyPair);
2147 sc->serverKeyBits = mc->serverKeyBits;
2148 }
2149 }
2150 if (sm->stepDownKeyPair) {
2151 if (ss->stepDownKeyPair) {
2152 ssl3_FreeKeyPair(ss->stepDownKeyPair);
2153 }
2154 ss->stepDownKeyPair = ssl3_GetKeyPairRef(sm->stepDownKeyPair);
2155 }
2156 if (sm->ephemeralECDHKeyPair) {
2157 if (ss->ephemeralECDHKeyPair) {
2158 ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
2159 }
2160 ss->ephemeralECDHKeyPair =
2161 ssl3_GetKeyPairRef(sm->ephemeralECDHKeyPair);
2162 }
2163 /* copy trust anchor names */
2164 if (sm->ssl3.ca_list) {
2165 if (ss->ssl3.ca_list) {
2166 CERT_FreeDistNames(ss->ssl3.ca_list);
2167 }
2168 ss->ssl3.ca_list = CERT_DupDistNames(sm->ssl3.ca_list);
2169 if (!ss->ssl3.ca_list) {
2170 goto loser;
2171 }
2172 }
2173
2174 if (sm->authCertificate)
2175 ss->authCertificate = sm->authCertificate;
2176 if (sm->authCertificateArg)
2177 ss->authCertificateArg = sm->authCertificateArg;
2178 if (sm->getClientAuthData)
2179 ss->getClientAuthData = sm->getClientAuthData;
2180 if (sm->getClientAuthDataArg)
2181 ss->getClientAuthDataArg = sm->getClientAuthDataArg;
2182 if (sm->sniSocketConfig)
2183 ss->sniSocketConfig = sm->sniSocketConfig;
2184 if (sm->sniSocketConfigArg)
2185 ss->sniSocketConfigArg = sm->sniSocketConfigArg;
2186 if (sm->handleBadCert)
2187 ss->handleBadCert = sm->handleBadCert;
2188 if (sm->badCertArg)
2189 ss->badCertArg = sm->badCertArg;
2190 if (sm->handshakeCallback)
2191 ss->handshakeCallback = sm->handshakeCallback;
2192 if (sm->handshakeCallbackData)
2193 ss->handshakeCallbackData = sm->handshakeCallbackData;
2194 if (sm->pkcs11PinArg)
2195 ss->pkcs11PinArg = sm->pkcs11PinArg;
2196 if (sm->getChannelID)
2197 ss->getChannelID = sm->getChannelID;
2198 if (sm->getChannelIDArg)
2199 ss->getChannelIDArg = sm->getChannelIDArg;
2200 return fd;
2201 loser:
2202 return NULL;
2203 }
2204
2205 /*
2206 * Get the user supplied range
2207 */
2208 static SECStatus
2209 ssl3_GetRangePolicy(SSLProtocolVariant protocolVariant, SSLVersionRange *prange)
2210 {
2211 SECStatus rv;
2212 PRUint32 policy;
2213 PRInt32 option;
2214
2215 /* only use policy constraints if we've set the apply ssl policy bit */
2216 rv = NSS_GetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, &policy);
2217 if ((rv != SECSuccess) || !(policy & NSS_USE_POLICY_IN_SSL)) {
2218 return SECFailure;
2219 }
2220 rv = NSS_OptionGet(VERSIONS_POLICY_MIN(protocolVariant), &option);
2221 if (rv != SECSuccess) {
2222 return rv;
2223 }
2224 prange->min = (PRUint16)option;
2225 rv = NSS_OptionGet(VERSIONS_POLICY_MAX(protocolVariant), &option);
2226 if (rv != SECSuccess) {
2227 return rv;
2228 }
2229 prange->max = (PRUint16)option;
2230 if (prange->max < prange->min) {
2231 return SECFailure; /* don't accept an invalid policy */
2232 }
2233 return SECSuccess;
2234 }
2235
2236 /*
2237 * Constrain a single protocol variant's range based on the user policy
2238 */
2239 static SECStatus
2240 ssl3_ConstrainVariantRangeByPolicy(SSLProtocolVariant protocolVariant)
2241 {
2242 SSLVersionRange vrange;
2243 SSLVersionRange pvrange;
2244 SECStatus rv;
2245
2246 vrange = *VERSIONS_DEFAULTS(protocolVariant);
2247 rv = ssl3_GetRangePolicy(protocolVariant, &pvrange);
2248 if (rv != SECSuccess) {
2249 return SECSuccess; /* we don't have any policy */
2250 }
2251 vrange.min = PR_MAX(vrange.min, pvrange.min);
2252 vrange.max = PR_MIN(vrange.max, pvrange.max);
2253 if (vrange.max >= vrange.min) {
2254 *VERSIONS_DEFAULTS(protocolVariant) = vrange;
2255 } else {
2256 /* there was no overlap, turn off range altogether */
2257 pvrange.min = pvrange.max = SSL_LIBRARY_VERSION_NONE;
2258 *VERSIONS_DEFAULTS(protocolVariant) = pvrange;
2259 }
2260 return SECSuccess;
2261 }
2262
2263 static PRBool
2264 ssl_VersionIsSupportedByPolicy(SSLProtocolVariant protocolVariant,
2265 SSL3ProtocolVersion version)
2266 {
2267 SSLVersionRange pvrange;
2268 SECStatus rv;
2269
2270 rv = ssl3_GetRangePolicy(protocolVariant, &pvrange);
2271 if (rv == SECSuccess) {
2272 if ((version > pvrange.max) || (version < pvrange.min)) {
2273 return PR_FALSE; /* disallowed by policy */
2274 }
2275 }
2276 return PR_TRUE;
2277 }
2278
2279 /*
2280 * This is called at SSL init time to constrain the existing range based
2281 * on user supplied policy.
2282 */
2283 SECStatus
2284 ssl3_ConstrainRangeByPolicy(void)
2285 {
2286 SECStatus rv;
2287 rv = ssl3_ConstrainVariantRangeByPolicy(ssl_variant_stream);
2288 if (rv != SECSuccess) {
2289 return rv;
2290 }
2291 rv = ssl3_ConstrainVariantRangeByPolicy(ssl_variant_datagram);
2292 if (rv != SECSuccess) {
2293 return rv;
2294 }
2295 return SECSuccess;
2296 }
2297
2298 PRBool
2299 ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant,
2300 SSL3ProtocolVersion version)
2301 {
2302 if (!ssl_VersionIsSupportedByPolicy(protocolVariant, version)) {
2303 return PR_FALSE;
2304 }
2305 switch (protocolVariant) {
2306 case ssl_variant_stream:
2307 return (version >= SSL_LIBRARY_VERSION_3_0 &&
2308 version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED);
2309 case ssl_variant_datagram:
2310 return (version >= SSL_LIBRARY_VERSION_TLS_1_1 &&
2311 version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED);
2312 default:
2313 /* Can't get here */
2314 PORT_Assert(PR_FALSE);
2315 return PR_FALSE;
2316 }
2317 }
2318
2319 /* Returns PR_TRUE if the given version range is valid and
2320 ** fully supported; otherwise, returns PR_FALSE.
