2
* This file is PRIVATE to SSL and should be the first thing included by
3
* any SSL implementation file.
5
* ***** BEGIN LICENSE BLOCK *****
6
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
8
* The contents of this file are subject to the Mozilla Public License Version
9
* 1.1 (the "License"); you may not use this file except in compliance with
10
* the License. You may obtain a copy of the License at
11
* http://www.mozilla.org/MPL/
13
* Software distributed under the License is distributed on an "AS IS" basis,
14
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
15
* for the specific language governing rights and limitations under the
18
* The Original Code is the Netscape security libraries.
20
* The Initial Developer of the Original Code is
21
* Netscape Communications Corporation.
22
* Portions created by the Initial Developer are Copyright (C) 1994-2000
23
* the Initial Developer. All Rights Reserved.
26
* Dr Stephen Henson <stephen.henson@gemplus.com>
27
* Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
29
* Alternatively, the contents of this file may be used under the terms of
30
* either the GNU General Public License Version 2 or later (the "GPL"), or
31
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
32
* in which case the provisions of the GPL or the LGPL are applicable instead
33
* of those above. If you wish to allow use of your version of this file only
34
* under the terms of either the GPL or the LGPL, and not to allow others to
35
* use your version of this file under the terms of the MPL, indicate your
36
* decision by deleting the provisions above and replace them with the notice
37
* and other provisions required by the GPL or the LGPL. If you do not delete
38
* the provisions above, a recipient may use your version of this file under
39
* the terms of any one of the MPL, the GPL or the LGPL.
41
* ***** END LICENSE BLOCK ***** */
42
/* $Id: sslimpl.h,v 1.42.2.8 2006/07/19 01:42:58 nelson%bolyard.com Exp $ */
60
#if defined(XP_UNIX) || defined(XP_BEOS)
66
#include "sslt.h" /* for some formerly private types, now public */
68
/* to make some of these old enums public without namespace pollution,
69
** it was necessary to prepend ssl_ to the names.
70
** These #defines preserve compatibility with the old code here in libssl.
72
typedef SSLKEAType SSL3KEAType;
73
typedef SSLMACAlgorithm SSL3MACAlgorithm;
74
typedef SSLSignType SSL3SignType;
76
#define sign_null ssl_sign_null
77
#define sign_rsa ssl_sign_rsa
78
#define sign_dsa ssl_sign_dsa
79
#define sign_ecdsa ssl_sign_ecdsa
81
#define calg_null ssl_calg_null
82
#define calg_rc4 ssl_calg_rc4
83
#define calg_rc2 ssl_calg_rc2
84
#define calg_des ssl_calg_des
85
#define calg_3des ssl_calg_3des
86
#define calg_idea ssl_calg_idea
87
#define calg_fortezza ssl_calg_fortezza /* deprecated, must preserve */
88
#define calg_aes ssl_calg_aes
90
#define mac_null ssl_mac_null
91
#define mac_md5 ssl_mac_md5
92
#define mac_sha ssl_mac_sha
93
#define hmac_md5 ssl_hmac_md5
94
#define hmac_sha ssl_hmac_sha
96
#define SET_ERROR_CODE /* reminder */
97
#define SEND_ALERT /* reminder */
98
#define TEST_FOR_FAILURE /* reminder */
99
#define DEAL_WITH_FAILURE /* reminder */
101
#if defined(DEBUG) || defined(TRACE)
111
#if defined(DEBUG) && !defined(TRACE) && !defined(NISCC_TEST)
116
#define SSL_TRC(a,b) if (ssl_trace >= (a)) ssl_Trace b
117
#define PRINT_BUF(a,b) if (ssl_trace >= (a)) ssl_PrintBuf b
118
#define DUMP_MSG(a,b) if (ssl_trace >= (a)) ssl_DumpMsg b
121
#define PRINT_BUF(a,b)
122
#define DUMP_MSG(a,b)
126
#define SSL_DBG(b) if (ssl_debug) ssl_Trace b
133
#include "pprthred.h"
135
#include "private/pprthred.h" /* for PR_InMonitor() */
137
#define ssl_InMonitor(m) PZ_InMonitor(m)
140
#define LSB(x) ((unsigned char) (x & 0xff))
141
#define MSB(x) ((unsigned char) (((unsigned)(x)) >> 8))
143
/************************************************************************/
145
typedef enum { SSLAppOpRead = 0,
152
#define SSL_MIN_MASTER_KEY_BYTES 5
153
#define SSL_MAX_MASTER_KEY_BYTES 64
155
#define SSL2_SESSIONID_BYTES 16
156
#define SSL3_SESSIONID_BYTES 32
158
#define SSL_MIN_CHALLENGE_BYTES 16
159
#define SSL_MAX_CHALLENGE_BYTES 32
160
#define SSL_CHALLENGE_BYTES 16
162
#define SSL_CONNECTIONID_BYTES 16
164
#define SSL_MIN_CYPHER_ARG_BYTES 0
165
#define SSL_MAX_CYPHER_ARG_BYTES 32
167
#define SSL_MAX_MAC_BYTES 16
169
#define SSL3_RSA_PMS_LENGTH 48
170
#define SSL3_MASTER_SECRET_LENGTH 48
172
/* number of wrap mechanisms potentially used to wrap master secrets. */
173
#define SSL_NUM_WRAP_MECHS 14
175
/* This makes the cert cache entry exactly 4k. */
176
#define SSL_MAX_CACHED_CERT_LEN 4060
178
#define MAX_EXTENSION_SENDERS 3
182
/* Mask of the 25 named curves we support. */
183
#ifndef NSS_ECC_MORE_THAN_SUITE_B
184
#define SSL3_SUPPORTED_CURVES_MASK 0x3800000 /* only 3 curves, suite B*/
186
#define SSL3_SUPPORTED_CURVES_MASK 0x3fffffe
190
#define BPB 8 /* Bits Per Byte */
193
typedef struct sslBufferStr sslBuffer;
194
typedef struct sslConnectInfoStr sslConnectInfo;
195
typedef struct sslGatherStr sslGather;
196
typedef struct sslSecurityInfoStr sslSecurityInfo;
197
typedef struct sslSessionIDStr sslSessionID;
198
typedef struct sslSocketStr sslSocket;
199
typedef struct sslSocketOpsStr sslSocketOps;
201
typedef struct ssl3StateStr ssl3State;
202
typedef struct ssl3CertNodeStr ssl3CertNode;
203
typedef struct ssl3BulkCipherDefStr ssl3BulkCipherDef;
204
typedef struct ssl3MACDefStr ssl3MACDef;
205
typedef struct ssl3KeyPairStr ssl3KeyPair;
207
struct ssl3CertNodeStr {
208
struct ssl3CertNodeStr *next;
209
CERTCertificate * cert;
212
typedef SECStatus (*sslHandshakeFunc)(sslSocket *ss);
214
/* This type points to the low layer send func,
215
** e.g. ssl2_SendStream or ssl3_SendPlainText.
216
** These functions return the same values as PR_Send,
217
** i.e. >= 0 means number of bytes sent, < 0 means error.
219
typedef PRInt32 (*sslSendFunc)(sslSocket *ss, const unsigned char *buf,
220
PRInt32 n, PRInt32 flags);
222
typedef void (*sslSessionIDCacheFunc) (sslSessionID *sid);
223
typedef void (*sslSessionIDUncacheFunc)(sslSessionID *sid);
224
typedef sslSessionID *(*sslSessionIDLookupFunc)(const PRIPv6Addr *addr,
227
CERTCertDBHandle * dbHandle);
229
/* registerable callback function that either appends extension to buffer
230
* or returns length of data that it would have appended.
