2 * vtables (and methods that call through them) for the 4 types of
3 * SSLSockets supported. Only one type is still supported.
4 * Various other functions.
6 * This Source Code Form is subject to the terms of the Mozilla Public
7 * License, v. 2.0. If a copy of the MPL was not distributed with this
8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
16 #include "private/pprio.h"
17 #ifndef NO_PKCS11_BYPASS
22 #define SET_ERROR_CODE /* reminder */
24 static const sslSocketOps ssl_default_ops = { /* No SSL. */
39 static const sslSocketOps ssl_secure_ops = { /* SSL. */
55 ** default settings for socket enables
57 static sslOptions ssl_defaults = {
58 { siBuffer, NULL, 0 }, /* nextProtoNego */
59 PR_TRUE, /* useSecurity */
60 PR_FALSE, /* useSocks */
61 PR_FALSE, /* requestCertificate */
62 2, /* requireCertificate */
63 PR_FALSE, /* handshakeAsClient */
64 PR_FALSE, /* handshakeAsServer */
65 PR_FALSE, /* enableSSL2 */ /* now defaults to off in NSS 3.13 */
66 PR_FALSE, /* unusedBit9 */
67 PR_FALSE, /* unusedBit10 */
68 PR_FALSE, /* noCache */
70 PR_FALSE, /* v2CompatibleHello */ /* now defaults to off in NSS 3.13 */
71 PR_TRUE, /* detectRollBack */
72 PR_FALSE, /* noStepDown */
73 PR_FALSE, /* bypassPKCS11 */
74 PR_FALSE, /* noLocks */
75 PR_FALSE, /* enableSessionTickets */
76 PR_FALSE, /* enableDeflate */
77 2, /* enableRenegotiation (default: requires extension) */
78 PR_FALSE, /* requireSafeNegotiation */
79 PR_FALSE, /* enableFalseStart */
80 PR_TRUE, /* cbcRandomIV */
81 PR_FALSE, /* enableOCSPStapling */
82 PR_TRUE, /* enableNPN */
83 PR_FALSE /* enableALPN */
87 * default range of enabled SSL/TLS protocols
89 static SSLVersionRange versions_defaults_stream = {
90 SSL_LIBRARY_VERSION_3_0,
91 SSL_LIBRARY_VERSION_TLS_1_0
94 static SSLVersionRange versions_defaults_datagram = {
95 SSL_LIBRARY_VERSION_TLS_1_1,
96 SSL_LIBRARY_VERSION_TLS_1_1
99 #define VERSIONS_DEFAULTS(variant) \
100 (variant == ssl_variant_stream ? &versions_defaults_stream : \
101 &versions_defaults_datagram)
103 sslSessionIDLookupFunc ssl_sid_lookup;
104 sslSessionIDCacheFunc ssl_sid_cache;
105 sslSessionIDUncacheFunc ssl_sid_uncache;
107 static PRBool ssl_inited = PR_FALSE;
108 static PRDescIdentity ssl_layer_id;
110 PRBool locksEverDisabled; /* implicitly PR_FALSE */
111 PRBool ssl_force_locks; /* implicitly PR_FALSE */
112 int ssl_lock_readers = 1; /* default true. */
115 FILE * ssl_trace_iob;
116 FILE * ssl_keylog_iob;
117 char lockStatus[] = "Locks are ENABLED. ";
118 #define LOCKSTATUS_OFFSET 10 /* offset of ENABLED */
120 /* SRTP_NULL_HMAC_SHA1_80 and SRTP_NULL_HMAC_SHA1_32 are not implemented. */
121 static const PRUint16 srtpCiphers[] = {
122 SRTP_AES128_CM_HMAC_SHA1_80,
123 SRTP_AES128_CM_HMAC_SHA1_32,
127 /* forward declarations. */
128 static sslSocket *ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant variant);
129 static SECStatus ssl_MakeLocks(sslSocket *ss);
130 static void ssl_SetDefaultsFromEnvironment(void);
131 static PRStatus ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack,
134 /************************************************************************/
137 ** Lookup a socket structure from a file descriptor.
138 ** Only functions called through the PRIOMethods table should use this.
139 ** Other app-callable functions should use ssl_FindSocket.
142 ssl_GetPrivate(PRFileDesc *fd)
146 PORT_Assert(fd != NULL);
147 PORT_Assert(fd->methods->file_type == PR_DESC_LAYERED);
148 PORT_Assert(fd->identity == ssl_layer_id);
150 if (fd->methods->file_type != PR_DESC_LAYERED ||
151 fd->identity != ssl_layer_id) {
152 PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
156 ss = (sslSocket *)fd->secret;
157 /* Set ss->fd lazily. We can't rely on the value of ss->fd set by
158 * ssl_PushIOLayer because another PR_PushIOLayer call will switch the
159 * contents of the PRFileDesc pointed by ss->fd and the new layer.
166 /* This function tries to find the SSL layer in the stack.
167 * It searches for the first SSL layer at or below the argument fd,
168 * and failing that, it searches for the nearest SSL layer above the
169 * argument fd. It returns the private sslSocket from the found layer.
172 ssl_FindSocket(PRFileDesc *fd)
177 PORT_Assert(fd != NULL);
178 PORT_Assert(ssl_layer_id != 0);
180 layer = PR_GetIdentitiesLayer(fd, ssl_layer_id);
182 PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
186 ss = (sslSocket *)layer->secret;
187 /* Set ss->fd lazily. We can't rely on the value of ss->fd set by
188 * ssl_PushIOLayer because another PR_PushIOLayer call will switch the
189 * contents of the PRFileDesc pointed by ss->fd and the new layer.
197 ssl_DupSocket(sslSocket *os)
202 ss = ssl_NewSocket((PRBool)(!os->opt.noLocks), os->protocolVariant);
205 ss->opt.useSocks = PR_FALSE;
206 ss->vrange = os->vrange;
208 ss->peerID = !os->peerID ? NULL : PORT_Strdup(os->peerID);
209 ss->url = !os->url ? NULL : PORT_Strdup(os->url);
212 ss->rTimeout = os->rTimeout;
213 ss->wTimeout = os->wTimeout;
214 ss->cTimeout = os->cTimeout;
215 ss->dbHandle = os->dbHandle;
217 /* copy ssl2&3 policy & prefs, even if it's not selected (yet) */
218 ss->allowedByPolicy = os->allowedByPolicy;
219 ss->maybeAllowedByPolicy= os->maybeAllowedByPolicy;
220 ss->chosenPreference = os->chosenPreference;
221 PORT_Memcpy(ss->cipherSuites, os->cipherSuites, sizeof os->cipherSuites);
222 PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, os->ssl3.dtlsSRTPCiphers,
223 sizeof(PRUint16) * os->ssl3.dtlsSRTPCipherCount);
224 ss->ssl3.dtlsSRTPCipherCount = os->ssl3.dtlsSRTPCipherCount;
226 if (os->cipherSpecs) {
227 ss->cipherSpecs = (unsigned char*)PORT_Alloc(os->sizeCipherSpecs);
229 PORT_Memcpy(ss->cipherSpecs, os->cipherSpecs,
230 os->sizeCipherSpecs);
231 ss->sizeCipherSpecs = os->sizeCipherSpecs;
232 ss->preferredCipher = os->preferredCipher;
234 ss->cipherSpecs = NULL; /* produced lazily */
235 ss->sizeCipherSpecs = 0;
236 ss->preferredCipher = NULL;
238 if (ss->opt.useSecurity) {
239 /* This int should be SSLKEAType, but CC on Irix complains,
240 * during the for loop.
243 sslServerCerts * oc = os->serverCerts;
244 sslServerCerts * sc = ss->serverCerts;
246 for (i=kt_null; i < kt_kea_size; i++, oc++, sc++) {
247 if (oc->serverCert && oc->serverCertChain) {
248 sc->serverCert = CERT_DupCertificate(oc->serverCert);
249 sc->serverCertChain = CERT_DupCertList(oc->serverCertChain);
250 if (!sc->serverCertChain)
253 sc->serverCert = NULL;
254 sc->serverCertChain = NULL;
256 sc->serverKeyPair = oc->serverKeyPair ?