2321 */
2322 static PRBool
2323 ssl3_VersionRangeIsValid(SSLProtocolVariant protocolVariant,
2324 const SSLVersionRange *vrange)
2325 {
2326 return vrange &&
2327 vrange->min <= vrange->max &&
2328 ssl3_VersionIsSupported(protocolVariant, vrange->min) &&
2329 ssl3_VersionIsSupported(protocolVariant, vrange->max);
2330 }
2331
2332 const SECItem *
2333 SSL_PeerSignedCertTimestamps(PRFileDesc *fd)
2334 {
2335 sslSocket *ss = ssl_FindSocket(fd);
2336
2337 if (!ss) {
2338 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_PeerSignedCertTimestamps",
2339 SSL_GETPID(), fd));
2340 return NULL;
2341 }
2342
2343 if (!ss->sec.ci.sid) {
2344 PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
2345 return NULL;
2346 }
2347
2348 if (ss->sec.ci.sid->version < SSL_LIBRARY_VERSION_3_0) {
2349 PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);
2350 return NULL;
2351 }
2352 return &ss->sec.ci.sid->u.ssl3.signedCertTimestamps;
2353 }
2354
2355 SECStatus
2356 SSL_VersionRangeGetSupported(SSLProtocolVariant protocolVariant,
2357 SSLVersionRange *vrange)
2358 {
2359 if (!vrange) {
2360 PORT_SetError(SEC_ERROR_INVALID_ARGS);
2361 return SECFailure;
2362 }
2363
2364 switch (protocolVariant) {
2365 case ssl_variant_stream:
2366 vrange->min = SSL_LIBRARY_VERSION_3_0;
2367 vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED;
2368 break;
2369 case ssl_variant_datagram:
2370 vrange->min = SSL_LIBRARY_VERSION_TLS_1_1;
2371 vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED;
2372 break;
2373 default:
2374 PORT_SetError(SEC_ERROR_INVALID_ARGS);
2375 return SECFailure;
2376 }
2377
2378 return SECSuccess;
2379 }
2380
2381 SECStatus
2382 SSL_VersionRangeGetDefault(SSLProtocolVariant protocolVariant,
2383 SSLVersionRange *vrange)
2384 {
2385 if ((protocolVariant != ssl_variant_stream &&
2386 protocolVariant != ssl_variant_datagram) ||
2387 !vrange) {
2388 PORT_SetError(SEC_ERROR_INVALID_ARGS);
2389 return SECFailure;
2390 }
2391
2392 *vrange = *VERSIONS_DEFAULTS(protocolVariant);
2393
2394 return SECSuccess;
2395 }
2396
2397 SECStatus
2398 SSL_VersionRangeSetDefault(SSLProtocolVariant protocolVariant,
2399 const SSLVersionRange *vrange)
2400 {
2401 if (!ssl3_VersionRangeIsValid(protocolVariant, vrange)) {
2402 PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
2403 return SECFailure;
2404 }
2405
2406 *VERSIONS_DEFAULTS(protocolVariant) = *vrange;
2407
2408 return SECSuccess;
2409 }
2410
2411 SECStatus
2412 SSL_VersionRangeGet(PRFileDesc *fd, SSLVersionRange *vrange)
2413 {
2414 sslSocket *ss = ssl_FindSocket(fd);
2415
2416 if (!ss) {
2417 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_VersionRangeGet",
2418 SSL_GETPID(), fd));
2419 return SECFailure;
2420 }
2421
2422 if (!vrange) {
2423 PORT_SetError(SEC_ERROR_INVALID_ARGS);
2424 return SECFailure;
2425 }
2426
2427 ssl_Get1stHandshakeLock(ss);
2428 ssl_GetSSL3HandshakeLock(ss);
2429
2430 *vrange = ss->vrange;
2431
2432 ssl_ReleaseSSL3HandshakeLock(ss);
2433 ssl_Release1stHandshakeLock(ss);
2434
2435 return SECSuccess;
2436 }
2437
2438 SECStatus
2439 SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange)
2440 {
2441 sslSocket *ss = ssl_FindSocket(fd);
2442
2443 if (!ss) {
2444 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_VersionRangeSet",
2445 SSL_GETPID(), fd));
2446 return SECFailure;
2447 }
2448
2449 if (!ssl3_VersionRangeIsValid(ss->protocolVariant, vrange)) {
2450 PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
2451 return SECFailure;
2452 }
2453
2454 ssl_Get1stHandshakeLock(ss);
2455 ssl_GetSSL3HandshakeLock(ss);
2456
2457 if (ss->ssl3.downgradeCheckVersion &&
2458 ss->vrange.max > ss->ssl3.downgradeCheckVersion) {
2459 PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
2460 ssl_ReleaseSSL3HandshakeLock(ss);
2461 ssl_Release1stHandshakeLock(ss);
2462 return SECFailure;
2463 }
2464
2465 ss->vrange = *vrange;
2466
2467 ssl_ReleaseSSL3HandshakeLock(ss);
2468 ssl_Release1stHandshakeLock(ss);
2469
2470 return SECSuccess;
2471 }
2472
2473 SECStatus
2474 SSL_SetDowngradeCheckVersion(PRFileDesc *fd, PRUint16 version)
2475 {
2476 sslSocket *ss = ssl_FindSocket(fd);
2477 SECStatus rv = SECFailure;
2478
2479 if (!ss) {
2480 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetDowngradeCheckVersion",
2481 SSL_GETPID(), fd));
2482 return SECFailure;
2483 }
2484
2485 if (version && !ssl3_VersionIsSupported(ss->protocolVariant, version)) {
2486 PORT_SetError(SEC_ERROR_INVALID_ARGS);
2487 return SECFailure;
2488 }
2489
2490 ssl_Get1stHandshakeLock(ss);
2491 ssl_GetSSL3HandshakeLock(ss);
2492
2493 if (version && version < ss->vrange.max) {
2494 PORT_SetError(SEC_ERROR_INVALID_ARGS);
2495 goto loser;
2496 }
2497 ss->ssl3.downgradeCheckVersion = version;
2498 rv = SECSuccess;
2499
2500 loser:
2501 ssl_ReleaseSSL3HandshakeLock(ss);
2502 ssl_Release1stHandshakeLock(ss);
2503
2504 return rv;
2505 }
2506
2507 const SECItemArray *
2508 SSL_PeerStapledOCSPResponses(PRFileDesc *fd)
2509 {
2510 sslSocket *ss = ssl_FindSocket(fd);
2511
2512 if (!ss) {
2513 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_PeerStapledOCSPResponses",
2514 SSL_GETPID(), fd));
2515 return NULL;
2516 }
2517
2518 if (!ss->sec.ci.sid) {
2519 PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
2520 return NULL;
2521 }
2522
2523 return &ss->sec.ci.sid->peerCertStatus;
2524 }
2525
2526 SECStatus
2527 SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *handshake_resumed)
2528 {
2529 sslSocket *ss = ssl_FindSocket(fd);
2530
2531 if (!ss) {
2532 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_HandshakeResumedSession",
2533 SSL_GETPID(), fd));
2534 return SECFailure;
2535 }
2536
2537 *handshake_resumed = ss->ssl3.hs.isResuming;
2538 return SECSuccess;
2539 }
2540
2541 const SECItem *
2542 SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd)
2543 {
2544 sslSocket *ss = ssl_FindSocket(fd);
2545
2546 if (!ss) {
2547 SSL_DBG(("%d: SSL[%d]: bad socket in "
2548 "SSL_GetRequestedClientCertificateTypes",
2549 SSL_GETPID(), fd));
2550 return NULL;
2551 }
2552
2553 return ss->requestedCertTypes;
2554 }
2555
2556 /************************************************************************/
2557 /* The following functions are the TOP LEVEL SSL functions.
2558 ** They all get called through the NSPRIOMethods table below.