232
typedef PRInt32 (*ssl3HelloExtensionSenderFunc)(sslSocket *ss, PRBool append,
235
/* registerable callback function that handles a received extension,
238
typedef SECStatus (* ssl3HelloExtensionHandlerFunc)(sslSocket *ss,
242
/* row in a table of hello extension senders */
245
ssl3HelloExtensionSenderFunc ex_sender;
246
} ssl3HelloExtensionSender;
248
/* row in a table of hello extension handlers */
251
ssl3HelloExtensionHandlerFunc ex_handler;
252
} ssl3HelloExtensionHandler;
255
ssl3_RegisterServerHelloExtensionSender(sslSocket *ss, PRUint16 ex_type,
256
ssl3HelloExtensionSenderFunc cb);
259
ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes,
260
const ssl3HelloExtensionSender *sender);
263
struct sslSocketOpsStr {
264
int (*connect) (sslSocket *, const PRNetAddr *);
265
PRFileDesc *(*accept) (sslSocket *, PRNetAddr *);
266
int (*bind) (sslSocket *, const PRNetAddr *);
267
int (*listen) (sslSocket *, int);
268
int (*shutdown)(sslSocket *, int);
269
int (*close) (sslSocket *);
271
int (*recv) (sslSocket *, unsigned char *, int, int);
273
/* points to the higher-layer send func, e.g. ssl_SecureSend. */
274
int (*send) (sslSocket *, const unsigned char *, int, int);
275
int (*read) (sslSocket *, unsigned char *, int);
276
int (*write) (sslSocket *, const unsigned char *, int);
278
int (*getpeername)(sslSocket *, PRNetAddr *);
279
int (*getsockname)(sslSocket *, PRNetAddr *);
282
/* Flags interpreted by ssl send functions. */
283
#define ssl_SEND_FLAG_FORCE_INTO_BUFFER 0x40000000
284
#define ssl_SEND_FLAG_NO_BUFFER 0x20000000
285
#define ssl_SEND_FLAG_MASK 0x7f000000
290
struct sslBufferStr {
297
** SSL3 cipher suite policy and preference struct.
301
unsigned int cipher_suite : 16;
302
unsigned int policy : 8;
303
unsigned int enabled : 1;
304
unsigned int isPresent : 1;
306
ssl3CipherSuite cipher_suite;
308
unsigned char enabled : 1;
309
unsigned char isPresent : 1;
311
} ssl3CipherSuiteCfg;
313
#ifdef NSS_ENABLE_ECC
314
#define ssl_V3_SUITES_IMPLEMENTED 43
316
#define ssl_V3_SUITES_IMPLEMENTED 23
317
#endif /* NSS_ENABLE_ECC */
319
typedef struct sslOptionsStr {
320
unsigned int useSecurity : 1; /* 1 */
321
unsigned int useSocks : 1; /* 2 */
322
unsigned int requestCertificate : 1; /* 3 */
323
unsigned int requireCertificate : 2; /* 4-5 */
324
unsigned int handshakeAsClient : 1; /* 6 */
325
unsigned int handshakeAsServer : 1; /* 7 */
326
unsigned int enableSSL2 : 1; /* 8 */
327
unsigned int enableSSL3 : 1; /* 9 */
328
unsigned int enableTLS : 1; /* 10 */
329
unsigned int noCache : 1; /* 11 */
330
unsigned int fdx : 1; /* 12 */
331
unsigned int v2CompatibleHello : 1; /* 13 */
332
unsigned int detectRollBack : 1; /* 14 */
333
unsigned int noStepDown : 1; /* 15 */
334
unsigned int bypassPKCS11 : 1; /* 16 */
335
unsigned int noLocks : 1; /* 17 */
338
typedef enum { sslHandshakingUndetermined = 0,
339
sslHandshakingAsClient,
340
sslHandshakingAsServer
341
} sslHandshakingType;
343
typedef struct sslServerCertsStr {
344
/* Configuration state for server sockets */
345
CERTCertificate * serverCert;
346
CERTCertificateList * serverCertChain;
347
ssl3KeyPair * serverKeyPair;
348
unsigned int serverKeyBits;
351
#define SERVERKEY serverKeyPair->privKey
353
#define SSL_LOCK_RANK_SPEC 255
354
#define SSL_LOCK_RANK_GLOBAL NSS_RWLOCK_RANK_NONE
356
/* These are the valid values for shutdownHow.
357
** These values are each 1 greater than the NSPR values, and the code
358
** depends on that relation to efficiently convert PR_SHUTDOWN values
359
** into ssl_SHUTDOWN values. These values use one bit for read, and
360
** another bit for write, and can be used as bitmasks.
362
#define ssl_SHUTDOWN_NONE 0 /* NOT shutdown at all */
363
#define ssl_SHUTDOWN_RCV 1 /* PR_SHUTDOWN_RCV +1 */
364
#define ssl_SHUTDOWN_SEND 2 /* PR_SHUTDOWN_SEND +1 */
365
#define ssl_SHUTDOWN_BOTH 3 /* PR_SHUTDOWN_BOTH +1 */
368
** A gather object. Used to read some data until a count has been
369
** satisfied. Primarily for support of async sockets.
370
** Everything in here is protected by the recvBufLock.
372
struct sslGatherStr {
373
int state; /* see GS_ values below. */ /* ssl 2 & 3 */
375
/* "buf" holds received plaintext SSL records, after decrypt and MAC check.
376
* SSL2: recv'd ciphertext records are put here, then decrypted in place.
377
* SSL3: recv'd ciphertext records are put in inbuf (see below), then
378
* decrypted into buf.
380
sslBuffer buf; /*recvBufLock*/ /* ssl 2 & 3 */
382
/* number of bytes previously read into hdr or buf(ssl2) or inbuf (ssl3).
383
** (offset - writeOffset) is the number of ciphertext bytes read in but
384
** not yet deciphered.
386
unsigned int offset; /* ssl 2 & 3 */
388
/* number of bytes to read in next call to ssl_DefRecv (recv) */
389
unsigned int remainder; /* ssl 2 & 3 */
391
/* Number of ciphertext bytes to read in after 2-byte SSL record header. */
392
unsigned int count; /* ssl2 only */
394
/* size of the final plaintext record.
395
** == count - (recordPadding + MAC size)
397
unsigned int recordLen; /* ssl2 only */
399
/* number of bytes of padding to be removed after decrypting. */
400
/* This value is taken from the record's hdr[2], which means a too large
401
* value could crash us.