257 ssl3_GetKeyPairRef(oc->serverKeyPair) : NULL;
258 if (oc->serverKeyPair && !sc->serverKeyPair)
260 sc->serverKeyBits = oc->serverKeyBits;
261 ss->certStatusArray[i] = !os->certStatusArray[i] ? NULL :
262 SECITEM_DupArray(NULL, os->certStatusArray[i]);
264 ss->stepDownKeyPair = !os->stepDownKeyPair ? NULL :
265 ssl3_GetKeyPairRef(os->stepDownKeyPair);
266 ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL :
267 ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair);
269 * XXX the preceding CERT_ and SECKEY_ functions can fail and return NULL.
270 * XXX We should detect this, and not just march on with NULL pointers.
272 ss->authCertificate = os->authCertificate;
273 ss->authCertificateArg = os->authCertificateArg;
274 ss->getClientAuthData = os->getClientAuthData;
275 ss->getClientAuthDataArg = os->getClientAuthDataArg;
276 ss->sniSocketConfig = os->sniSocketConfig;
277 ss->sniSocketConfigArg = os->sniSocketConfigArg;
278 ss->handleBadCert = os->handleBadCert;
279 ss->badCertArg = os->badCertArg;
280 ss->handshakeCallback = os->handshakeCallback;
281 ss->handshakeCallbackData = os->handshakeCallbackData;
282 ss->canFalseStartCallback = os->canFalseStartCallback;
283 ss->canFalseStartCallbackData = os->canFalseStartCallbackData;
284 ss->pkcs11PinArg = os->pkcs11PinArg;
286 /* Create security data */
287 rv = ssl_CopySecurityInfo(ss, os);
288 if (rv != SECSuccess) {
301 ssl_DestroyLocks(sslSocket *ss)
304 if (ss->firstHandshakeLock) {
305 PZ_DestroyMonitor(ss->firstHandshakeLock);
306 ss->firstHandshakeLock = NULL;
308 if (ss->ssl3HandshakeLock) {
309 PZ_DestroyMonitor(ss->ssl3HandshakeLock);
310 ss->ssl3HandshakeLock = NULL;
313 NSSRWLock_Destroy(ss->specLock);
318 PZ_DestroyLock(ss->recvLock);
322 PZ_DestroyLock(ss->sendLock);
325 if (ss->xmitBufLock) {
326 PZ_DestroyMonitor(ss->xmitBufLock);
327 ss->xmitBufLock = NULL;
329 if (ss->recvBufLock) {
330 PZ_DestroyMonitor(ss->recvBufLock);
331 ss->recvBufLock = NULL;
335 /* Caller holds any relevant locks */
337 ssl_DestroySocketContents(sslSocket *ss)
339 /* "i" should be of type SSLKEAType, but CC on IRIX complains during
345 ssl_DestroySecurityInfo(&ss->sec);
347 ssl3_DestroySSL3Info(ss);
349 PORT_Free(ss->saveBuf.buf);
350 PORT_Free(ss->pendingBuf.buf);
351 ssl_DestroyGather(&ss->gs);
353 if (ss->peerID != NULL)
354 PORT_Free(ss->peerID);
356 PORT_Free((void *)ss->url); /* CONST */
357 if (ss->cipherSpecs) {
358 PORT_Free(ss->cipherSpecs);
359 ss->cipherSpecs = NULL;
360 ss->sizeCipherSpecs = 0;
363 /* Clean up server configuration */
364 for (i=kt_null; i < kt_kea_size; i++) {
365 sslServerCerts * sc = ss->serverCerts + i;
366 if (sc->serverCert != NULL)
367 CERT_DestroyCertificate(sc->serverCert);
368 if (sc->serverCertChain != NULL)
369 CERT_DestroyCertificateList(sc->serverCertChain);
370 if (sc->serverKeyPair != NULL)
371 ssl3_FreeKeyPair(sc->serverKeyPair);
372 if (ss->certStatusArray[i] != NULL) {
373 SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE);
374 ss->certStatusArray[i] = NULL;
377 if (ss->stepDownKeyPair) {
378 ssl3_FreeKeyPair(ss->stepDownKeyPair);
379 ss->stepDownKeyPair = NULL;
381 if (ss->ephemeralECDHKeyPair) {
382 ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
383 ss->ephemeralECDHKeyPair = NULL;
385 SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE);
386 PORT_Assert(!ss->xtnData.sniNameArr);
387 if (ss->xtnData.sniNameArr) {
388 PORT_Free(ss->xtnData.sniNameArr);
389 ss->xtnData.sniNameArr = NULL;
394 * free an sslSocket struct, and all the stuff that hangs off of it
397 ssl_FreeSocket(sslSocket *ss)
399 /* Get every lock you can imagine!
400 ** Caller already holds these:
401 ** SSL_LOCK_READER(ss);
402 ** SSL_LOCK_WRITER(ss);
404 ssl_Get1stHandshakeLock(ss);
405 ssl_GetRecvBufLock(ss);
406 ssl_GetSSL3HandshakeLock(ss);
407 ssl_GetXmitBufLock(ss);
408 ssl_GetSpecWriteLock(ss);
410 ssl_DestroySocketContents(ss);
412 /* Release all the locks acquired above. */
413 SSL_UNLOCK_READER(ss);
414 SSL_UNLOCK_WRITER(ss);
415 ssl_Release1stHandshakeLock(ss);
416 ssl_ReleaseRecvBufLock(ss);
417 ssl_ReleaseSSL3HandshakeLock(ss);
418 ssl_ReleaseXmitBufLock(ss);
419 ssl_ReleaseSpecWriteLock(ss);
421 ssl_DestroyLocks(ss);
424 PORT_Memset(ss, 0x1f, sizeof *ss);
430 /************************************************************************/
432 ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled)
434 PRFileDesc * osfd = ss->fd->lower;
435 SECStatus rv = SECFailure;
436 PRSocketOptionData opt;
438 opt.option = PR_SockOpt_NoDelay;
439 opt.value.no_delay = (PRBool)!enabled;
441 if (osfd->methods->setsocketoption) {
442 rv = (SECStatus) osfd->methods->setsocketoption(osfd, &opt);
444 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
451 ssl_ChooseOps(sslSocket *ss)
453 ss->ops = ss->opt.useSecurity ? &ssl_secure_ops : &ssl_default_ops;
456 /* Called from SSL_Enable (immediately below) */
458 PrepareSocket(sslSocket *ss)
460 SECStatus rv = SECSuccess;
467 SSL_Enable(PRFileDesc *fd, int which, PRBool on)
469 return SSL_OptionSet(fd, which, on);
472 #ifndef NO_PKCS11_BYPASS
473 static const PRCallOnceType pristineCallOnce;
474 static PRCallOnceType setupBypassOnce;
476 static SECStatus SSL_BypassShutdown(void* appData, void* nssData)
478 /* unload freeBL shared library from memory */
480 setupBypassOnce = pristineCallOnce;
484 static PRStatus SSL_BypassRegisterShutdown(void)
486 SECStatus rv = NSS_RegisterShutdown(SSL_BypassShutdown, NULL);
487 PORT_Assert(SECSuccess == rv);
488 return SECSuccess == rv ? PR_SUCCESS : PR_FAILURE;
492 static PRStatus SSL_BypassSetup(void)
494 #ifdef NO_PKCS11_BYPASS
495 /* Guarantee binary compatibility */
498 return PR_CallOnce(&setupBypassOnce, &SSL_BypassRegisterShutdown);
502 /* Implements the semantics for SSL_OptionSet(SSL_ENABLE_TLS, on) described in
503 * ssl.h in the section "SSL version range setting API".