2559 */
2560
2561 static PRFileDesc *PR_CALLBACK
2562 ssl_Accept(PRFileDesc *fd, PRNetAddr *sockaddr, PRIntervalTime timeout)
2563 {
2564 sslSocket *ss;
2565 sslSocket *ns = NULL;
2566 PRFileDesc *newfd = NULL;
2567 PRFileDesc *osfd;
2568 PRStatus status;
2569
2570 ss = ssl_GetPrivate(fd);
2571 if (!ss) {
2572 SSL_DBG(("%d: SSL[%d]: bad socket in accept", SSL_GETPID(), fd));
2573 return NULL;
2574 }
2575
2576 /* IF this is a listen socket, there shouldn't be any I/O going on */
2577 SSL_LOCK_READER(ss);
2578 SSL_LOCK_WRITER(ss);
2579 ssl_Get1stHandshakeLock(ss);
2580 ssl_GetSSL3HandshakeLock(ss);
2581
2582 ss->cTimeout = timeout;
2583
2584 osfd = ss->fd->lower;
2585
2586 /* First accept connection */
2587 newfd = osfd->methods->accept(osfd, sockaddr, timeout);
2588 if (newfd == NULL) {
2589 SSL_DBG(("%d: SSL[%d]: accept failed, errno=%d",
2590 SSL_GETPID(), ss->fd, PORT_GetError()));
2591 } else {
2592 /* Create ssl module */
2593 ns = ssl_DupSocket(ss);
2594 }
2595
2596 ssl_ReleaseSSL3HandshakeLock(ss);
2597 ssl_Release1stHandshakeLock(ss);
2598 SSL_UNLOCK_WRITER(ss);
2599 SSL_UNLOCK_READER(ss); /* ss isn't used below here. */
2600
2601 if (ns == NULL)
2602 goto loser;
2603
2604 /* push ssl module onto the new socket */
2605 status = ssl_PushIOLayer(ns, newfd, PR_TOP_IO_LAYER);
2606 if (status != PR_SUCCESS)
2607 goto loser;
2608
2609 /* Now start server connection handshake with client.
2610 ** Don't need locks here because nobody else has a reference to ns yet.
2611 */
2612 if (ns->opt.useSecurity) {
2613 if (ns->opt.handshakeAsClient) {
2614 ns->handshake = ssl2_BeginClientHandshake;
2615 ss->handshaking = sslHandshakingAsClient;
2616 } else {
2617 ns->handshake = ssl2_BeginServerHandshake;
2618 ss->handshaking = sslHandshakingAsServer;
2619 }
2620 }
2621 ns->TCPconnected = 1;
2622 return newfd;
2623
2624 loser:
2625 if (ns != NULL)
2626 ssl_FreeSocket(ns);
2627 if (newfd != NULL)
2628 PR_Close(newfd);
2629 return NULL;
2630 }
2631
2632 static PRStatus PR_CALLBACK
2633 ssl_Connect(PRFileDesc *fd, const PRNetAddr *sockaddr, PRIntervalTime timeout)
2634 {
2635 sslSocket *ss;
2636 PRStatus rv;
2637
2638 ss = ssl_GetPrivate(fd);
2639 if (!ss) {
2640 SSL_DBG(("%d: SSL[%d]: bad socket in connect", SSL_GETPID(), fd));
2641 return PR_FAILURE;
2642 }
2643
2644 /* IF this is a listen socket, there shouldn't be any I/O going on */
2645 SSL_LOCK_READER(ss);
2646 SSL_LOCK_WRITER(ss);
2647
2648 ss->cTimeout = timeout;
2649 rv = (PRStatus)(*ss->ops->connect)(ss, sockaddr);
2650
2651 SSL_UNLOCK_WRITER(ss);
2652 SSL_UNLOCK_READER(ss);
2653
2654 return rv;
2655 }
2656
2657 static PRStatus PR_CALLBACK
2658 ssl_Bind(PRFileDesc *fd, const PRNetAddr *addr)
2659 {
2660 sslSocket *ss = ssl_GetPrivate(fd);
2661 PRStatus rv;
2662
2663 if (!ss) {
2664 SSL_DBG(("%d: SSL[%d]: bad socket in bind", SSL_GETPID(), fd));
2665 return PR_FAILURE;
2666 }
2667 SSL_LOCK_READER(ss);
2668 SSL_LOCK_WRITER(ss);
2669
2670 rv = (PRStatus)(*ss->ops->bind)(ss, addr);
2671
2672 SSL_UNLOCK_WRITER(ss);
2673 SSL_UNLOCK_READER(ss);
2674 return rv;
2675 }
2676
2677 static PRStatus PR_CALLBACK
2678 ssl_Listen(PRFileDesc *fd, PRIntn backlog)
2679 {
2680 sslSocket *ss = ssl_GetPrivate(fd);
2681 PRStatus rv;
2682
2683 if (!ss) {
2684 SSL_DBG(("%d: SSL[%d]: bad socket in listen", SSL_GETPID(), fd));
2685 return PR_FAILURE;
2686 }
2687 SSL_LOCK_READER(ss);
2688 SSL_LOCK_WRITER(ss);
2689
2690 rv = (PRStatus)(*ss->ops->listen)(ss, backlog);
2691
2692 SSL_UNLOCK_WRITER(ss);
2693 SSL_UNLOCK_READER(ss);
2694 return rv;
2695 }
2696
2697 static PRStatus PR_CALLBACK
2698 ssl_Shutdown(PRFileDesc *fd, PRIntn how)
2699 {
2700 sslSocket *ss = ssl_GetPrivate(fd);
2701 PRStatus rv;
2702
2703 if (!ss) {
2704 SSL_DBG(("%d: SSL[%d]: bad socket in shutdown", SSL_GETPID(), fd));
2705 return PR_FAILURE;
2706 }
2707 if (how == PR_SHUTDOWN_RCV || how == PR_SHUTDOWN_BOTH) {
2708 SSL_LOCK_READER(ss);
2709 }
2710 if (how == PR_SHUTDOWN_SEND || how == PR_SHUTDOWN_BOTH) {
2711 SSL_LOCK_WRITER(ss);
2712 }
2713
2714 rv = (PRStatus)(*ss->ops->shutdown)(ss, how);
2715
2716 if (how == PR_SHUTDOWN_SEND || how == PR_SHUTDOWN_BOTH) {
2717 SSL_UNLOCK_WRITER(ss);
2718 }
2719 if (how == PR_SHUTDOWN_RCV || how == PR_SHUTDOWN_BOTH) {
2720 SSL_UNLOCK_READER(ss);
2721 }
2722 return rv;
2723 }
2724
2725 static PRStatus PR_CALLBACK
2726 ssl_Close(PRFileDesc *fd)
2727 {
2728 sslSocket *ss;
2729 PRStatus rv;
2730
2731 ss = ssl_GetPrivate(fd);
2732 if (!ss) {
2733 SSL_DBG(("%d: SSL[%d]: bad socket in close", SSL_GETPID(), fd));
2734 return PR_FAILURE;
2735 }
2736
2737 /* There must not be any I/O going on */
2738 SSL_LOCK_READER(ss);
2739 SSL_LOCK_WRITER(ss);
2740
2741 /* By the time this function returns,
2742 ** ss is an invalid pointer, and the locks to which it points have
2743 ** been unlocked and freed. So, this is the ONE PLACE in all of SSL
2744 ** where the LOCK calls and the corresponding UNLOCK calls are not in
2745 ** the same function scope. The unlock calls are in ssl_FreeSocket().