403
unsigned int recordPadding; /* ssl2 only */
405
/* plaintext DATA begins this many bytes into "buf". */
406
unsigned int recordOffset; /* ssl2 only */
408
int encrypted; /* SSL2 session is now encrypted. ssl2 only */
410
/* These next two values are used by SSL2 and SSL3.
411
** DoRecv uses them to extract application data.
412
** The difference between writeOffset and readOffset is the amount of
413
** data available to the application. Note that the actual offset of
414
** the data in "buf" is recordOffset (above), not readOffset.
415
** In the current implementation, this is made available before the
418
unsigned int readOffset; /* Spot where DATA reader (e.g. application
419
** or handshake code) will read next.
420
** Always zero for SSl3 application data.
422
/* offset in buf/inbuf/hdr into which new data will be read from socket. */
423
unsigned int writeOffset;
425
/* Buffer for ssl3 to read (encrypted) data from the socket */
426
sslBuffer inbuf; /*recvBufLock*/ /* ssl3 only */
428
/* The ssl[23]_GatherData functions read data into this buffer, rather
429
** than into buf or inbuf, while in the GS_HEADER state.
430
** The portion of the SSL record header put here always comes off the wire
431
** as plaintext, never ciphertext.
432
** For SSL2, the plaintext portion is two bytes long. For SSl3 it is 5.
434
unsigned char hdr[5]; /* ssl 2 & 3 */
437
/* sslGather.state */
444
typedef SECStatus (*SSLCipher)(void * context,
448
const unsigned char *in,
450
typedef SECStatus (*SSLDestroy)(void *context, PRBool freeit);
455
** ssl3State and CipherSpec structs
458
/* The SSL bulk cipher definition */
472
cipher_missing /* reserved for no such supported cipher */
473
/* This enum must match ssl3_cipherName[] in ssl3con.c. */
476
typedef enum { type_stream, type_block } CipherType;
478
#define MAX_IV_LENGTH 64
481
* Do not depend upon 64 bit arithmetic in the underlying machine.
486
} SSL3SequenceNumber;
488
#define MAX_MAC_CONTEXT_BYTES 400
489
#define MAX_MAC_CONTEXT_LLONGS (MAX_MAC_CONTEXT_BYTES / 8)
491
#define MAX_CIPHER_CONTEXT_BYTES 2080
492
#define MAX_CIPHER_CONTEXT_LLONGS (MAX_CIPHER_CONTEXT_BYTES / 8)
495
SSL3Opaque client_write_iv [24];
496
SSL3Opaque server_write_iv [24];
497
SSL3Opaque wrapped_master_secret [48];
498
PRUint16 wrapped_master_secret_len;
501
} ssl3SidKeys; /* 100 bytes */
504
PK11SymKey *write_key;
505
PK11SymKey *write_mac_key;
506
PK11Context *write_mac_context;
507
SECItem write_key_item;
508
SECItem write_iv_item;
509
SECItem write_mac_key_item;
510
SSL3Opaque write_iv[MAX_IV_LENGTH];
511
PRUint64 cipher_context[MAX_CIPHER_CONTEXT_LLONGS];
515
** These are the "specs" in the "ssl3" struct.
516
** Access to the pointers to these specs, and all the specs' contents
517
** (direct and indirect) is protected by the reader/writer lock ss->specLock.
520
const ssl3BulkCipherDef *cipher_def;
521
const ssl3MACDef * mac_def;
526
void * encodeContext;
527
void * decodeContext;
528
PRBool bypassCiphers; /* did double bypass (at least) */
529
PK11SymKey * master_secret;
530
SSL3SequenceNumber write_seq_num;
531
SSL3SequenceNumber read_seq_num;
532
SSL3ProtocolVersion version;
533
ssl3KeyMaterial client;
534
ssl3KeyMaterial server;
536
unsigned char key_block[NUM_MIXERS * MD5_LENGTH];
537
unsigned char raw_master_secret[56];
540
typedef enum { never_cached,
543
invalid_cache /* no longer in any cache. */
546
struct sslSessionIDStr {
547
sslSessionID * next; /* chain used for client sockets, only */
549
CERTCertificate * peerCert;
550
const char * peerID; /* client only */
551
const char * urlSvrName; /* client only */
552
CERTCertificate * localCert;
557
SSL3ProtocolVersion version;
559
PRUint32 creationTime; /* seconds since Jan 1, 1970 */
560
PRUint32 lastAccessTime; /* seconds since Jan 1, 1970 */
561
PRUint32 expirationTime; /* seconds since Jan 1, 1970 */
565
SSLSignType authAlgorithm;
566
PRUint32 authKeyBits;
572
/* the V2 code depends upon the size of sessionID. */
573
unsigned char sessionID[SSL2_SESSIONID_BYTES];
575
/* Stuff used to recreate key and read/write cipher objects */
576
SECItem masterKey; /* never wrapped */
583
/* values that are copied into the server's on-disk SID cache. */
584
uint8 sessionIDLength;
585
SSL3Opaque sessionID[SSL3_SESSIONID_BYTES];
587
ssl3CipherSuite cipherSuite;
588
SSL3CompressionMethod compression;
591
CK_MECHANISM_TYPE masterWrapMech;
592
/* mechanism used to wrap master secret */
593
SSL3KEAType exchKeyType;
594
/* key type used in exchange algorithm,
595
* and to wrap the sym wrapping key. */
596
#ifdef NSS_ENABLE_ECC
597
PRUint32 negotiatedECCurves;
598
#endif /* NSS_ENABLE_ECC */
600
/* The following values are NOT restored from the server's on-disk
601
* session cache, but are restored from the client's cache.
603
PK11SymKey * clientWriteKey;
604
PK11SymKey * serverWriteKey;
606
/* The following values pertain to the slot that wrapped the
607
** master secret. (used only in client)
609
SECMODModuleID masterModuleID;
610
/* what module wrapped the master secret */
611
CK_SLOT_ID masterSlotID;
612
PRUint16 masterWrapIndex;
613
/* what's the key index for the wrapping key */
614
PRUint16 masterWrapSeries;
615
/* keep track of the slot series, so we don't
616
* accidently try to use new keys after the
617
* card gets removed and replaced.*/
619
/* The following values pertain to the slot that did the signature
620
** for client auth. (used only in client)
622
SECMODModuleID clAuthModuleID;
623
CK_SLOT_ID clAuthSlotID;
624
PRUint16 clAuthSeries;
634
typedef struct ssl3CipherSuiteDefStr {
635
ssl3CipherSuite cipher_suite;
636
SSL3BulkCipher bulk_cipher_alg;
637
SSL3MACAlgorithm mac_alg;
638
SSL3KeyExchangeAlgorithm key_exchange_alg;
639
} ssl3CipherSuiteDef;
642
** There are tables of these, all const.
645
SSL3KeyExchangeAlgorithm kea;
646
SSL3KEAType exchKeyType;
647
SSL3SignType signKeyType;
653
typedef enum { kg_null, kg_strong, kg_export } SSL3KeyGenMode;