506 ssl_EnableTLS(SSLVersionRange *vrange, PRBool on)
508 if (SSL3_ALL_VERSIONS_DISABLED(vrange)) {
510 vrange->min = SSL_LIBRARY_VERSION_TLS_1_0;
511 vrange->max = SSL_LIBRARY_VERSION_TLS_1_0;
512 } /* else don't change anything */
517 /* Expand the range of enabled version to include TLS 1.0 */
518 vrange->min = PR_MIN(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
519 vrange->max = PR_MAX(vrange->max, SSL_LIBRARY_VERSION_TLS_1_0);
521 /* Disable all TLS versions, leaving only SSL 3.0 if it was enabled */
522 if (vrange->min == SSL_LIBRARY_VERSION_3_0) {
523 vrange->max = SSL_LIBRARY_VERSION_3_0;
525 /* Only TLS was enabled, so now no versions are. */
526 vrange->min = SSL_LIBRARY_VERSION_NONE;
527 vrange->max = SSL_LIBRARY_VERSION_NONE;
532 /* Implements the semantics for SSL_OptionSet(SSL_ENABLE_SSL3, on) described in
533 * ssl.h in the section "SSL version range setting API".
536 ssl_EnableSSL3(SSLVersionRange *vrange, PRBool on)
538 if (SSL3_ALL_VERSIONS_DISABLED(vrange)) {
540 vrange->min = SSL_LIBRARY_VERSION_3_0;
541 vrange->max = SSL_LIBRARY_VERSION_3_0;
542 } /* else don't change anything */
547 /* Expand the range of enabled versions to include SSL 3.0. We know
548 * SSL 3.0 or some version of TLS is already enabled at this point, so
549 * we don't need to change vrange->max.
551 vrange->min = SSL_LIBRARY_VERSION_3_0;
553 /* Disable SSL 3.0, leaving TLS unaffected. */
554 if (vrange->max > SSL_LIBRARY_VERSION_3_0) {
555 vrange->min = PR_MAX(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
557 /* Only SSL 3.0 was enabled, so now no versions are. */
558 vrange->min = SSL_LIBRARY_VERSION_NONE;
559 vrange->max = SSL_LIBRARY_VERSION_NONE;
565 SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
567 sslSocket *ss = ssl_FindSocket(fd);
568 SECStatus rv = SECSuccess;
572 SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd));
576 holdingLocks = (!ss->opt.noLocks);
577 ssl_Get1stHandshakeLock(ss);
578 ssl_GetSSL3HandshakeLock(ss);
582 ss->opt.useSocks = PR_FALSE;
583 rv = PrepareSocket(ss);
585 PORT_SetError(SEC_ERROR_INVALID_ARGS);
591 ss->opt.useSecurity = on;
592 rv = PrepareSocket(ss);
595 case SSL_REQUEST_CERTIFICATE:
596 ss->opt.requestCertificate = on;
599 case SSL_REQUIRE_CERTIFICATE:
600 ss->opt.requireCertificate = on;
603 case SSL_HANDSHAKE_AS_CLIENT:
604 if ( ss->opt.handshakeAsServer && on ) {
605 PORT_SetError(SEC_ERROR_INVALID_ARGS);
609 ss->opt.handshakeAsClient = on;
612 case SSL_HANDSHAKE_AS_SERVER:
613 if ( ss->opt.handshakeAsClient && on ) {
614 PORT_SetError(SEC_ERROR_INVALID_ARGS);
618 ss->opt.handshakeAsServer = on;
624 PORT_SetError(SEC_ERROR_INVALID_ARGS);
625 rv = SECFailure; /* not allowed */
629 ssl_EnableTLS(&ss->vrange, on);
630 ss->preferredCipher = NULL;
631 if (ss->cipherSpecs) {
632 PORT_Free(ss->cipherSpecs);
633 ss->cipherSpecs = NULL;
634 ss->sizeCipherSpecs = 0;
638 case SSL_ENABLE_SSL3:
641 PORT_SetError(SEC_ERROR_INVALID_ARGS);
642 rv = SECFailure; /* not allowed */
646 ssl_EnableSSL3(&ss->vrange, on);
647 ss->preferredCipher = NULL;
648 if (ss->cipherSpecs) {
649 PORT_Free(ss->cipherSpecs);
650 ss->cipherSpecs = NULL;
651 ss->sizeCipherSpecs = 0;
655 case SSL_ENABLE_SSL2:
658 PORT_SetError(SEC_ERROR_INVALID_ARGS);
659 rv = SECFailure; /* not allowed */
663 ss->opt.enableSSL2 = on;
665 ss->opt.v2CompatibleHello = on;
667 ss->preferredCipher = NULL;
668 if (ss->cipherSpecs) {
669 PORT_Free(ss->cipherSpecs);
670 ss->cipherSpecs = NULL;
671 ss->sizeCipherSpecs = 0;
676 ss->opt.noCache = on;
680 if (on && ss->opt.noLocks) {
681 PORT_SetError(SEC_ERROR_INVALID_ARGS);
687 case SSL_V2_COMPATIBLE_HELLO:
690 PORT_SetError(SEC_ERROR_INVALID_ARGS);
691 rv = SECFailure; /* not allowed */
695 ss->opt.v2CompatibleHello = on;
697 ss->opt.enableSSL2 = on;
701 case SSL_ROLLBACK_DETECTION:
702 ss->opt.detectRollBack = on;
705 case SSL_NO_STEP_DOWN:
706 ss->opt.noStepDown = on;
708 SSL_DisableExportCipherSuites(fd);
711 case SSL_BYPASS_PKCS11:
712 if (ss->handshakeBegun) {
713 PORT_SetError(PR_INVALID_STATE_ERROR);
716 if (PR_FALSE != on) {
717 if (PR_SUCCESS == SSL_BypassSetup() ) {
718 #ifdef NO_PKCS11_BYPASS
719 ss->opt.bypassPKCS11 = PR_FALSE;
721 ss->opt.bypassPKCS11 = on;
727 ss->opt.bypassPKCS11 = PR_FALSE;
733 if (on && ss->opt.fdx) {
734 PORT_SetError(SEC_ERROR_INVALID_ARGS);
737 if (on && ssl_force_locks)
738 on = PR_FALSE; /* silent override */
739 ss->opt.noLocks = on;
741 locksEverDisabled = PR_TRUE;
742 strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
743 } else if (!holdingLocks) {
744 rv = ssl_MakeLocks(ss);
745 if (rv != SECSuccess) {
746 ss->opt.noLocks = PR_TRUE;
751 case SSL_ENABLE_SESSION_TICKETS:
752 ss->opt.enableSessionTickets = on;
755 case SSL_ENABLE_DEFLATE:
756 ss->opt.enableDeflate = on;
759 case SSL_ENABLE_RENEGOTIATION:
760 ss->opt.enableRenegotiation = on;
763 case SSL_REQUIRE_SAFE_NEGOTIATION:
764 ss->opt.requireSafeNegotiation = on;
767 case SSL_ENABLE_FALSE_START:
768 ss->opt.enableFalseStart = on;
771 case SSL_CBC_RANDOM_IV:
772 ss->opt.cbcRandomIV = on;
775 case SSL_ENABLE_OCSP_STAPLING:
776 ss->opt.enableOCSPStapling = on;
780 ss->opt.enableNPN = on;
783 case SSL_ENABLE_ALPN:
784 ss->opt.enableALPN = on;
788 PORT_SetError(SEC_ERROR_INVALID_ARGS);
792 /* We can't use the macros for releasing the locks here,
793 * because ss->opt.noLocks might have changed just above.
794 * We must release these locks (monitors) here, if we aquired them above,
795 * regardless of the current value of ss->opt.noLocks.