2746 */
2747 rv = (PRStatus)(*ss->ops->close)(ss);
2748
2749 return rv;
2750 }
2751
2752 static int PR_CALLBACK
2753 ssl_Recv(PRFileDesc *fd, void *buf, PRInt32 len, PRIntn flags,
2754 PRIntervalTime timeout)
2755 {
2756 sslSocket *ss;
2757 int rv;
2758
2759 ss = ssl_GetPrivate(fd);
2760 if (!ss) {
2761 SSL_DBG(("%d: SSL[%d]: bad socket in recv", SSL_GETPID(), fd));
2762 return SECFailure;
2763 }
2764 SSL_LOCK_READER(ss);
2765 ss->rTimeout = timeout;
2766 if (!ss->opt.fdx)
2767 ss->wTimeout = timeout;
2768 rv = (*ss->ops->recv)(ss, (unsigned char *)buf, len, flags);
2769 SSL_UNLOCK_READER(ss);
2770 return rv;
2771 }
2772
2773 static int PR_CALLBACK
2774 ssl_Send(PRFileDesc *fd, const void *buf, PRInt32 len, PRIntn flags,
2775 PRIntervalTime timeout)
2776 {
2777 sslSocket *ss;
2778 int rv;
2779
2780 ss = ssl_GetPrivate(fd);
2781 if (!ss) {
2782 SSL_DBG(("%d: SSL[%d]: bad socket in send", SSL_GETPID(), fd));
2783 return SECFailure;
2784 }
2785 SSL_LOCK_WRITER(ss);
2786 ss->wTimeout = timeout;
2787 if (!ss->opt.fdx)
2788 ss->rTimeout = timeout;
2789 rv = (*ss->ops->send)(ss, (const unsigned char *)buf, len, flags);
2790 SSL_UNLOCK_WRITER(ss);
2791 return rv;
2792 }
2793
2794 static int PR_CALLBACK
2795 ssl_Read(PRFileDesc *fd, void *buf, PRInt32 len)
2796 {
2797 sslSocket *ss;
2798 int rv;
2799
2800 ss = ssl_GetPrivate(fd);
2801 if (!ss) {
2802 SSL_DBG(("%d: SSL[%d]: bad socket in read", SSL_GETPID(), fd));
2803 return SECFailure;
2804 }
2805 SSL_LOCK_READER(ss);
2806 ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
2807 if (!ss->opt.fdx)
2808 ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
2809 rv = (*ss->ops->read)(ss, (unsigned char *)buf, len);
2810 SSL_UNLOCK_READER(ss);
2811 return rv;
2812 }
2813
2814 static int PR_CALLBACK
2815 ssl_Write(PRFileDesc *fd, const void *buf, PRInt32 len)
2816 {
2817 sslSocket *ss;
2818 int rv;
2819
2820 ss = ssl_GetPrivate(fd);
2821 if (!ss) {
2822 SSL_DBG(("%d: SSL[%d]: bad socket in write", SSL_GETPID(), fd));
2823 return SECFailure;
2824 }
2825 SSL_LOCK_WRITER(ss);
2826 ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
2827 if (!ss->opt.fdx)
2828 ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
2829 rv = (*ss->ops->write)(ss, (const unsigned char *)buf, len);
2830 SSL_UNLOCK_WRITER(ss);
2831 return rv;
2832 }
2833
2834 static PRStatus PR_CALLBACK
2835 ssl_GetPeerName(PRFileDesc *fd, PRNetAddr *addr)
2836 {
2837 sslSocket *ss;
2838
2839 ss = ssl_GetPrivate(fd);
2840 if (!ss) {
2841 SSL_DBG(("%d: SSL[%d]: bad socket in getpeername", SSL_GETPID(), fd));
2842 return PR_FAILURE;
2843 }
2844 return (PRStatus)(*ss->ops->getpeername)(ss, addr);
2845 }
2846
2847 /*
2848 */
2849 SECStatus
2850 ssl_GetPeerInfo(sslSocket *ss)
2851 {
2852 PRFileDesc *osfd;
2853 int rv;
2854 PRNetAddr sin;
2855
2856 osfd = ss->fd->lower;
2857
2858 PORT_Memset(&sin, 0, sizeof(sin));
2859 rv = osfd->methods->getpeername(osfd, &sin);
2860 if (rv < 0) {
2861 return SECFailure;
2862 }
2863 ss->TCPconnected = 1;
2864 if (sin.inet.family == PR_AF_INET) {
2865 PR_ConvertIPv4AddrToIPv6(sin.inet.ip, &ss->sec.ci.peer);
2866 ss->sec.ci.port = sin.inet.port;
2867 } else if (sin.ipv6.family == PR_AF_INET6) {
2868 ss->sec.ci.peer = sin.ipv6.ip;
2869 ss->sec.ci.port = sin.ipv6.port;
2870 } else {
2871 PORT_SetError(PR_ADDRESS_NOT_SUPPORTED_ERROR);
2872 return SECFailure;
2873 }
2874 return SECSuccess;
2875 }
2876
2877 static PRStatus PR_CALLBACK
2878 ssl_GetSockName(PRFileDesc *fd, PRNetAddr *name)
2879 {
2880 sslSocket *ss;
2881
2882 ss = ssl_GetPrivate(fd);
2883 if (!ss) {
2884 SSL_DBG(("%d: SSL[%d]: bad socket in getsockname", SSL_GETPID(), fd));
2885 return PR_FAILURE;
2886 }
2887 return (PRStatus)(*ss->ops->getsockname)(ss, name);
2888 }
2889
2890 SECStatus
2891 SSL_SetStapledOCSPResponses(PRFileDesc *fd, const SECItemArray *responses,
2892 SSLKEAType kea)
2893 {
2894 sslSocket *ss;
2895
2896 ss = ssl_FindSocket(fd);
2897 if (!ss) {
2898 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetStapledOCSPResponses",
2899 SSL_GETPID(), fd));
2900 return SECFailure;
2901 }
2902
2903 if (kea <= 0 || kea >= kt_kea_size) {
2904 SSL_DBG(("%d: SSL[%d]: invalid key type in SSL_SetStapledOCSPResponses",
2905 SSL_GETPID(), fd));
2906 return SECFailure;
2907 }
2908
2909 if (ss->certStatusArray[kea]) {
2910 SECITEM_FreeArray(ss->certStatusArray[kea], PR_TRUE);
2911 ss->certStatusArray[kea] = NULL;
2912 }
2913 if (responses) {
2914 ss->certStatusArray[kea] = SECITEM_DupArray(NULL, responses);
2915 }
2916 return (ss->certStatusArray[kea] || !responses) ? SECSuccess : SECFailure;
2917 }
2918
2919 SECStatus
2920 SSL_SetSignedCertTimestamps(PRFileDesc *fd, const SECItem *scts, SSLKEAType kea)
2921 {
2922 sslSocket *ss;
2923
2924 ss = ssl_FindSocket(fd);
2925 if (!ss) {
2926 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSignedCertTimestamps",
2927 SSL_GETPID(), fd));
2928 return SECFailure;
2929 }
2930
2931 if (kea <= 0 || kea >= kt_kea_size) {
2932 SSL_DBG(("%d: SSL[%d]: invalid key type in SSL_SetSignedCertTimestamps",
2933 SSL_GETPID(), fd));
2934 return SECFailure;
2935 }
2936
2937 if (ss->signedCertTimestamps[kea].data) {
2938 SECITEM_FreeItem(&ss->signedCertTimestamps[kea], PR_FALSE);
2939 }
2940
2941 if (!scts) {
2942 return SECSuccess;
2943 }
2944
2945 return SECITEM_CopyItem(NULL, &ss->signedCertTimestamps[kea], scts);
2946 }
2947
2948 SECStatus
2949 SSL_SetSockPeerID(PRFileDesc *fd, const char *peerID)
2950 {
2951 sslSocket *ss;
2952
2953 ss = ssl_FindSocket(fd);
2954 if (!ss) {
2955 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSockPeerID",
2956 SSL_GETPID(), fd));
2957 return SECFailure;
2958 }
2959
2960 if (ss->peerID) {
2961 PORT_Free(ss->peerID);
2962 ss->peerID = NULL;
2963 }
2964 if (peerID)
2965 ss->peerID = PORT_Strdup(peerID);
2966 return (ss->peerID || !peerID) ? SECSuccess : SECFailure;
2967 }
2968
2969 #define PR_POLL_RW (PR_POLL_WRITE | PR_POLL_READ)
2970
2971 static PRInt16 PR_CALLBACK
2972 ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags)
2973 {
2974 sslSocket *ss;
2975 PRInt16 new_flags = how_flags; /* should select on these flags. */
2976 PRNetAddr addr;
2977
2978 *p_out_flags = 0;
2979 ss = ssl_GetPrivate(fd);
2980 if (!ss) {
2981 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_Poll",
2982 SSL_GETPID(), fd));
2983 return 0; /* don't poll on this socket */
2984 }
2985
2986 if (ss->opt.useSecurity &&
2987 ss->handshaking != sslHandshakingUndetermined &&
2988 !ss->firstHsDone &&
2989 (how_flags & PR_POLL_RW)) {
2990 if (!ss->TCPconnected) {
2991 ss->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ss, &addr));
2992 }
2993 /* If it's not connected, then presumably the application is polling
2994 ** on read or write appropriately, so don't change it.