656
** There are tables of these, all const.
658
struct ssl3BulkCipherDefStr {
659
SSL3BulkCipher cipher;
660
SSLCipherAlgorithm calg;
666
SSL3KeyGenMode keygen_mode;
670
** There are tables of these, all const.
672
struct ssl3MACDefStr {
673
SSL3MACAlgorithm mac;
674
CK_MECHANISM_TYPE mmech;
695
** This is the "hs" member of the "ssl3" struct.
696
** This entire struct is protected by ssl3HandshakeLock
698
typedef struct SSL3HandshakeStateStr {
699
SSL3Random server_random;
700
SSL3Random client_random;
702
PRUint64 md5_cx[MAX_MAC_CONTEXT_LLONGS];
703
PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS];
704
PK11Context * md5; /* handshake running hashes */
706
const ssl3KEADef * kea_def;
707
ssl3CipherSuite cipher_suite;
708
const ssl3CipherSuiteDef *suite_def;
709
SSL3CompressionMethod compression;
710
sslBuffer msg_body; /* protected by recvBufLock */
711
/* partial handshake message from record layer */
712
unsigned int header_bytes;
713
/* number of bytes consumed from handshake */
714
/* message for message type and header length */
715
SSL3HandshakeType msg_type;
716
unsigned long msg_len;
717
SECItem ca_list; /* used only by client */
718
PRBool isResuming; /* are we resuming a session */
719
PRBool rehandshake; /* immediately start another handshake
720
* when this one finishes */
721
PRBool usedStepDownKey; /* we did a server key exchange. */
722
sslBuffer msgState; /* current state for handshake messages*/
723
/* protected by recvBufLock */
724
#ifdef NSS_ENABLE_ECC
725
PRUint32 negotiatedECCurves; /* bit mask */
726
#endif /* NSS_ENABLE_ECC */
727
} SSL3HandshakeState;
732
** This is the "ssl3" struct, as in "ss->ssl3".
734
** usually, crSpec == cwSpec and prSpec == pwSpec.
735
** Sometimes, crSpec == pwSpec and prSpec == cwSpec.
736
** But there are never more than 2 actual specs.
737
** No spec must ever be modified if either "current" pointer points to it.
739
struct ssl3StateStr {
742
** The following Specs and Spec pointers must be protected using the
745
ssl3CipherSpec * crSpec; /* current read spec. */
746
ssl3CipherSpec * prSpec; /* pending read spec. */
747
ssl3CipherSpec * cwSpec; /* current write spec. */
748
ssl3CipherSpec * pwSpec; /* pending write spec. */
750
CERTCertificate * clientCertificate; /* used by client */
751
SECKEYPrivateKey * clientPrivateKey; /* used by client */
752
CERTCertificateList *clientCertChain; /* used by client */
753
PRBool sendEmptyCert; /* used by client */
756
/* This says what cipher suites we can do, and should
757
* be either SSL_ALLOWED or SSL_RESTRICTED
759
PRArenaPool * peerCertArena;
760
/* These are used to keep track of the peer CA */
761
void * peerCertChain;
762
/* chain while we are trying to validate it. */
763
CERTDistNames * ca_list;
764
/* used by server. trusted CAs for this socket. */
766
SSL3HandshakeState hs;
767
ssl3CipherSpec specs[2]; /* one is current, one is pending. */
771
SSL3ContentType type;
772
SSL3ProtocolVersion version;
776
struct ssl3KeyPairStr {
777
SECKEYPrivateKey * privKey;
778
SECKEYPublicKey * pubKey;
779
PRInt32 refCount; /* use PR_Atomic calls for this. */
782
typedef struct SSLWrappedSymWrappingKeyStr {
783
SSL3Opaque wrappedSymmetricWrappingkey[512];
784
SSL3Opaque wrapIV[24];
785
CK_MECHANISM_TYPE symWrapMechanism;
786
/* unwrapped symmetric wrapping key uses this mechanism */
787
CK_MECHANISM_TYPE asymWrapMechanism;
788
/* mechanism used to wrap the SymmetricWrappingKey using
789
* server's public and/or private keys. */
790
SSL3KEAType exchKeyType; /* type of keys used to wrap SymWrapKey*/
791
PRInt32 symWrapMechIndex;
792
PRUint16 wrappedSymKeyLen;
794
} SSLWrappedSymWrappingKey;
806
* SSL2 buffers used in SSL3.
807
* writeBuf in the SecurityInfo maintained by sslsecur.c is used
808
* to hold the data just about to be passed to the kernel
809
* sendBuf in the ConnectInfo maintained by sslcon.c is used
810
* to hold handshake messages as they are accumulated
814
** This is "ci", as in "ss->sec.ci".
816
** Protection: All the variables in here are protected by
817
** firstHandshakeLock AND (in ssl3) ssl3HandshakeLock
819
struct sslConnectInfoStr {
820
/* outgoing handshakes appended to this. */
821
sslBuffer sendBuf; /*xmitBufLock*/ /* ssl 2 & 3 */
823
PRIPv6Addr peer; /* ssl 2 & 3 */
824
unsigned short port; /* ssl 2 & 3 */
826
sslSessionID *sid; /* ssl 2 & 3 */
828
/* see CIS_HAVE defines below for the bit values in *elements. */
829
char elements; /* ssl2 only */
830
char requiredElements; /* ssl2 only */
831
char sentElements; /* ssl2 only */
833
char sentFinished; /* ssl2 only */
835
/* Length of server challenge. Used by client when saving challenge */
836
int serverChallengeLen; /* ssl2 only */
837
/* type of authentication requested by server */
838
unsigned char authType; /* ssl2 only */
840
/* Challenge sent by client to server in client-hello message */
841
/* SSL3 gets a copy of this. See ssl3_StartHandshakeHash(). */
842
unsigned char clientChallenge[SSL_MAX_CHALLENGE_BYTES]; /* ssl 2 & 3 */
844
/* Connection-id sent by server to client in server-hello message */
845
unsigned char connectionID[SSL_CONNECTIONID_BYTES]; /* ssl2 only */
847
/* Challenge sent by server to client in request-certificate message */
848
unsigned char serverChallenge[SSL_MAX_CHALLENGE_BYTES]; /* ssl2 only */
850
/* Information kept to handle a request-certificate message */
851
unsigned char readKey[SSL_MAX_MASTER_KEY_BYTES]; /* ssl2 only */
852
unsigned char writeKey[SSL_MAX_MASTER_KEY_BYTES]; /* ssl2 only */
853
unsigned keySize; /* ssl2 only */
856
/* bit values for ci->elements, ci->requiredElements, sentElements. */
857
#define CIS_HAVE_MASTER_KEY 0x01
858
#define CIS_HAVE_CERTIFICATE 0x02
859
#define CIS_HAVE_FINISHED 0x04
860
#define CIS_HAVE_VERIFY 0x08
862
/* Note: The entire content of this struct and whatever it points to gets
863
* blown away by SSL_ResetHandshake(). This is "sec" as in "ss->sec".