798 PZ_ExitMonitor((ss)->ssl3HandshakeLock);
799 PZ_ExitMonitor((ss)->firstHandshakeLock);
806 SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
808 sslSocket *ss = ssl_FindSocket(fd);
809 SECStatus rv = SECSuccess;
810 PRBool on = PR_FALSE;
813 PORT_SetError(SEC_ERROR_INVALID_ARGS);
817 SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd));
822 ssl_Get1stHandshakeLock(ss);
823 ssl_GetSSL3HandshakeLock(ss);
826 case SSL_SOCKS: on = PR_FALSE; break;
827 case SSL_SECURITY: on = ss->opt.useSecurity; break;
828 case SSL_REQUEST_CERTIFICATE: on = ss->opt.requestCertificate; break;
829 case SSL_REQUIRE_CERTIFICATE: on = ss->opt.requireCertificate; break;
830 case SSL_HANDSHAKE_AS_CLIENT: on = ss->opt.handshakeAsClient; break;
831 case SSL_HANDSHAKE_AS_SERVER: on = ss->opt.handshakeAsServer; break;
833 on = ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_0;
835 case SSL_ENABLE_SSL3:
836 on = ss->vrange.min == SSL_LIBRARY_VERSION_3_0;
838 case SSL_ENABLE_SSL2: on = ss->opt.enableSSL2; break;
839 case SSL_NO_CACHE: on = ss->opt.noCache; break;
840 case SSL_ENABLE_FDX: on = ss->opt.fdx; break;
841 case SSL_V2_COMPATIBLE_HELLO: on = ss->opt.v2CompatibleHello; break;
842 case SSL_ROLLBACK_DETECTION: on = ss->opt.detectRollBack; break;
843 case SSL_NO_STEP_DOWN: on = ss->opt.noStepDown; break;
844 case SSL_BYPASS_PKCS11: on = ss->opt.bypassPKCS11; break;
845 case SSL_NO_LOCKS: on = ss->opt.noLocks; break;
846 case SSL_ENABLE_SESSION_TICKETS:
847 on = ss->opt.enableSessionTickets;
849 case SSL_ENABLE_DEFLATE: on = ss->opt.enableDeflate; break;
850 case SSL_ENABLE_RENEGOTIATION:
851 on = ss->opt.enableRenegotiation; break;
852 case SSL_REQUIRE_SAFE_NEGOTIATION:
853 on = ss->opt.requireSafeNegotiation; break;
854 case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break;
855 case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break;
856 case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break;
857 case SSL_ENABLE_NPN: on = ss->opt.enableNPN; break;
858 case SSL_ENABLE_ALPN: on = ss->opt.enableALPN; break;
861 PORT_SetError(SEC_ERROR_INVALID_ARGS);
865 ssl_ReleaseSSL3HandshakeLock(ss);
866 ssl_Release1stHandshakeLock(ss);
873 SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
875 SECStatus rv = SECSuccess;
876 PRBool on = PR_FALSE;
879 PORT_SetError(SEC_ERROR_INVALID_ARGS);
883 ssl_SetDefaultsFromEnvironment();
886 case SSL_SOCKS: on = PR_FALSE; break;
887 case SSL_SECURITY: on = ssl_defaults.useSecurity; break;
888 case SSL_REQUEST_CERTIFICATE: on = ssl_defaults.requestCertificate; break;
889 case SSL_REQUIRE_CERTIFICATE: on = ssl_defaults.requireCertificate; break;
890 case SSL_HANDSHAKE_AS_CLIENT: on = ssl_defaults.handshakeAsClient; break;
891 case SSL_HANDSHAKE_AS_SERVER: on = ssl_defaults.handshakeAsServer; break;
893 on = versions_defaults_stream.max >= SSL_LIBRARY_VERSION_TLS_1_0;
895 case SSL_ENABLE_SSL3:
896 on = versions_defaults_stream.min == SSL_LIBRARY_VERSION_3_0;
898 case SSL_ENABLE_SSL2: on = ssl_defaults.enableSSL2; break;
899 case SSL_NO_CACHE: on = ssl_defaults.noCache; break;
900 case SSL_ENABLE_FDX: on = ssl_defaults.fdx; break;
901 case SSL_V2_COMPATIBLE_HELLO: on = ssl_defaults.v2CompatibleHello; break;
902 case SSL_ROLLBACK_DETECTION: on = ssl_defaults.detectRollBack; break;
903 case SSL_NO_STEP_DOWN: on = ssl_defaults.noStepDown; break;
904 case SSL_BYPASS_PKCS11: on = ssl_defaults.bypassPKCS11; break;
905 case SSL_NO_LOCKS: on = ssl_defaults.noLocks; break;
906 case SSL_ENABLE_SESSION_TICKETS:
907 on = ssl_defaults.enableSessionTickets;
909 case SSL_ENABLE_DEFLATE: on = ssl_defaults.enableDeflate; break;
910 case SSL_ENABLE_RENEGOTIATION:
911 on = ssl_defaults.enableRenegotiation; break;
912 case SSL_REQUIRE_SAFE_NEGOTIATION:
913 on = ssl_defaults.requireSafeNegotiation;
915 case SSL_ENABLE_FALSE_START: on = ssl_defaults.enableFalseStart; break;
916 case SSL_CBC_RANDOM_IV: on = ssl_defaults.cbcRandomIV; break;
917 case SSL_ENABLE_OCSP_STAPLING:
918 on = ssl_defaults.enableOCSPStapling;
920 case SSL_ENABLE_NPN: on = ssl_defaults.enableNPN; break;
921 case SSL_ENABLE_ALPN: on = ssl_defaults.enableALPN; break;
924 PORT_SetError(SEC_ERROR_INVALID_ARGS);
932 /* XXX Use Global Lock to protect this stuff. */
934 SSL_EnableDefault(int which, PRBool on)
936 return SSL_OptionSetDefault(which, on);
940 SSL_OptionSetDefault(PRInt32 which, PRBool on)
942 SECStatus status = ssl_Init();
944 if (status != SECSuccess) {
948 ssl_SetDefaultsFromEnvironment();
952 ssl_defaults.useSocks = PR_FALSE;
954 PORT_SetError(SEC_ERROR_INVALID_ARGS);
960 ssl_defaults.useSecurity = on;
963 case SSL_REQUEST_CERTIFICATE:
964 ssl_defaults.requestCertificate = on;
967 case SSL_REQUIRE_CERTIFICATE:
968 ssl_defaults.requireCertificate = on;
971 case SSL_HANDSHAKE_AS_CLIENT:
972 if ( ssl_defaults.handshakeAsServer && on ) {
973 PORT_SetError(SEC_ERROR_INVALID_ARGS);
976 ssl_defaults.handshakeAsClient = on;
979 case SSL_HANDSHAKE_AS_SERVER:
980 if ( ssl_defaults.handshakeAsClient && on ) {
981 PORT_SetError(SEC_ERROR_INVALID_ARGS);
984 ssl_defaults.handshakeAsServer = on;
988 ssl_EnableTLS(&versions_defaults_stream, on);
991 case SSL_ENABLE_SSL3:
992 ssl_EnableSSL3(&versions_defaults_stream, on);
995 case SSL_ENABLE_SSL2:
996 ssl_defaults.enableSSL2 = on;
998 ssl_defaults.v2CompatibleHello = on;
1003 ssl_defaults.noCache = on;
1006 case SSL_ENABLE_FDX:
1007 if (on && ssl_defaults.noLocks) {
1008 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1011 ssl_defaults.fdx = on;
1014 case SSL_V2_COMPATIBLE_HELLO:
1015 ssl_defaults.v2CompatibleHello = on;
1017 ssl_defaults.enableSSL2 = on;
1021 case SSL_ROLLBACK_DETECTION:
1022 ssl_defaults.detectRollBack = on;
1025 case SSL_NO_STEP_DOWN:
1026 ssl_defaults.noStepDown = on;
1028 SSL_DisableDefaultExportCipherSuites();
1031 case SSL_BYPASS_PKCS11:
1032 if (PR_FALSE != on) {
1033 if (PR_SUCCESS == SSL_BypassSetup()) {
1034 #ifdef NO_PKCS11_BYPASS
1035 ssl_defaults.bypassPKCS11 = PR_FALSE;
1037 ssl_defaults.bypassPKCS11 = on;
1043 ssl_defaults.bypassPKCS11 = PR_FALSE;
1048 if (on && ssl_defaults.fdx) {
1049 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1052 if (on && ssl_force_locks)
1053 on = PR_FALSE; /* silent override */
1054 ssl_defaults.noLocks = on;
1056 locksEverDisabled = PR_TRUE;
1057 strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
1061 case SSL_ENABLE_SESSION_TICKETS:
1062 ssl_defaults.enableSessionTickets = on;
1065 case SSL_ENABLE_DEFLATE:
1066 ssl_defaults.enableDeflate = on;
1069 case SSL_ENABLE_RENEGOTIATION:
1070 ssl_defaults.enableRenegotiation = on;
1073 case SSL_REQUIRE_SAFE_NEGOTIATION:
1074 ssl_defaults.requireSafeNegotiation = on;
1077 case SSL_ENABLE_FALSE_START:
1078 ssl_defaults.enableFalseStart = on;
1081 case SSL_CBC_RANDOM_IV:
1082 ssl_defaults.cbcRandomIV = on;
1085 case SSL_ENABLE_OCSP_STAPLING:
1086 ssl_defaults.enableOCSPStapling = on;
1089 case SSL_ENABLE_NPN:
1090 ssl_defaults.enableNPN = on;
1093 case SSL_ENABLE_ALPN:
1094 ssl_defaults.enableALPN = on;
1098 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1104 /* function tells us if the cipher suite is one that we no longer support. */
1106 ssl_IsRemovedCipherSuite(PRInt32 suite)
1109 case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
1110 case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:
1111 case SSL_FORTEZZA_DMS_WITH_RC4_128_SHA:
1118 /* Part of the public NSS API.