2995 */
2996 if (ss->TCPconnected) {
2997 if (!ss->handshakeBegun) {
2998 /* If the handshake has not begun, poll on read or write
2999 ** based on the local application's role in the handshake,
3000 ** not based on what the application requested.
3001 */
3002 new_flags &= ~PR_POLL_RW;
3003 if (ss->handshaking == sslHandshakingAsClient) {
3004 new_flags |= PR_POLL_WRITE;
3005 } else { /* handshaking as server */
3006 new_flags |= PR_POLL_READ;
3007 }
3008 } else
3009 /* First handshake is in progress */
3010 if (ss->lastWriteBlocked) {
3011 if (new_flags & PR_POLL_READ) {
3012 /* The caller is waiting for data to be received,
3013 ** but the initial handshake is blocked on write, or the
3014 ** client's first handshake record has not been written.
3015 ** The code should select on write, not read.
3016 */
3017 new_flags ^= PR_POLL_READ; /* don't select on read. */
3018 new_flags |= PR_POLL_WRITE; /* do select on write. */
3019 }
3020 } else if (new_flags & PR_POLL_WRITE) {
3021 /* The caller is trying to write, but the handshake is
3022 ** blocked waiting for data to read, and the first
3023 ** handshake has been sent. So do NOT to poll on write
3024 ** unless we did false start.
3025 */
3026 if (!(ss->version >= SSL_LIBRARY_VERSION_3_0 &&
3027 ss->ssl3.hs.canFalseStart)) {
3028 new_flags ^= PR_POLL_WRITE; /* don't select on write. */
3029 }
3030 new_flags |= PR_POLL_READ; /* do select on read. */
3031 }
3032 }
3033 } else if ((new_flags & PR_POLL_READ) && (SSL_DataPending(fd) > 0)) {
3034 *p_out_flags = PR_POLL_READ; /* it's ready already. */
3035 return new_flags;
3036 } else if ((ss->lastWriteBlocked) && (how_flags & PR_POLL_READ) &&
3037 (ss->pendingBuf.len != 0)) { /* write data waiting to be sent */
3038 new_flags |= PR_POLL_WRITE; /* also select on write. */
3039 }
3040
3041 if (ss->version >= SSL_LIBRARY_VERSION_3_0 &&
3042 ss->ssl3.hs.restartTarget != NULL) {
3043 /* Read and write will block until the asynchronous callback completes
3044 * (e.g. until SSL_AuthCertificateComplete is called), so don't tell
3045 * the caller to poll the socket unless there is pending write data.
3046 */
3047 if (ss->lastWriteBlocked && ss->pendingBuf.len != 0) {
3048 /* Ignore any newly-received data on the socket, but do wait for
3049 * the socket to become writable again. Here, it is OK for an error
3050 * to be detected, because our logic for sending pending write data
3051 * will allow us to report the error to the caller without the risk
3052 * of the application spinning.
3053 */
3054 new_flags &= (PR_POLL_WRITE | PR_POLL_EXCEPT);
3055 } else {
3056 /* Unfortunately, clearing new_flags will make it impossible for
3057 * the application to detect errors that it would otherwise be
3058 * able to detect with PR_POLL_EXCEPT, until the asynchronous
3059 * callback completes. However, we must clear all the flags to
3060 * prevent the application from spinning (alternating between
3061 * calling PR_Poll that would return PR_POLL_EXCEPT, and send/recv
3062 * which won't actually report the I/O error while we are waiting
3063 * for the asynchronous callback to complete).
3064 */
3065 new_flags = 0;
3066 }
3067 }
3068
3069 if (new_flags && (fd->lower->methods->poll != NULL)) {
3070 PRInt16 lower_out_flags = 0;
3071 PRInt16 lower_new_flags;
3072 lower_new_flags = fd->lower->methods->poll(fd->lower, new_flags,
3073 &lower_out_flags);
3074 if ((lower_new_flags & lower_out_flags) && (how_flags != new_flags)) {
3075 PRInt16 out_flags = lower_out_flags & ~PR_POLL_RW;
3076 if (lower_out_flags & PR_POLL_READ)
3077 out_flags |= PR_POLL_WRITE;
3078 if (lower_out_flags & PR_POLL_WRITE)
3079 out_flags |= PR_POLL_READ;
3080 *p_out_flags = out_flags;
3081 new_flags = how_flags;
3082 } else {
3083 *p_out_flags = lower_out_flags;
3084 new_flags = lower_new_flags;
3085 }
3086 }
3087
3088 return new_flags;
3089 }
3090
3091 static PRInt32 PR_CALLBACK
3092 ssl_TransmitFile(PRFileDesc *sd, PRFileDesc *fd,
3093 const void *headers, PRInt32 hlen,
3094 PRTransmitFileFlags flags, PRIntervalTime timeout)
3095 {
3096 PRSendFileData sfd;
3097
3098 sfd.fd = fd;
3099 sfd.file_offset = 0;
3100 sfd.file_nbytes = 0;
3101 sfd.header = headers;
3102 sfd.hlen = hlen;
3103 sfd.trailer = NULL;
3104 sfd.tlen = 0;
3105
3106 return sd->methods->sendfile(sd, &sfd, flags, timeout);
3107 }
3108
3109 PRBool
3110 ssl_FdIsBlocking(PRFileDesc *fd)
3111 {
3112 PRSocketOptionData opt;
3113 PRStatus status;
3114
3115 opt.option = PR_SockOpt_Nonblocking;
3116 opt.value.non_blocking = PR_FALSE;
3117 status = PR_GetSocketOption(fd, &opt);
3118 if (status != PR_SUCCESS)
3119 return PR_FALSE;
3120 return (PRBool)!opt.value.non_blocking;
3121 }
3122
3123 PRBool
3124 ssl_SocketIsBlocking(sslSocket *ss)
3125 {
3126 return ssl_FdIsBlocking(ss->fd);
3127 }
3128
3129 PRInt32 sslFirstBufSize = 8 * 1024;
3130 PRInt32 sslCopyLimit = 1024;
3131
3132 static PRInt32 PR_CALLBACK
3133 ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors,
3134 PRIntervalTime timeout)
3135 {
3136 PRInt32 i;
3137 PRInt32 bufLen;
3138 PRInt32 left;
3139 PRInt32 rv;
3140 PRInt32 sent = 0;
3141 const PRInt32 first_len = sslFirstBufSize;
3142 const PRInt32 limit = sslCopyLimit;
3143 PRBool blocking;
3144 PRIOVec myIov = { 0, 0 };
3145 char buf[MAX_FRAGMENT_LENGTH];
3146
3147 if (vectors < 0) {
3148 PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
3149 return -1;
3150 }
3151 if (vectors > PR_MAX_IOVECTOR_SIZE) {
3152 PORT_SetError(PR_BUFFER_OVERFLOW_ERROR);
3153 return -1;
3154 }
3155 for (i = 0; i < vectors; i++) {
3156 if (iov[i].iov_len < 0) {
3157 PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