865
* Unless otherwise specified below, the contents of this struct are
866
* protected by firstHandshakeLock AND (in ssl3) ssl3HandshakeLock.
868
struct sslSecurityInfoStr {
869
sslSendFunc send; /*xmitBufLock*/ /* ssl 2 & 3 */
870
int isServer; /* Spec Lock?*/ /* ssl 2 & 3 */
871
sslBuffer writeBuf; /*xmitBufLock*/ /* ssl 2 & 3 */
873
int cipherType; /* ssl 2 & 3 */
874
int keyBits; /* ssl 2 & 3 */
875
int secretKeyBits; /* ssl 2 & 3 */
876
CERTCertificate *localCert; /* ssl 2 & 3 */
877
CERTCertificate *peerCert; /* ssl 2 & 3 */
878
SECKEYPublicKey *peerKey; /* ssl3 only */
880
SSLSignType authAlgorithm;
881
PRUint32 authKeyBits;
886
** Procs used for SID cache (nonce) management.
887
** Different implementations exist for clients/servers
888
** The lookup proc is only used for servers. Baloney!
890
sslSessionIDCacheFunc cache; /* ssl 2 & 3 */
891
sslSessionIDUncacheFunc uncache; /* ssl 2 & 3 */
894
** everything below here is for ssl2 only.
895
** This stuff is equivalent to SSL3's "spec", and is protected by the
896
** same "Spec Lock" as used for SSL3's specs.
898
uint32 sendSequence; /*xmitBufLock*/ /* ssl2 only */
899
uint32 rcvSequence; /*recvBufLock*/ /* ssl2 only */
901
/* Hash information; used for one-way-hash functions (MD2, MD5, etc.) */
902
const SECHashObject *hash; /* Spec Lock */ /* ssl2 only */
903
void *hashcx; /* Spec Lock */ /* ssl2 only */
905
SECItem sendSecret; /* Spec Lock */ /* ssl2 only */
906
SECItem rcvSecret; /* Spec Lock */ /* ssl2 only */
908
/* Session cypher contexts; one for each direction */
909
void *readcx; /* Spec Lock */ /* ssl2 only */
910
void *writecx; /* Spec Lock */ /* ssl2 only */
911
SSLCipher enc; /* Spec Lock */ /* ssl2 only */
912
SSLCipher dec; /* Spec Lock */ /* ssl2 only */
913
void (*destroy)(void *, PRBool); /* Spec Lock */ /* ssl2 only */
915
/* Blocking information for the session cypher */
916
int blockShift; /* Spec Lock */ /* ssl2 only */
917
int blockSize; /* Spec Lock */ /* ssl2 only */
919
/* These are used during a connection handshake */
920
sslConnectInfo ci; /* ssl 2 & 3 */
930
struct sslSocketStr {
933
/* Pointer to operations vector for this socket */
934
const sslSocketOps * ops;
936
/* SSL socket options */
940
unsigned long clientAuthRequested;
941
unsigned long delayDisabled; /* Nagle delay disabled */
942
unsigned long firstHsDone; /* first handshake is complete. */
943
unsigned long handshakeBegun;
944
unsigned long lastWriteBlocked;
945
unsigned long recvdCloseNotify; /* received SSL EOF. */
946
unsigned long TCPconnected;
947
unsigned long appDataBuffered;
949
/* version of the protocol to use */
950
SSL3ProtocolVersion version;
951
SSL3ProtocolVersion clientHelloVersion; /* version sent in client hello. */
953
sslSecurityInfo sec; /* not a pointer any more */
955
/* protected by firstHandshakeLock AND (in ssl3) ssl3HandshakeLock. */
956
const char *url; /* ssl 2 & 3 */
958
sslHandshakeFunc handshake; /*firstHandshakeLock*/
959
sslHandshakeFunc nextHandshake; /*firstHandshakeLock*/
960
sslHandshakeFunc securityHandshake; /*firstHandshakeLock*/
962
/* registered callbacks that send server hello extensions */
963
ssl3HelloExtensionSender serverExtensionSenders[MAX_EXTENSION_SENDERS];
965
/* the following variable is only used with socks or other proxies. */
966
char * peerID; /* String uniquely identifies target server. */
968
unsigned char * cipherSpecs;
969
unsigned int sizeCipherSpecs;
970
const unsigned char * preferredCipher;
972
ssl3KeyPair * stepDownKeyPair; /* RSA step down keys */
975
SSLAuthCertificate authCertificate;
976
void *authCertificateArg;
977
SSLGetClientAuthData getClientAuthData;
978
void *getClientAuthDataArg;
979
SSLBadCertHandler handleBadCert;
981
SSLHandshakeCallback handshakeCallback;
982
void *handshakeCallbackData;
985
PRIntervalTime rTimeout; /* timeout for NSPR I/O */
986
PRIntervalTime wTimeout; /* timeout for NSPR I/O */
987
PRIntervalTime cTimeout; /* timeout for NSPR I/O */
989
PZLock * recvLock; /* lock against multiple reader threads. */
990
PZLock * sendLock; /* lock against multiple sender threads. */
992
PZMonitor * recvBufLock; /* locks low level recv buffers. */
993
PZMonitor * xmitBufLock; /* locks low level xmit buffers. */
995
/* Only one thread may operate on the socket until the initial handshake
996
** is complete. This Monitor ensures that. Since SSL2 handshake is
997
** only done once, this is also effectively the SSL2 handshake lock.
999
PZMonitor * firstHandshakeLock;
1001
/* This monitor protects the ssl3 handshake state machine data.
1002
** Only one thread (reader or writer) may be in the ssl3 handshake state
1003
** machine at any time. */
1004
PZMonitor * ssl3HandshakeLock;
1006
/* reader/writer lock, protects the secret data needed to encrypt and MAC
1007
** outgoing records, and to decrypt and MAC check incoming ciphertext
1009
NSSRWLock * specLock;
1011
/* handle to perm cert db (and implicitly to the temp cert db) used
1012
** with this socket.
1014
CERTCertDBHandle * dbHandle;
1016
PRThread * writerThread; /* thread holds SSL_LOCK_WRITER lock */
1018
PRUint16 shutdownHow; /* See ssl_SHUTDOWN defines below. */
1020
PRUint16 allowedByPolicy; /* copy of global policy bits. */
1021
PRUint16 maybeAllowedByPolicy; /* copy of global policy bits. */
1022
PRUint16 chosenPreference; /* SSL2 cipher preferences. */
1024
sslHandshakingType handshaking;
1026
/* Gather object used for gathering data */
1027
sslGather gs; /*recvBufLock*/
1029
sslBuffer saveBuf; /*xmitBufLock*/
1030
sslBuffer pendingBuf; /*xmitBufLock*/
1032
/* Configuration state for server sockets */
1033
/* server cert and key for each KEA type */
1034
sslServerCerts serverCerts[kt_kea_size];
1036
ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED];