1119 * Since this is a global (not per-socket) setting, we cannot use the
1120 * HandshakeLock to protect this. Probably want a global lock.
1123 SSL_SetPolicy(long which, int policy)
1125 if ((which & 0xfffe) == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) {
1126 /* one of the two old FIPS ciphers */
1127 if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA)
1128 which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA;
1129 else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA)
1130 which = SSL_RSA_FIPS_WITH_DES_CBC_SHA;
1132 if (ssl_IsRemovedCipherSuite(which))
1134 return SSL_CipherPolicySet(which, policy);
1138 SSL_CipherPolicySet(PRInt32 which, PRInt32 policy)
1140 SECStatus rv = ssl_Init();
1142 if (rv != SECSuccess) {
1146 if (ssl_IsRemovedCipherSuite(which)) {
1148 } else if (SSL_IS_SSL2_CIPHER(which)) {
1149 rv = ssl2_SetPolicy(which, policy);
1151 rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy);
1157 SSL_CipherPolicyGet(PRInt32 which, PRInt32 *oPolicy)
1162 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1165 if (ssl_IsRemovedCipherSuite(which)) {
1166 *oPolicy = SSL_NOT_ALLOWED;
1168 } else if (SSL_IS_SSL2_CIPHER(which)) {
1169 rv = ssl2_GetPolicy(which, oPolicy);
1171 rv = ssl3_GetPolicy((ssl3CipherSuite)which, oPolicy);
1176 /* Part of the public NSS API.
1177 * Since this is a global (not per-socket) setting, we cannot use the
1178 * HandshakeLock to protect this. Probably want a global lock.
1179 * These changes have no effect on any sslSockets already created.
1182 SSL_EnableCipher(long which, PRBool enabled)
1184 if ((which & 0xfffe) == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) {
1185 /* one of the two old FIPS ciphers */
1186 if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA)
1187 which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA;
1188 else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA)
1189 which = SSL_RSA_FIPS_WITH_DES_CBC_SHA;
1191 if (ssl_IsRemovedCipherSuite(which))
1193 return SSL_CipherPrefSetDefault(which, enabled);
1197 SSL_CipherPrefSetDefault(PRInt32 which, PRBool enabled)
1199 SECStatus rv = ssl_Init();
1201 if (rv != SECSuccess) {
1205 if (ssl_IsRemovedCipherSuite(which))
1207 if (enabled && ssl_defaults.noStepDown && SSL_IsExportCipherSuite(which)) {
1208 PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
1211 if (SSL_IS_SSL2_CIPHER(which)) {
1212 rv = ssl2_CipherPrefSetDefault(which, enabled);
1214 rv = ssl3_CipherPrefSetDefault((ssl3CipherSuite)which, enabled);
1220 SSL_CipherPrefGetDefault(PRInt32 which, PRBool *enabled)
1225 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1228 if (ssl_IsRemovedCipherSuite(which)) {
1229 *enabled = PR_FALSE;
1231 } else if (SSL_IS_SSL2_CIPHER(which)) {
1232 rv = ssl2_CipherPrefGetDefault(which, enabled);
1234 rv = ssl3_CipherPrefGetDefault((ssl3CipherSuite)which, enabled);
1240 SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled)
1243 sslSocket *ss = ssl_FindSocket(fd);
1246 SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefSet", SSL_GETPID(), fd));
1249 if (ssl_IsRemovedCipherSuite(which))
1251 if (enabled && ss->opt.noStepDown && SSL_IsExportCipherSuite(which)) {
1252 PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
1255 if (SSL_IS_SSL2_CIPHER(which)) {
1256 rv = ssl2_CipherPrefSet(ss, which, enabled);
1258 rv = ssl3_CipherPrefSet(ss, (ssl3CipherSuite)which, enabled);
1264 SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 which, PRBool *enabled)
1267 sslSocket *ss = ssl_FindSocket(fd);
1270 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1274 SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefGet", SSL_GETPID(), fd));
1275 *enabled = PR_FALSE;
1278 if (ssl_IsRemovedCipherSuite(which)) {
1279 *enabled = PR_FALSE;
1281 } else if (SSL_IS_SSL2_CIPHER(which)) {
1282 rv = ssl2_CipherPrefGet(ss, which, enabled);
1284 rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled);
1290 NSS_SetDomesticPolicy(void)
1292 SECStatus status = SECSuccess;
1293 const PRUint16 *cipher;
1295 for (cipher = SSL_ImplementedCiphers; *cipher != 0; ++cipher) {
1296 status = SSL_SetPolicy(*cipher, SSL_ALLOWED);
1297 if (status != SECSuccess)
1304 NSS_SetExportPolicy(void)
1306 return NSS_SetDomesticPolicy();
1310 NSS_SetFrancePolicy(void)
1312 return NSS_SetDomesticPolicy();
1319 ssl_ImportFD(PRFileDesc *model, PRFileDesc *fd, SSLProtocolVariant variant)
1321 sslSocket * ns = NULL;
1324 SECStatus status = ssl_Init();
1326 if (status != SECSuccess) {
1330 if (model == NULL) {
1331 /* Just create a default socket if we're given NULL for the model */
1332 ns = ssl_NewSocket((PRBool)(!ssl_defaults.noLocks), variant);
1334 sslSocket * ss = ssl_FindSocket(model);
1335 if (ss == NULL || ss->protocolVariant != variant) {
1336 SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ImportFD",
1337 SSL_GETPID(), model));
1340 ns = ssl_DupSocket(ss);
1345 rv = ssl_PushIOLayer(ns, fd, PR_TOP_IO_LAYER);
1346 if (rv != PR_SUCCESS) {
1351 #if defined(DEBUG) || defined(FORCE_PR_ASSERT)
1353 sslSocket * ss = ssl_FindSocket(fd);
1354 PORT_Assert(ss == ns);
1357 ns->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ns, &addr));
1362 SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd)
1364 return ssl_ImportFD(model, fd, ssl_variant_stream);
1368 DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd)
1370 return ssl_ImportFD(model, fd, ssl_variant_datagram);
1373 /* SSL_SetNextProtoCallback is used to select an application protocol
1374 * for ALPN and NPN. For ALPN, this runs on the server; for NPN it
1375 * runs on the client. */
1376 /* Note: The ALPN version doesn't allow for the use of a default, setting a
1377 * status of SSL_NEXT_PROTO_NO_OVERLAP is treated as a failure. */
1379 SSL_SetNextProtoCallback(PRFileDesc *fd, SSLNextProtoCallback callback,
1382 sslSocket *ss = ssl_FindSocket(fd);
1385 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoCallback", SSL_GETPID(),
1390 ssl_GetSSL3HandshakeLock(ss);
1391 ss->nextProtoCallback = callback;
1392 ss->nextProtoArg = arg;
1393 ssl_ReleaseSSL3HandshakeLock(ss);
1398 /* ssl_NextProtoNegoCallback is set as an ALPN/NPN callback when
1399 * SSL_SetNextProtoNego is used.