3158 return -1;
3159 }
3160 }
3161 blocking = ssl_FdIsBlocking(fd);
3162
3163 #define K16 sizeof(buf)
3164 #define KILL_VECTORS \
3165 while (vectors && !iov->iov_len) { \
3166 ++iov; \
3167 --vectors; \
3168 }
3169 #define GET_VECTOR \
3170 do { \
3171 myIov = *iov++; \
3172 --vectors; \
3173 KILL_VECTORS \
3174 } while (0)
3175 #define HANDLE_ERR(rv, len) \
3176 if (rv != len) { \
3177 if (rv < 0) { \
3178 if (!blocking && \
3179 (PR_GetError() == PR_WOULD_BLOCK_ERROR) && \
3180 (sent > 0)) { \
3181 return sent; \
3182 } else { \
3183 return -1; \
3184 } \
3185 } \
3186 /* Only a nonblocking socket can have partial sends */ \
3187 PR_ASSERT(!blocking); \
3188 return sent + rv; \
3189 }
3190 #define SEND(bfr, len) \
3191 do { \
3192 rv = ssl_Send(fd, bfr, len, 0, timeout); \
3193 HANDLE_ERR(rv, len) \
3194 sent += len; \
3195 } while (0)
3196
3197 /* Make sure the first write is at least 8 KB, if possible. */
3198 KILL_VECTORS
3199 if (!vectors)
3200 return ssl_Send(fd, 0, 0, 0, timeout);
3201 GET_VECTOR;
3202 if (!vectors) {
3203 return ssl_Send(fd, myIov.iov_base, myIov.iov_len, 0, timeout);
3204 }
3205 if (myIov.iov_len < first_len) {
3206 PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len);
3207 bufLen = myIov.iov_len;
3208 left = first_len - bufLen;
3209 while (vectors && left) {
3210 int toCopy;
3211 GET_VECTOR;
3212 toCopy = PR_MIN(left, myIov.iov_len);
3213 PORT_Memcpy(buf + bufLen, myIov.iov_base, toCopy);
3214 bufLen += toCopy;
3215 left -= toCopy;
3216 myIov.iov_base += toCopy;
3217 myIov.iov_len -= toCopy;
3218 }
3219 SEND(buf, bufLen);
3220 }
3221
3222 while (vectors || myIov.iov_len) {
3223 PRInt32 addLen;
3224 if (!myIov.iov_len) {
3225 GET_VECTOR;
3226 }
3227 while (myIov.iov_len >= K16) {
3228 SEND(myIov.iov_base, K16);
3229 myIov.iov_base += K16;
3230 myIov.iov_len -= K16;
3231 }
3232 if (!myIov.iov_len)
3233 continue;
3234
3235 if (!vectors || myIov.iov_len > limit) {
3236 addLen = 0;
3237 } else if ((addLen = iov->iov_len % K16) + myIov.iov_len <= limit) {
3238 /* Addlen is already computed. */;
3239 } else if (vectors > 1 &&
3240 iov[1].iov_len % K16 + addLen + myIov.iov_len <= 2 * limit) {
3241 addLen = limit - myIov.iov_len;
3242 } else
3243 addLen = 0;
3244
3245 if (!addLen) {
3246 SEND(myIov.iov_base, myIov.iov_len);
3247 myIov.iov_len = 0;
3248 continue;
3249 }
3250 PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len);
3251 bufLen = myIov.iov_len;
3252 do {
3253 GET_VECTOR;
3254 PORT_Memcpy(buf + bufLen, myIov.iov_base, addLen);
3255 myIov.iov_base += addLen;
3256 myIov.iov_len -= addLen;
3257 bufLen += addLen;
3258
3259 left = PR_MIN(limit, K16 - bufLen);
3260 if (!vectors /* no more left */
3261 || myIov.iov_len > 0 /* we didn't use that one all up */
3262 || bufLen >= K16 /* it's full. */) {
3263 addLen = 0;
3264 } else if ((addLen = iov->iov_len % K16) <= left) {
3265 /* Addlen is already computed. */;
3266 } else if (vectors > 1 &&
3267 iov[1].iov_len % K16 + addLen <= left + limit) {
3268 addLen = left;
3269 } else
3270 addLen = 0;
3271
3272 } while (addLen);
3273 SEND(buf, bufLen);
3274 }
3275 return sent;
3276 }
3277
3278 /*
3279 * These functions aren't implemented.
3280 */
3281
3282 static PRInt32 PR_CALLBACK
3283 ssl_Available(PRFileDesc *fd)
3284 {
3285 PORT_Assert(0);
3286 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
3287 return SECFailure;
3288 }
3289
3290 static PRInt64 PR_CALLBACK
3291 ssl_Available64(PRFileDesc *fd)
3292 {
3293 PRInt64 res;
3294
3295 PORT_Assert(0);
3296 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
3297 LL_I2L(res, -1L);
3298 return res;
3299 }
3300
3301 static PRStatus PR_CALLBACK
3302 ssl_FSync(PRFileDesc *fd)
3303 {
3304 PORT_Assert(0);
3305 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
3306 return PR_FAILURE;
3307 }
3308
3309 static PRInt32 PR_CALLBACK
3310 ssl_Seek(PRFileDesc *fd, PRInt32 offset, PRSeekWhence how)
3311 {
3312 PORT_Assert(0);
3313 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
3314 return SECFailure;
3315 }
3316
3317 static PRInt64 PR_CALLBACK
3318 ssl_Seek64(PRFileDesc *fd, PRInt64 offset, PRSeekWhence how)
3319 {
3320 PRInt64 res;
3321
3322 PORT_Assert(0);
3323 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
3324 LL_I2L(res, -1L);
3325 return res;
3326 }
3327
3328 static PRStatus PR_CALLBACK
3329 ssl_FileInfo(PRFileDesc *fd, PRFileInfo *info)
3330 {
3331 PORT_Assert(0);
3332 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
3333 return PR_FAILURE;
3334 }
3335
3336 static PRStatus PR_CALLBACK
3337 ssl_FileInfo64(PRFileDesc *fd, PRFileInfo64 *info)
3338 {
3339 PORT_Assert(0);
3340 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
3341 return PR_FAILURE;
3342 }
3343
3344 static PRInt32 PR_CALLBACK
3345 ssl_RecvFrom(PRFileDesc *fd, void *buf, PRInt32 amount, PRIntn flags,
3346 PRNetAddr *addr, PRIntervalTime timeout)
3347 {
3348 PORT_Assert(0);
3349 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
3350 return SECFailure;
3351 }
3352
3353 static PRInt32 PR_CALLBACK
3354 ssl_SendTo(PRFileDesc *fd, const void *buf, PRInt32 amount, PRIntn flags,
3355 const PRNetAddr *addr, PRIntervalTime timeout)
3356 {
3357 PORT_Assert(0);
3358 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
3359 return SECFailure;
3360 }
3361
3362 static const PRIOMethods ssl_methods = {
3363 PR_DESC_LAYERED,
3364 ssl_Close, /* close */
3365 ssl_Read, /* read */
3366 ssl_Write, /* write */
3367 ssl_Available, /* available */
3368 ssl_Available64, /* available64 */
3369 ssl_FSync, /* fsync */
3370 ssl_Seek, /* seek */
3371 ssl_Seek64, /* seek64 */
3372 ssl_FileInfo, /* fileInfo */