1037
ssl3KeyPair * ephemeralECDHKeyPair; /* for ECDHE-* handshake */
1039
/* SSL3 state info. Formerly was a pointer */
1045
/* All the global data items declared here should be protected using the
1046
** ssl_global_data_lock, which is a reader/writer lock.
1048
extern NSSRWLock * ssl_global_data_lock;
1049
extern char ssl_debug;
1050
extern char ssl_trace;
1051
extern CERTDistNames * ssl3_server_ca_list;
1052
extern PRUint32 ssl_sid_timeout;
1053
extern PRUint32 ssl3_sid_timeout;
1054
extern PRBool ssl3_global_policy_some_restricted;
1056
extern const char * const ssl_cipherName[];
1057
extern const char * const ssl3_cipherName[];
1059
extern sslSessionIDLookupFunc ssl_sid_lookup;
1060
extern sslSessionIDCacheFunc ssl_sid_cache;
1061
extern sslSessionIDUncacheFunc ssl_sid_uncache;
1063
/************************************************************************/
1067
/* Implementation of ops for default (non socks, non secure) case */
1068
extern int ssl_DefConnect(sslSocket *ss, const PRNetAddr *addr);
1069
extern PRFileDesc *ssl_DefAccept(sslSocket *ss, PRNetAddr *addr);
1070
extern int ssl_DefBind(sslSocket *ss, const PRNetAddr *addr);
1071
extern int ssl_DefListen(sslSocket *ss, int backlog);
1072
extern int ssl_DefShutdown(sslSocket *ss, int how);
1073
extern int ssl_DefClose(sslSocket *ss);
1074
extern int ssl_DefRecv(sslSocket *ss, unsigned char *buf, int len, int flags);
1075
extern int ssl_DefSend(sslSocket *ss, const unsigned char *buf,
1076
int len, int flags);
1077
extern int ssl_DefRead(sslSocket *ss, unsigned char *buf, int len);
1078
extern int ssl_DefWrite(sslSocket *ss, const unsigned char *buf, int len);
1079
extern int ssl_DefGetpeername(sslSocket *ss, PRNetAddr *name);
1080
extern int ssl_DefGetsockname(sslSocket *ss, PRNetAddr *name);
1081
extern int ssl_DefGetsockopt(sslSocket *ss, PRSockOption optname,
1082
void *optval, PRInt32 *optlen);
1083
extern int ssl_DefSetsockopt(sslSocket *ss, PRSockOption optname,
1084
const void *optval, PRInt32 optlen);
1086
/* Implementation of ops for socks only case */
1087
extern int ssl_SocksConnect(sslSocket *ss, const PRNetAddr *addr);
1088
extern PRFileDesc *ssl_SocksAccept(sslSocket *ss, PRNetAddr *addr);
1089
extern int ssl_SocksBind(sslSocket *ss, const PRNetAddr *addr);
1090
extern int ssl_SocksListen(sslSocket *ss, int backlog);
1091
extern int ssl_SocksGetsockname(sslSocket *ss, PRNetAddr *name);
1092
extern int ssl_SocksRecv(sslSocket *ss, unsigned char *buf, int len, int flags);
1093
extern int ssl_SocksSend(sslSocket *ss, const unsigned char *buf,
1094
int len, int flags);
1095
extern int ssl_SocksRead(sslSocket *ss, unsigned char *buf, int len);
1096
extern int ssl_SocksWrite(sslSocket *ss, const unsigned char *buf, int len);
1098
/* Implementation of ops for secure only case */
1099
extern int ssl_SecureConnect(sslSocket *ss, const PRNetAddr *addr);
1100
extern PRFileDesc *ssl_SecureAccept(sslSocket *ss, PRNetAddr *addr);
1101
extern int ssl_SecureRecv(sslSocket *ss, unsigned char *buf,
1102
int len, int flags);
1103
extern int ssl_SecureSend(sslSocket *ss, const unsigned char *buf,
1104
int len, int flags);
1105
extern int ssl_SecureRead(sslSocket *ss, unsigned char *buf, int len);
1106
extern int ssl_SecureWrite(sslSocket *ss, const unsigned char *buf, int len);
1107
extern int ssl_SecureShutdown(sslSocket *ss, int how);
1108
extern int ssl_SecureClose(sslSocket *ss);
1110
/* Implementation of ops for secure socks case */
1111
extern int ssl_SecureSocksConnect(sslSocket *ss, const PRNetAddr *addr);
1112
extern PRFileDesc *ssl_SecureSocksAccept(sslSocket *ss, PRNetAddr *addr);
1113
extern PRFileDesc *ssl_FindTop(sslSocket *ss);
1116
extern sslGather * ssl_NewGather(void);
1117
extern SECStatus ssl_InitGather(sslGather *gs);
1118
extern void ssl_DestroyGather(sslGather *gs);
1119
extern int ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags);
1120
extern int ssl2_GatherRecord(sslSocket *ss, int flags);
1121
extern SECStatus ssl_GatherRecord1stHandshake(sslSocket *ss);
1123
extern SECStatus ssl2_HandleClientHelloMessage(sslSocket *ss);
1124
extern SECStatus ssl2_HandleServerHelloMessage(sslSocket *ss);
1125
extern int ssl2_StartGatherBytes(sslSocket *ss, sslGather *gs,
1126
unsigned int count);
1128
extern SECStatus ssl_CreateSecurityInfo(sslSocket *ss);
1129
extern SECStatus ssl_CopySecurityInfo(sslSocket *ss, sslSocket *os);
1130
extern void ssl_ResetSecurityInfo(sslSecurityInfo *sec, PRBool doMemset);
1131
extern void ssl_DestroySecurityInfo(sslSecurityInfo *sec);
1133
extern sslSocket * ssl_DupSocket(sslSocket *old);
1135
extern void ssl_PrintBuf(sslSocket *ss, const char *msg, const void *cp, int len);
1136
extern void ssl_DumpMsg(sslSocket *ss, unsigned char *bp, unsigned len);
1138
extern int ssl_SendSavedWriteData(sslSocket *ss);
1139
extern SECStatus ssl_SaveWriteData(sslSocket *ss,
1140
const void* p, unsigned int l);
1141
extern SECStatus ssl2_BeginClientHandshake(sslSocket *ss);
1142
extern SECStatus ssl2_BeginServerHandshake(sslSocket *ss);
1143
extern int ssl_Do1stHandshake(sslSocket *ss);
1145
extern SECStatus sslBuffer_Grow(sslBuffer *b, unsigned int newLen);
1147