1402 ssl_NextProtoNegoCallback(void *arg, PRFileDesc *fd,
1403 const unsigned char *protos, unsigned int protos_len,
1404 unsigned char *protoOut, unsigned int *protoOutLen,
1405 unsigned int protoMaxLen)
1408 const unsigned char *result;
1409 sslSocket *ss = ssl_FindSocket(fd);
1412 SSL_DBG(("%d: SSL[%d]: bad socket in ssl_NextProtoNegoCallback",
1417 /* For each protocol in server preference, see if we support it. */
1418 for (i = 0; i < protos_len; ) {
1419 for (j = 0; j < ss->opt.nextProtoNego.len; ) {
1420 if (protos[i] == ss->opt.nextProtoNego.data[j] &&
1421 PORT_Memcmp(&protos[i+1], &ss->opt.nextProtoNego.data[j+1],
1423 /* We found a match. */
1424 ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NEGOTIATED;
1425 result = &protos[i];
1428 j += 1 + (unsigned int)ss->opt.nextProtoNego.data[j];
1430 i += 1 + (unsigned int)protos[i];
1433 /* The other side supports the extension, and either doesn't have any
1434 * protocols configured, or none of its options match ours. In this case we
1435 * request our favoured protocol. */
1436 /* This will be treated as a failure for ALPN. */
1437 ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NO_OVERLAP;
1438 result = ss->opt.nextProtoNego.data;
1441 if (protoMaxLen < result[0]) {
1442 PORT_SetError(SEC_ERROR_OUTPUT_LEN);
1445 memcpy(protoOut, result + 1, result[0]);
1446 *protoOutLen = result[0];
1451 SSL_SetNextProtoNego(PRFileDesc *fd, const unsigned char *data,
1452 unsigned int length)
1456 SECItem dataItem = { siBuffer, (unsigned char *) data, length };
1458 ss = ssl_FindSocket(fd);
1460 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoNego",
1465 if (ssl3_ValidateNextProtoNego(data, length) != SECSuccess)
1468 ssl_GetSSL3HandshakeLock(ss);
1469 SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE);
1470 rv = SECITEM_CopyItem(NULL, &ss->opt.nextProtoNego, &dataItem);
1471 ssl_ReleaseSSL3HandshakeLock(ss);
1473 if (rv != SECSuccess)
1476 return SSL_SetNextProtoCallback(fd, ssl_NextProtoNegoCallback, NULL);
1480 SSL_GetNextProto(PRFileDesc *fd, SSLNextProtoState *state, unsigned char *buf,
1481 unsigned int *bufLen, unsigned int bufLenMax)
1483 sslSocket *ss = ssl_FindSocket(fd);
1486 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNextProto", SSL_GETPID(),
1491 if (!state || !buf || !bufLen) {
1492 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1496 *state = ss->ssl3.nextProtoState;
1498 if (ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NO_SUPPORT &&
1499 ss->ssl3.nextProto.data) {
1500 if (ss->ssl3.nextProto.len > bufLenMax) {
1501 PORT_SetError(SEC_ERROR_OUTPUT_LEN);
1504 PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len);
1505 *bufLen = ss->ssl3.nextProto.len;
1513 SECStatus SSL_SetSRTPCiphers(PRFileDesc *fd,
1514 const PRUint16 *ciphers,
1515 unsigned int numCiphers)
1520 ss = ssl_FindSocket(fd);
1521 if (!ss || !IS_DTLS(ss)) {
1522 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSRTPCiphers",
1524 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1528 if (numCiphers > MAX_DTLS_SRTP_CIPHER_SUITES) {
1529 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1533 ss->ssl3.dtlsSRTPCipherCount = 0;
1534 for (i = 0; i < numCiphers; i++) {
1535 const PRUint16 *srtpCipher = srtpCiphers;
1537 while (*srtpCipher) {
1538 if (ciphers[i] == *srtpCipher)
1543 ss->ssl3.dtlsSRTPCiphers[ss->ssl3.dtlsSRTPCipherCount++] =
1546 SSL_DBG(("%d: SSL[%d]: invalid or unimplemented SRTP cipher "
1547 "suite specified: 0x%04hx", SSL_GETPID(), fd,
1552 if (ss->ssl3.dtlsSRTPCipherCount == 0) {
1553 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1561 SSL_GetSRTPCipher(PRFileDesc *fd, PRUint16 *cipher)
1565 ss = ssl_FindSocket(fd);
1567 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetSRTPCipher",
1569 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1573 if (!ss->ssl3.dtlsSRTPCipherSuite) {
1574 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1578 *cipher = ss->ssl3.dtlsSRTPCipherSuite;
1583 SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
1585 sslSocket * sm = NULL, *ss = NULL;
1587 sslServerCerts * mc = NULL;
1588 sslServerCerts * sc = NULL;
1590 if (model == NULL) {
1591 PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
1594 sm = ssl_FindSocket(model);
1596 SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ReconfigFD",
1597 SSL_GETPID(), model));
1600 ss = ssl_FindSocket(fd);
1603 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1608 ss->vrange = sm->vrange;
1609 PORT_Memcpy(ss->cipherSuites, sm->cipherSuites, sizeof sm->cipherSuites);
1610 PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, sm->ssl3.dtlsSRTPCiphers,
1611 sizeof(PRUint16) * sm->ssl3.dtlsSRTPCipherCount);
1612 ss->ssl3.dtlsSRTPCipherCount = sm->ssl3.dtlsSRTPCipherCount;
1614 if (!ss->opt.useSecurity) {
1615 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1618 /* This int should be SSLKEAType, but CC on Irix complains,
1619 * during the for loop.
1621 for (i=kt_null; i < kt_kea_size; i++) {
1622 mc = &(sm->serverCerts[i]);
1623 sc = &(ss->serverCerts[i]);
1624 if (mc->serverCert && mc->serverCertChain) {
1625 if (sc->serverCert) {
1626 CERT_DestroyCertificate(sc->serverCert);
1628 sc->serverCert = CERT_DupCertificate(mc->serverCert);
1629 if (sc->serverCertChain) {
1630 CERT_DestroyCertificateList(sc->serverCertChain);
1632 sc->serverCertChain = CERT_DupCertList(mc->serverCertChain);
1633 if (!sc->serverCertChain)
1635 if (sm->certStatusArray[i]) {
1636 if (ss->certStatusArray[i]) {
1637 SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE);
1638 ss->certStatusArray[i] = NULL;
1640 ss->certStatusArray[i] = SECITEM_DupArray(NULL, sm->certStatusArray[i]);
1641 if (!ss->certStatusArray[i])
1645 if (mc->serverKeyPair) {
1646 if (sc->serverKeyPair) {
1647 ssl3_FreeKeyPair(sc->serverKeyPair);
1649 sc->serverKeyPair = ssl3_GetKeyPairRef(mc->serverKeyPair);
1650 sc->serverKeyBits = mc->serverKeyBits;
1653 if (sm->stepDownKeyPair) {
1654 if (ss->stepDownKeyPair) {
1655 ssl3_FreeKeyPair(ss->stepDownKeyPair);
1657 ss->stepDownKeyPair = ssl3_GetKeyPairRef(sm->stepDownKeyPair);
1659 if (sm->ephemeralECDHKeyPair) {
1660 if (ss->ephemeralECDHKeyPair) {
1661 ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
1663 ss->ephemeralECDHKeyPair =
1664 ssl3_GetKeyPairRef(sm->ephemeralECDHKeyPair);
1666 /* copy trust anchor names */
1667 if (sm->ssl3.ca_list) {
1668 if (ss->ssl3.ca_list) {
1669 CERT_FreeDistNames(ss->ssl3.ca_list);
1671 ss->ssl3.ca_list = CERT_DupDistNames(sm->ssl3.ca_list);
1672 if (!ss->ssl3.ca_list) {
1677 if (sm->authCertificate)
1678 ss->authCertificate = sm->authCertificate;
1679 if (sm->authCertificateArg)
1680 ss->authCertificateArg = sm->authCertificateArg;
1681 if (sm->getClientAuthData)
1682 ss->getClientAuthData = sm->getClientAuthData;
1683 if (sm->getClientAuthDataArg)
1684 ss->getClientAuthDataArg = sm->getClientAuthDataArg;
1685 if (sm->sniSocketConfig)
1686 ss->sniSocketConfig = sm->sniSocketConfig;
1687 if (sm->sniSocketConfigArg)
1688 ss->sniSocketConfigArg = sm->sniSocketConfigArg;
1689 if (sm->handleBadCert)
1690 ss->handleBadCert = sm->handleBadCert;
1692 ss->badCertArg = sm->badCertArg;
1693 if (sm->handshakeCallback)
1694 ss->handshakeCallback = sm->handshakeCallback;
1695 if (sm->handshakeCallbackData)
1696 ss->handshakeCallbackData = sm->handshakeCallbackData;
1697 if (sm->pkcs11PinArg)
1698 ss->pkcs11PinArg = sm->pkcs11PinArg;
1705 ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant,
1706 SSL3ProtocolVersion version)
1708 switch (protocolVariant) {
1709 case ssl_variant_stream:
1710 return (version >= SSL_LIBRARY_VERSION_3_0 &&
1711 version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED);
1712 case ssl_variant_datagram:
1713 return (version >= SSL_LIBRARY_VERSION_TLS_1_1 &&
1714 version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED);
1716 /* Can't get here */
1717 PORT_Assert(PR_FALSE);
1722 /* Returns PR_TRUE if the given version range is valid and
1723 ** fully supported; otherwise, returns PR_FALSE.