3373 ssl_FileInfo64, /* fileInfo64 */
3374 ssl_WriteV, /* writev */
3375 ssl_Connect, /* connect */
3376 ssl_Accept, /* accept */
3377 ssl_Bind, /* bind */
3378 ssl_Listen, /* listen */
3379 ssl_Shutdown, /* shutdown */
3380 ssl_Recv, /* recv */
3381 ssl_Send, /* send */
3382 ssl_RecvFrom, /* recvfrom */
3383 ssl_SendTo, /* sendto */
3384 ssl_Poll, /* poll */
3385 PR_EmulateAcceptRead, /* acceptread */
3386 ssl_TransmitFile, /* transmitfile */
3387 ssl_GetSockName, /* getsockname */
3388 ssl_GetPeerName, /* getpeername */
3389 NULL, /* getsockopt OBSOLETE */
3390 NULL, /* setsockopt OBSOLETE */
3391 NULL, /* getsocketoption */
3392 NULL, /* setsocketoption */
3393 PR_EmulateSendFile, /* Send a (partial) file with header/trailer*/
3394 NULL, /* reserved for future use */
3395 NULL, /* reserved for future use */
3396 NULL, /* reserved for future use */
3397 NULL, /* reserved for future use */
3398 NULL /* reserved for future use */
3399 };
3400
3401 static PRIOMethods combined_methods;
3402
3403 static void
3404 ssl_SetupIOMethods(void)
3405 {
3406 PRIOMethods *new_methods = &combined_methods;
3407 const PRIOMethods *nspr_methods = PR_GetDefaultIOMethods();
3408 const PRIOMethods *my_methods = &ssl_methods;
3409
3410 *new_methods = *nspr_methods;
3411
3412 new_methods->file_type = my_methods->file_type;
3413 new_methods->close = my_methods->close;
3414 new_methods->read = my_methods->read;
3415 new_methods->write = my_methods->write;
3416 new_methods->available = my_methods->available;
3417 new_methods->available64 = my_methods->available64;
3418 new_methods->fsync = my_methods->fsync;
3419 new_methods->seek = my_methods->seek;
3420 new_methods->seek64 = my_methods->seek64;
3421 new_methods->fileInfo = my_methods->fileInfo;
3422 new_methods->fileInfo64 = my_methods->fileInfo64;
3423 new_methods->writev = my_methods->writev;
3424 new_methods->connect = my_methods->connect;
3425 new_methods->accept = my_methods->accept;
3426 new_methods->bind = my_methods->bind;
3427 new_methods->listen = my_methods->listen;
3428 new_methods->shutdown = my_methods->shutdown;
3429 new_methods->recv = my_methods->recv;
3430 new_methods->send = my_methods->send;
3431 new_methods->recvfrom = my_methods->recvfrom;
3432 new_methods->sendto = my_methods->sendto;
3433 new_methods->poll = my_methods->poll;
3434 new_methods->acceptread = my_methods->acceptread;
3435 new_methods->transmitfile = my_methods->transmitfile;
3436 new_methods->getsockname = my_methods->getsockname;
3437 new_methods->getpeername = my_methods->getpeername;
3438 /* new_methods->getsocketoption = my_methods->getsocketoption; */
3439 /* new_methods->setsocketoption = my_methods->setsocketoption; */
3440 new_methods->sendfile = my_methods->sendfile;
3441 }
3442
3443 static PRCallOnceType initIoLayerOnce;
3444
3445 static PRStatus
3446 ssl_InitIOLayer(void)
3447 {
3448 ssl_layer_id = PR_GetUniqueIdentity("SSL");
3449 ssl_SetupIOMethods();
3450 ssl_inited = PR_TRUE;
3451 return PR_SUCCESS;
3452 }
3453
3454 static PRStatus
3455 ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack, PRDescIdentity id)
3456 {
3457 PRFileDesc *layer = NULL;
3458 PRStatus status;
3459
3460 if (!ssl_inited) {
3461 status = PR_CallOnce(&initIoLayerOnce, &ssl_InitIOLayer);
3462 if (status != PR_SUCCESS)
3463 goto loser;
3464 }
3465
3466 if (ns == NULL)
3467 goto loser;
3468
3469 layer = PR_CreateIOLayerStub(ssl_layer_id, &combined_methods);
3470 if (layer == NULL)
3471 goto loser;
3472 layer->secret = (PRFilePrivate *)ns;
3473
3474 /* Here, "stack" points to the PRFileDesc on the top of the stack.
3475 ** "layer" points to a new FD that is to be inserted into the stack.
3476 ** If layer is being pushed onto the top of the stack, then
3477 ** PR_PushIOLayer switches the contents of stack and layer, and then
3478 ** puts stack on top of layer, so that after it is done, the top of
3479 ** stack is the same "stack" as it was before, and layer is now the
3480 ** FD for the former top of stack.
3481 ** After this call, stack always points to the top PRFD on the stack.
3482 ** If this function fails, the contents of stack and layer are as
3483 ** they were before the call.
3484 */
3485 status = PR_PushIOLayer(stack, id, layer);
3486 if (status != PR_SUCCESS)
3487 goto loser;
3488
3489 ns->fd = (id == PR_TOP_IO_LAYER) ? stack : layer;
3490 return PR_SUCCESS;
3491
3492 loser:
3493 if (layer) {
3494 layer->dtor(layer); /* free layer */
3495 }
3496 return PR_FAILURE;
3497 }
3498
3499 /* if this fails, caller must destroy socket. */
3500 static SECStatus
3501 ssl_MakeLocks(sslSocket *ss)
3502 {
3503 ss->firstHandshakeLock = PZ_NewMonitor(nssILockSSL);
3504 if (!ss->firstHandshakeLock)
3505 goto loser;
3506 ss->ssl3HandshakeLock = PZ_NewMonitor(nssILockSSL);
3507 if (!ss->ssl3HandshakeLock)
3508 goto loser;
3509 ss->specLock = NSSRWLock_New(SSL_LOCK_RANK_SPEC, NULL);
3510 if (!ss->specLock)
3511 goto loser;
3512 ss->recvBufLock = PZ_NewMonitor(nssILockSSL);
3513 if (!ss->recvBufLock)
3514 goto loser;
3515 ss->xmitBufLock = PZ_NewMonitor(nssILockSSL);
3516 if (!ss->xmitBufLock)
3517 goto loser;
3518 ss->writerThread = NULL;
3519 if (ssl_lock_readers) {
3520 ss->recvLock = PZ_NewLock(nssILockSSL);
3521 if (!ss->recvLock)
3522 goto loser;
3523 ss->sendLock = PZ_NewLock(nssILockSSL);
3524 if (!ss->sendLock)
3525 goto loser;
3526 }
3527 return SECSuccess;
3528 loser:
3529 ssl_DestroyLocks(ss);
3530 return SECFailure;
3531 }
3532
3533 #if defined(XP_UNIX) || defined(XP_WIN32) || defined(XP_BEOS)
3534 #define NSS_HAVE_GETENV 1
3535 #endif
3536
3537 #define LOWER(x) (x | 0x20) /* cheap ToLower function ignores LOCALE */