extern void ssl2_UseClearSendFunc(sslSocket *ss);
1148
extern void ssl_ChooseSessionIDProcs(sslSecurityInfo *sec);
1150
extern sslSessionID *ssl_LookupSID(const PRIPv6Addr *addr, PRUint16 port,
1151
const char *peerID, const char *urlSvrName);
1152
extern void ssl_FreeSID(sslSessionID *sid);
1154
extern int ssl3_SendApplicationData(sslSocket *ss, const PRUint8 *in,
1155
int len, int flags);
1157
extern PRBool ssl_FdIsBlocking(PRFileDesc *fd);
1159
extern SECStatus ssl_SetTimeout(PRFileDesc *fd, PRIntervalTime timeout);
1161
extern PRBool ssl_SocketIsBlocking(sslSocket *ss);
1163
extern void ssl_SetAlwaysBlock(sslSocket *ss);
1165
extern SECStatus ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled);
1167
#define SSL_LOCK_READER(ss) if (ss->recvLock) PZ_Lock(ss->recvLock)
1168
#define SSL_UNLOCK_READER(ss) if (ss->recvLock) PZ_Unlock(ss->recvLock)
1169
#define SSL_LOCK_WRITER(ss) if (ss->sendLock) PZ_Lock(ss->sendLock)
1170
#define SSL_UNLOCK_WRITER(ss) if (ss->sendLock) PZ_Unlock(ss->sendLock)
1172
#define ssl_Get1stHandshakeLock(ss) \
1173
{ if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->firstHandshakeLock); }
1174
#define ssl_Release1stHandshakeLock(ss) \
1175
{ if (!ss->opt.noLocks) PZ_ExitMonitor((ss)->firstHandshakeLock); }
1176
#define ssl_Have1stHandshakeLock(ss) \
1177
(PZ_InMonitor((ss)->firstHandshakeLock))
1179
#define ssl_GetSSL3HandshakeLock(ss) \
1180
{ if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->ssl3HandshakeLock); }
1181
#define ssl_ReleaseSSL3HandshakeLock(ss) \
1182
{ if (!ss->opt.noLocks) PZ_ExitMonitor((ss)->ssl3HandshakeLock); }
1183
#define ssl_HaveSSL3HandshakeLock(ss) \
1184
(PZ_InMonitor((ss)->ssl3HandshakeLock))
1186
#define ssl_GetSpecReadLock(ss) \
1187
{ if (!ss->opt.noLocks) NSSRWLock_LockRead((ss)->specLock); }
1188
#define ssl_ReleaseSpecReadLock(ss) \
1189
{ if (!ss->opt.noLocks) NSSRWLock_UnlockRead((ss)->specLock); }
1191
#define ssl_GetSpecWriteLock(ss) \
1192
{ if (!ss->opt.noLocks) NSSRWLock_LockWrite((ss)->specLock); }
1193
#define ssl_ReleaseSpecWriteLock(ss) \
1194
{ if (!ss->opt.noLocks) NSSRWLock_UnlockWrite((ss)->specLock); }
1195
#define ssl_HaveSpecWriteLock(ss) \
1196
(NSSRWLock_HaveWriteLock((ss)->specLock))
1198
#define ssl_GetRecvBufLock(ss) \
1199
{ if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->recvBufLock); }
1200
#define ssl_ReleaseRecvBufLock(ss) \
1201
{ if (!ss->opt.noLocks) PZ_ExitMonitor( (ss)->recvBufLock); }
1202
#define ssl_HaveRecvBufLock(ss) \
1203
(PZ_InMonitor((ss)->recvBufLock))
1205
#define ssl_GetXmitBufLock(ss) \
1206
{ if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->xmitBufLock); }
1207
#define ssl_ReleaseXmitBufLock(ss) \
1208
{ if (!ss->opt.noLocks) PZ_ExitMonitor( (ss)->xmitBufLock); }
1209
#define ssl_HaveXmitBufLock(ss) \
1210
(PZ_InMonitor((ss)->xmitBufLock))
1213
extern SECStatus ssl3_KeyAndMacDeriveBypass(ssl3CipherSpec * pwSpec,
1214
const unsigned char * cr, const unsigned char * sr,
1215
PRBool isTLS, PRBool isExport);
1216
extern SECStatus ssl3_MasterKeyDeriveBypass( ssl3CipherSpec * pwSpec,
1217
const unsigned char * cr, const unsigned char * sr,
1218
const SECItem * pms, PRBool isTLS, PRBool isRSA);
1220
/* These functions are called from secnav, even though they're "private". */
1222
extern int ssl2_SendErrorMessage(struct sslSocketStr *ss, int error);
1223
extern int SSL_RestartHandshakeAfterServerCert(struct sslSocketStr *ss);
1224
extern int SSL_RestartHandshakeAfterCertReq(struct sslSocketStr *ss,
1225
CERTCertificate *cert,
1226
SECKEYPrivateKey *key,
1227
CERTCertificateList *certChain);
1228
extern sslSocket *ssl_FindSocket(PRFileDesc *fd);
1229
extern void ssl_FreeSocket(struct sslSocketStr *ssl);
1230
extern SECStatus SSL3_SendAlert(sslSocket *ss, SSL3AlertLevel level,
1231
SSL3AlertDescription desc);
1233
extern int ssl2_RestartHandshakeAfterCertReq(sslSocket * ss,
1234
CERTCertificate * cert,
1235
SECKEYPrivateKey * key);
1237
extern SECStatus ssl3_RestartHandshakeAfterCertReq(sslSocket * ss,
1238
CERTCertificate * cert,
1239
SECKEYPrivateKey * key,
1240
CERTCertificateList *certChain);
1242
extern int ssl2_RestartHandshakeAfterServerCert(sslSocket *ss);
1243
extern int ssl3_RestartHandshakeAfterServerCert(sslSocket *ss);
1246
* for dealing with SSL 3.0 clients sending SSL 2.0 format hellos
1248
extern SECStatus ssl3_HandleV2ClientHello(
1249
sslSocket *ss, unsigned char *buffer, int length);
1250
extern SECStatus ssl3_StartHandshakeHash(
1251
sslSocket *ss, unsigned char *buf, int length);
1254
* SSL3 specific routines
1256
SECStatus ssl3_SendClientHello(sslSocket *ss);
1259
* input into the SSL3 machinery from the actualy network reading code
1261
SECStatus ssl3_HandleRecord(
1262
sslSocket *ss, SSL3Ciphertext *cipher, sslBuffer *out);
1264
int ssl3_GatherAppDataRecord(sslSocket *ss, int flags);
1265
int ssl3_GatherCompleteHandshake(sslSocket *ss, int flags);
1267
* When talking to export clients or using export cipher suites, servers
1268
* with public RSA keys larger than 512 bits need to use a 512-bit public
1269
* key, signed by the larger key. The smaller key is a "step down" key.
1270
* Generate that key pair and keep it around.