1726 ssl3_VersionRangeIsValid(SSLProtocolVariant protocolVariant,
1727 const SSLVersionRange *vrange)
1730 vrange->min <= vrange->max &&
1731 ssl3_VersionIsSupported(protocolVariant, vrange->min) &&
1732 ssl3_VersionIsSupported(protocolVariant, vrange->max);
1736 SSL_VersionRangeGetSupported(SSLProtocolVariant protocolVariant,
1737 SSLVersionRange *vrange)
1740 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1744 switch (protocolVariant) {
1745 case ssl_variant_stream:
1746 vrange->min = SSL_LIBRARY_VERSION_3_0;
1747 vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED;
1749 case ssl_variant_datagram:
1750 vrange->min = SSL_LIBRARY_VERSION_TLS_1_1;
1751 vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED;
1754 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1762 SSL_VersionRangeGetDefault(SSLProtocolVariant protocolVariant,
1763 SSLVersionRange *vrange)
1765 if ((protocolVariant != ssl_variant_stream &&
1766 protocolVariant != ssl_variant_datagram) || !vrange) {
1767 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1771 *vrange = *VERSIONS_DEFAULTS(protocolVariant);
1777 SSL_VersionRangeSetDefault(SSLProtocolVariant protocolVariant,
1778 const SSLVersionRange *vrange)
1780 if (!ssl3_VersionRangeIsValid(protocolVariant, vrange)) {
1781 PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
1785 *VERSIONS_DEFAULTS(protocolVariant) = *vrange;
1791 SSL_VersionRangeGet(PRFileDesc *fd, SSLVersionRange *vrange)
1793 sslSocket *ss = ssl_FindSocket(fd);
1796 SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeGet",
1802 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1806 ssl_Get1stHandshakeLock(ss);
1807 ssl_GetSSL3HandshakeLock(ss);
1809 *vrange = ss->vrange;
1811 ssl_ReleaseSSL3HandshakeLock(ss);
1812 ssl_Release1stHandshakeLock(ss);
1818 SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange)
1820 sslSocket *ss = ssl_FindSocket(fd);
1823 SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeSet",
1828 if (!ssl3_VersionRangeIsValid(ss->protocolVariant, vrange)) {
1829 PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
1833 ssl_Get1stHandshakeLock(ss);
1834 ssl_GetSSL3HandshakeLock(ss);
1836 ss->vrange = *vrange;
1838 ssl_ReleaseSSL3HandshakeLock(ss);
1839 ssl_Release1stHandshakeLock(ss);
1844 const SECItemArray *
1845 SSL_PeerStapledOCSPResponses(PRFileDesc *fd)
1847 sslSocket *ss = ssl_FindSocket(fd);
1850 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_PeerStapledOCSPResponses",
1855 if (!ss->sec.ci.sid) {
1856 PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
1860 return &ss->sec.ci.sid->peerCertStatus;
1863 /************************************************************************/
1864 /* The following functions are the TOP LEVEL SSL functions.
1865 ** They all get called through the NSPRIOMethods table below.
1868 static PRFileDesc * PR_CALLBACK
1869 ssl_Accept(PRFileDesc *fd, PRNetAddr *sockaddr, PRIntervalTime timeout)
1872 sslSocket *ns = NULL;
1873 PRFileDesc *newfd = NULL;
1877 ss = ssl_GetPrivate(fd);
1879 SSL_DBG(("%d: SSL[%d]: bad socket in accept", SSL_GETPID(), fd));
1883 /* IF this is a listen socket, there shouldn't be any I/O going on */
1884 SSL_LOCK_READER(ss);
1885 SSL_LOCK_WRITER(ss);
1886 ssl_Get1stHandshakeLock(ss);
1887 ssl_GetSSL3HandshakeLock(ss);
1889 ss->cTimeout = timeout;
1891 osfd = ss->fd->lower;
1893 /* First accept connection */
1894 newfd = osfd->methods->accept(osfd, sockaddr, timeout);
1895 if (newfd == NULL) {
1896 SSL_DBG(("%d: SSL[%d]: accept failed, errno=%d",
1897 SSL_GETPID(), ss->fd, PORT_GetError()));
1899 /* Create ssl module */
1900 ns = ssl_DupSocket(ss);
1903 ssl_ReleaseSSL3HandshakeLock(ss);
1904 ssl_Release1stHandshakeLock(ss);
1905 SSL_UNLOCK_WRITER(ss);
1906 SSL_UNLOCK_READER(ss); /* ss isn't used below here. */
1911 /* push ssl module onto the new socket */
1912 status = ssl_PushIOLayer(ns, newfd, PR_TOP_IO_LAYER);
1913 if (status != PR_SUCCESS)
1916 /* Now start server connection handshake with client.
1917 ** Don't need locks here because nobody else has a reference to ns yet.