3538
3539 static void
3540 ssl_SetDefaultsFromEnvironment(void)
3541 {
3542 #if defined(NSS_HAVE_GETENV)
3543 static int firsttime = 1;
3544
3545 if (firsttime) {
3546 char *ev;
3547 firsttime = 0;
3548 #ifdef DEBUG
3549 ev = PR_GetEnvSecure("SSLDEBUGFILE");
3550 if (ev && ev[0]) {
3551 ssl_trace_iob = fopen(ev, "w");
3552 }
3553 if (!ssl_trace_iob) {
3554 ssl_trace_iob = stderr;
3555 }
3556 #ifdef TRACE
3557 ev = PR_GetEnvSecure("SSLTRACE");
3558 if (ev && ev[0]) {
3559 ssl_trace = atoi(ev);
3560 SSL_TRACE(("SSL: tracing set to %d", ssl_trace));
3561 }
3562 #endif /* TRACE */
3563 ev = PR_GetEnvSecure("SSLDEBUG");
3564 if (ev && ev[0]) {
3565 ssl_debug = atoi(ev);
3566 SSL_TRACE(("SSL: debugging set to %d", ssl_debug));
3567 }
3568 #endif /* DEBUG */
3569 ev = PR_GetEnvSecure("SSLKEYLOGFILE");
3570 if (ev && ev[0]) {
3571 ssl_keylog_iob = fopen(ev, "a");
3572 if (!ssl_keylog_iob) {
3573 SSL_TRACE(("SSL: failed to open key log file"));
3574 } else {
3575 if (ftell(ssl_keylog_iob) == 0) {
3576 fputs("# SSL/TLS secrets log file, generated by NSS\n",
3577 ssl_keylog_iob);
3578 }
3579 SSL_TRACE(("SSL: logging SSL/TLS secrets to %s", ev));
3580 }
3581 }
3582 #ifndef NO_PKCS11_BYPASS
3583 ev = PR_GetEnvSecure("SSLBYPASS");
3584 if (ev && ev[0]) {
3585 ssl_defaults.bypassPKCS11 = (ev[0] == '1');
3586 SSL_TRACE(("SSL: bypass default set to %d",
3587 ssl_defaults.bypassPKCS11));
3588 }
3589 #endif /* NO_PKCS11_BYPASS */
3590 ev = PR_GetEnvSecure("SSLFORCELOCKS");
3591 if (ev && ev[0] == '1') {
3592 ssl_force_locks = PR_TRUE;
3593 ssl_defaults.noLocks = 0;
3594 strcpy(lockStatus + LOCKSTATUS_OFFSET, "FORCED. ");
3595 SSL_TRACE(("SSL: force_locks set to %d", ssl_force_locks));
3596 }
3597 ev = PR_GetEnvSecure("NSS_SSL_ENABLE_RENEGOTIATION");
3598 if (ev) {
3599 if (ev[0] == '1' || LOWER(ev[0]) == 'u')
3600 ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_UNRESTRICTED;
3601 else if (ev[0] == '0' || LOWER(ev[0]) == 'n')
3602 ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_NEVER;
3603 else if (ev[0] == '2' || LOWER(ev[0]) == 'r')
3604 ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN;
3605 else if (ev[0] == '3' || LOWER(ev[0]) == 't')
3606 ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_TRANSITIONAL;
3607 SSL_TRACE(("SSL: enableRenegotiation set to %d",
3608 ssl_defaults.enableRenegotiation));
3609 }
3610 ev = PR_GetEnvSecure("NSS_SSL_REQUIRE_SAFE_NEGOTIATION");
3611 if (ev && ev[0] == '1') {
3612 ssl_defaults.requireSafeNegotiation = PR_TRUE;
3613 SSL_TRACE(("SSL: requireSafeNegotiation set to %d",
3614 PR_TRUE));
3615 }
3616 ev = PR_GetEnvSecure("NSS_SSL_CBC_RANDOM_IV");
3617 if (ev && ev[0] == '0') {
3618 ssl_defaults.cbcRandomIV = PR_FALSE;
3619 SSL_TRACE(("SSL: cbcRandomIV set to 0"));
3620 }
3621 }
3622 #endif /* NSS_HAVE_GETENV */
3623 }
3624
3625 /*
3626 ** Create a newsocket structure for a file descriptor.
3627 */
3628 static sslSocket *
3629 ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
3630 {
3631 sslSocket *ss;
3632
3633 ssl_SetDefaultsFromEnvironment();
3634
3635 if (ssl_force_locks)
3636 makeLocks = PR_TRUE;
3637
3638 /* Make a new socket and get it ready */
3639 ss = (sslSocket *)PORT_ZAlloc(sizeof(sslSocket));
3640 if (ss) {
3641 /* This should be of type SSLKEAType, but CC on IRIX
3642 * complains during the for loop.
3643 */
3644 int i;
3645 SECStatus status;
3646
3647 ss->opt = ssl_defaults;
3648 ss->opt.useSocks = PR_FALSE;
3649 ss->opt.noLocks = !makeLocks;
3650 ss->vrange = *VERSIONS_DEFAULTS(protocolVariant);
3651 ss->protocolVariant = protocolVariant;
3652
3653 ss->peerID = NULL;
3654 ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
3655 ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
3656 ss->cTimeout = PR_INTERVAL_NO_TIMEOUT;
3657 ss->cipherSpecs = NULL;
3658 ss->sizeCipherSpecs = 0; /* produced lazily */
3659 ss->preferredCipher = NULL;
3660 ss->url = NULL;
3661
3662 for (i = kt_null; i < kt_kea_size; i++) {
3663 sslServerCerts *sc = ss->serverCerts + i;
3664 sc->serverCert = NULL;
3665 sc->serverCertChain = NULL;
3666 sc->serverKeyPair = NULL;
3667 sc->serverKeyBits = 0;
3668 ss->certStatusArray[i] = NULL;
3669 }
3670 ss->requestedCertTypes = NULL;
3671 ss->stepDownKeyPair = NULL;
3672
3673 ss->dheParams = NULL;
3674 ss->dheKeyPair = NULL;
3675
3676 ss->dbHandle = CERT_GetDefaultCertDB();
3677
3678 /* Provide default implementation of hooks */
3679 ss->authCertificate = SSL_AuthCertificate;
3680 ss->authCertificateArg = (void *)ss->dbHandle;
3681 ss->sniSocketConfig = NULL;
3682 ss->sniSocketConfigArg = NULL;
3683 ss->getClientAuthData = NULL;
3684 ss->handleBadCert = NULL;
3685 ss->badCertArg = NULL;
3686 ss->pkcs11PinArg = NULL;
3687 ss->ephemeralECDHKeyPair = NULL;
3688 ss->getChannelID = NULL;
3689 ss->getChannelIDArg = NULL;
3690
3691 ssl_ChooseOps(ss);
3692 ssl2_InitSocketPolicy(ss);
3693 ssl3_InitSocketPolicy(ss);
3694 PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight);
3695 PR_INIT_CLIST(&ss->ssl3.hs.remoteKeyShares);
3696
3697 if (makeLocks) {
3698 status = ssl_MakeLocks(ss);
3699 if (status != SECSuccess)
3700 goto loser;
3701 }
3702 status = ssl_CreateSecurityInfo(ss);
3703 if (status != SECSuccess)
3704 goto loser;
3705 status = ssl_InitGather(&ss->gs);
3706 if (status != SECSuccess) {
3707 loser:
3708 ssl_DestroySocketContents(ss);
3709 ssl_DestroyLocks(ss);
3710 PORT_Free(ss);
3711 ss = NULL;
3712 }
3713 }
3714 return ss;
3715 }
OLDNEW
« net/socket/ssl_client_socket_unittest.cc ('K') | « net/third_party/nss/ssl/sslsnce.c ('k') | net/third_party/nss/ssl/sslt.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698