1272
extern SECStatus ssl3_CreateRSAStepDownKeys(sslSocket *ss);
1274
#ifdef NSS_ENABLE_ECC
1275
extern void ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss);
1276
extern PRBool ssl3_IsECCEnabled(sslSocket *ss);
1277
extern SECStatus ssl3_DisableECCSuites(sslSocket * ss,
1278
const ssl3CipherSuite * suite);
1279
#endif /* NSS_ENABLE_ECC */
1281
extern SECStatus ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool on);
1282
extern SECStatus ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *on);
1283
extern SECStatus ssl2_CipherPrefSetDefault(PRInt32 which, PRBool enabled);
1284
extern SECStatus ssl2_CipherPrefGetDefault(PRInt32 which, PRBool *enabled);
1286
extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool on);
1287
extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *on);
1288
extern SECStatus ssl2_CipherPrefSet(sslSocket *ss, PRInt32 which, PRBool enabled);
1289
extern SECStatus ssl2_CipherPrefGet(sslSocket *ss, PRInt32 which, PRBool *enabled);
1291
extern SECStatus ssl3_SetPolicy(ssl3CipherSuite which, PRInt32 policy);
1292
extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy);
1293
extern SECStatus ssl2_SetPolicy(PRInt32 which, PRInt32 policy);
1294
extern SECStatus ssl2_GetPolicy(PRInt32 which, PRInt32 *policy);
1296
extern void ssl2_InitSocketPolicy(sslSocket *ss);
1297
extern void ssl3_InitSocketPolicy(sslSocket *ss);
1299
extern SECStatus ssl3_ConstructV2CipherSpecsHack(sslSocket *ss,
1300
unsigned char *cs, int *size);
1302
extern SECStatus ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache);
1304
extern void ssl3_DestroySSL3Info(sslSocket *ss);
1306
extern SECStatus ssl3_NegotiateVersion(sslSocket *ss,
1307
SSL3ProtocolVersion peerVersion);
1309
extern SECStatus ssl_GetPeerInfo(sslSocket *ss);
1311
#ifdef NSS_ENABLE_ECC
1312
/* ECDH functions */
1313
extern SECStatus ssl3_SendECDHClientKeyExchange(sslSocket * ss,
1314
SECKEYPublicKey * svrPubKey);
1315
extern SECStatus ssl3_HandleECDHServerKeyExchange(sslSocket *ss,
1316
SSL3Opaque *b, PRUint32 length);
1317
extern SECStatus ssl3_HandleECDHClientKeyExchange(sslSocket *ss,
1318
SSL3Opaque *b, PRUint32 length,
1319
SECKEYPublicKey *srvrPubKey,
1320
SECKEYPrivateKey *srvrPrivKey);
1321
extern SECStatus ssl3_SendECDHServerKeyExchange(sslSocket *ss);
1324
extern SECStatus ssl3_ComputeCommonKeyHash(PRUint8 * hashBuf,
1325
unsigned int bufLen, SSL3Hashes *hashes,
1326
PRBool bypassPKCS11);
1327
extern SECStatus ssl3_InitPendingCipherSpec(sslSocket *ss, PK11SymKey *pms);
1328
extern SECStatus ssl3_AppendHandshake(sslSocket *ss, const void *void_src,
1330
extern SECStatus ssl3_AppendHandshakeHeader(sslSocket *ss,
1331
SSL3HandshakeType t, PRUint32 length);
1332
extern SECStatus ssl3_AppendHandshakeNumber(sslSocket *ss, PRInt32 num,
1334
extern SECStatus ssl3_AppendHandshakeVariable( sslSocket *ss,
1335
const SSL3Opaque *src, PRInt32 bytes, PRInt32 lenSize);
1336
extern SECStatus ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRInt32 bytes,
1337
SSL3Opaque **b, PRUint32 *length);
1338
extern PRInt32 ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRInt32 bytes,
1339
SSL3Opaque **b, PRUint32 *length);
1340
extern SECStatus ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i,
1341
PRInt32 bytes, SSL3Opaque **b, PRUint32 *length);
1342
extern SECStatus ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key,
1343
SECItem *buf, PRBool isTLS);
1344
extern SECStatus ssl3_VerifySignedHashes(SSL3Hashes *hash,
1345
CERTCertificate *cert, SECItem *buf, PRBool isTLS,
1348
/* functions that append extensions to hello messages. */
1349
extern PRInt32 ssl3_SendServerNameIndicationExtension( sslSocket * ss,
1350
PRBool append, PRUint32 maxBytes);
1352
/* call the registered extension handlers. */
1353
extern SECStatus ssl3_HandleClientHelloExtensions(sslSocket *ss,
1354
SSL3Opaque **b, PRUint32 *length);
1356
/* Construct a new NSPR socket for the app to use */
1357
extern PRFileDesc *ssl_NewPRSocket(sslSocket *ss, PRFileDesc *fd);
1358
extern void ssl_FreePRSocket(PRFileDesc *fd);
1360
/* Internal config function so SSL2 can initialize the present state of
1361
* various ciphers */
1362
extern int ssl3_config_match_init(sslSocket *);
1365
/* Create a new ref counted key pair object from two keys. */
1366
extern ssl3KeyPair * ssl3_NewKeyPair( SECKEYPrivateKey * privKey,
1367
SECKEYPublicKey * pubKey);
1369
/* get a new reference (bump ref count) to an ssl3KeyPair. */
1370
extern ssl3KeyPair * ssl3_GetKeyPairRef(ssl3KeyPair * keyPair);
1372
/* Decrement keypair's ref count and free if zero. */
1373
extern void ssl3_FreeKeyPair(ssl3KeyPair * keyPair);
1375
/* calls for accessing wrapping keys across processes. */
1377
ssl_GetWrappingKey( PRInt32 symWrapMechIndex,
1378
SSL3KEAType exchKeyType,
1379
SSLWrappedSymWrappingKey *wswk);
1381
/* The caller passes in the new value it wants
1382
* to set. This code tests the wrapped sym key entry in the file on disk.
1383
* If it is uninitialized, this function writes the caller's value into
1384
* the disk entry, and returns false.
1385
* Otherwise, it overwrites the caller's wswk with the value obtained from
1386
* the disk, and returns PR_TRUE.
1387
* This is all done while holding the locks/semaphores necessary to make
1388
* the operation atomic.
1391
ssl_SetWrappingKey(SSLWrappedSymWrappingKey *wswk);
1393
/* get rid of the symmetric wrapping key references. */
1394
extern SECStatus SSL3_ShutdownServerCache(void);
1396
extern void ssl_InitClientSessionCacheLock(void);
1398
extern void ssl_InitSymWrapKeysLock(void);
1400
/********************** misc calls *********************/
1402
extern int ssl_MapLowLevelError(int hiLevelError);
1404
extern PRUint32 ssl_Time(void);
1407
SECStatus SSL_DisableDefaultExportCipherSuites(void);
1408
SECStatus SSL_DisableExportCipherSuites(PRFileDesc * fd);
1409
PRBool SSL_IsExportCipherSuite(PRUint16 cipherSuite);
1413
#define SSL_TRACE(msg) ssl_Trace msg
1415
#define SSL_TRACE(msg)
1418
void ssl_Trace(const char *format, ...);
1423
#include <process.h>
1426
#if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS)
1427
#define SSL_GETPID getpid
1428
#elif defined(_WIN32_WCE)
1429
#define SSL_GETPID GetCurrentProcessId
1430
#elif defined(WIN32)
1431
extern int __cdecl _getpid(void);
1432
#define SSL_GETPID _getpid
1434
#define SSL_GETPID() 0
1437
#endif /* __sslimpl_h_ */