1919 if ( ns->opt.useSecurity ) {
1920 if ( ns->opt.handshakeAsClient ) {
1921 ns->handshake = ssl2_BeginClientHandshake;
1922 ss->handshaking = sslHandshakingAsClient;
1924 ns->handshake = ssl2_BeginServerHandshake;
1925 ss->handshaking = sslHandshakingAsServer;
1928 ns->TCPconnected = 1;
1939 static PRStatus PR_CALLBACK
1940 ssl_Connect(PRFileDesc *fd, const PRNetAddr *sockaddr, PRIntervalTime timeout)
1945 ss = ssl_GetPrivate(fd);
1947 SSL_DBG(("%d: SSL[%d]: bad socket in connect", SSL_GETPID(), fd));
1951 /* IF this is a listen socket, there shouldn't be any I/O going on */
1952 SSL_LOCK_READER(ss);
1953 SSL_LOCK_WRITER(ss);
1955 ss->cTimeout = timeout;
1956 rv = (PRStatus)(*ss->ops->connect)(ss, sockaddr);
1958 SSL_UNLOCK_WRITER(ss);
1959 SSL_UNLOCK_READER(ss);
1964 static PRStatus PR_CALLBACK
1965 ssl_Bind(PRFileDesc *fd, const PRNetAddr *addr)
1967 sslSocket * ss = ssl_GetPrivate(fd);
1971 SSL_DBG(("%d: SSL[%d]: bad socket in bind", SSL_GETPID(), fd));
1974 SSL_LOCK_READER(ss);
1975 SSL_LOCK_WRITER(ss);
1977 rv = (PRStatus)(*ss->ops->bind)(ss, addr);
1979 SSL_UNLOCK_WRITER(ss);
1980 SSL_UNLOCK_READER(ss);
1984 static PRStatus PR_CALLBACK
1985 ssl_Listen(PRFileDesc *fd, PRIntn backlog)
1987 sslSocket * ss = ssl_GetPrivate(fd);
1991 SSL_DBG(("%d: SSL[%d]: bad socket in listen", SSL_GETPID(), fd));
1994 SSL_LOCK_READER(ss);
1995 SSL_LOCK_WRITER(ss);
1997 rv = (PRStatus)(*ss->ops->listen)(ss, backlog);
1999 SSL_UNLOCK_WRITER(ss);
2000 SSL_UNLOCK_READER(ss);
2004 static PRStatus PR_CALLBACK
2005 ssl_Shutdown(PRFileDesc *fd, PRIntn how)
2007 sslSocket * ss = ssl_GetPrivate(fd);
2011 SSL_DBG(("%d: SSL[%d]: bad socket in shutdown", SSL_GETPID(), fd));
2014 if (how == PR_SHUTDOWN_RCV || how == PR_SHUTDOWN_BOTH) {
2015 SSL_LOCK_READER(ss);
2017 if (how == PR_SHUTDOWN_SEND || how == PR_SHUTDOWN_BOTH) {
2018 SSL_LOCK_WRITER(ss);
2021 rv = (PRStatus)(*ss->ops->shutdown)(ss, how);
2023 if (how == PR_SHUTDOWN_SEND || how == PR_SHUTDOWN_BOTH) {
2024 SSL_UNLOCK_WRITER(ss);
2026 if (how == PR_SHUTDOWN_RCV || how == PR_SHUTDOWN_BOTH) {
2027 SSL_UNLOCK_READER(ss);
2032 static PRStatus PR_CALLBACK
2033 ssl_Close(PRFileDesc *fd)
2038 ss = ssl_GetPrivate(fd);
2040 SSL_DBG(("%d: SSL[%d]: bad socket in close", SSL_GETPID(), fd));
2044 /* There must not be any I/O going on */
2045 SSL_LOCK_READER(ss);
2046 SSL_LOCK_WRITER(ss);
2048 /* By the time this function returns,
2049 ** ss is an invalid pointer, and the locks to which it points have
2050 ** been unlocked and freed. So, this is the ONE PLACE in all of SSL
2051 ** where the LOCK calls and the corresponding UNLOCK calls are not in
2052 ** the same function scope. The unlock calls are in ssl_FreeSocket().
2054 rv = (PRStatus)(*ss->ops->close)(ss);
2059 static int PR_CALLBACK
2060 ssl_Recv(PRFileDesc *fd, void *buf, PRInt32 len, PRIntn flags,
2061 PRIntervalTime timeout)
2066 ss = ssl_GetPrivate(fd);
2068 SSL_DBG(("%d: SSL[%d]: bad socket in recv", SSL_GETPID(), fd));
2071 SSL_LOCK_READER(ss);
2072 ss->rTimeout = timeout;
2074 ss->wTimeout = timeout;
2075 rv = (*ss->ops->recv)(ss, (unsigned char*)buf, len, flags);
2076 SSL_UNLOCK_READER(ss);
2080 static int PR_CALLBACK
2081 ssl_Send(PRFileDesc *fd, const void *buf, PRInt32 len, PRIntn flags,
2082 PRIntervalTime timeout)
2087 ss = ssl_GetPrivate(fd);
2089 SSL_DBG(("%d: SSL[%d]: bad socket in send", SSL_GETPID(), fd));
2092 SSL_LOCK_WRITER(ss);
2093 ss->wTimeout = timeout;
2095 ss->rTimeout = timeout;
2096 rv = (*ss->ops->send)(ss, (const unsigned char*)buf, len, flags);
2097 SSL_UNLOCK_WRITER(ss);
2101 static int PR_CALLBACK
2102 ssl_Read(PRFileDesc *fd, void *buf, PRInt32 len)
2107 ss = ssl_GetPrivate(fd);
2109 SSL_DBG(("%d: SSL[%d]: bad socket in read", SSL_GETPID(), fd));
2112 SSL_LOCK_READER(ss);
2113 ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
2115 ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
2116 rv = (*ss->ops->read)(ss, (unsigned char*)buf, len);
2117 SSL_UNLOCK_READER(ss);
2121 static int PR_CALLBACK
2122 ssl_Write(PRFileDesc *fd, const void *buf, PRInt32 len)
2127 ss = ssl_GetPrivate(fd);
2129 SSL_DBG(("%d: SSL[%d]: bad socket in write", SSL_GETPID(), fd));
2132 SSL_LOCK_WRITER(ss);
2133 ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
2135 ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
2136 rv = (*ss->ops->write)(ss, (const unsigned char*)buf, len);
2137 SSL_UNLOCK_WRITER(ss);
2141 static PRStatus PR_CALLBACK
2142 ssl_GetPeerName(PRFileDesc *fd, PRNetAddr *addr)
2146 ss = ssl_GetPrivate(fd);
2148 SSL_DBG(("%d: SSL[%d]: bad socket in getpeername", SSL_GETPID(), fd));
2151 return (PRStatus)(*ss->ops->getpeername)(ss, addr);
2157 ssl_GetPeerInfo(sslSocket *ss)
2163 osfd = ss->fd->lower;
2165 PORT_Memset(&sin, 0, sizeof(sin));
2166 rv = osfd->methods->getpeername(osfd, &sin);
2170 ss->TCPconnected = 1;
2171 if (sin.inet.family == PR_AF_INET) {
2172 PR_ConvertIPv4AddrToIPv6(sin.inet.ip, &ss->sec.ci.peer);
2173 ss->sec.ci.port = sin.inet.port;
2174 } else if (sin.ipv6.family == PR_AF_INET6) {
2175 ss->sec.ci.peer = sin.ipv6.ip;
2176 ss->sec.ci.port = sin.ipv6.port;
2178 PORT_SetError(PR_ADDRESS_NOT_SUPPORTED_ERROR);
2184 static PRStatus PR_CALLBACK
2185 ssl_GetSockName(PRFileDesc *fd, PRNetAddr *name)
2189 ss = ssl_GetPrivate(fd);
2191 SSL_DBG(("%d: SSL[%d]: bad socket in getsockname", SSL_GETPID(), fd));
2194 return (PRStatus)(*ss->ops->getsockname)(ss, name);
2198 SSL_SetStapledOCSPResponses(PRFileDesc *fd, const SECItemArray *responses,
2203 ss = ssl_FindSocket(fd);
2205 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetStapledOCSPResponses",
2210 if ( kea <= 0 || kea >= kt_kea_size) {
2211 SSL_DBG(("%d: SSL[%d]: invalid key in SSL_SetStapledOCSPResponses",
2216 if (ss->certStatusArray[kea]) {
2217 SECITEM_FreeArray(ss->certStatusArray[kea], PR_TRUE);
2218 ss->certStatusArray[kea] = NULL;
2221 ss->certStatusArray[kea] = SECITEM_DupArray(NULL, responses);
2223 return (ss->certStatusArray[kea] || !responses) ? SECSuccess : SECFailure;
2227 SSL_SetSockPeerID(PRFileDesc *fd, const char *peerID)
2231 ss = ssl_FindSocket(fd);
2233 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSockPeerID",
2239 PORT_Free(ss->peerID);
2243 ss->peerID = PORT_Strdup(peerID);
2244 return (ss->peerID || !peerID) ? SECSuccess : SECFailure;
2247 #define PR_POLL_RW (PR_POLL_WRITE | PR_POLL_READ)
2249 static PRInt16 PR_CALLBACK
2250 ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags)
2253 PRInt16 new_flags = how_flags; /* should select on these flags. */
2257 ss = ssl_GetPrivate(fd);
2259 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_Poll",
2261 return 0; /* don't poll on this socket */
2264 if (ss->opt.useSecurity &&
2265 ss->handshaking != sslHandshakingUndetermined &&
2267 (how_flags & PR_POLL_RW)) {
2268 if (!ss->TCPconnected) {
2269 ss->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ss, &addr));
2271 /* If it's not connected, then presumably the application is polling
2272 ** on read or write appropriately, so don't change it.
2274 if (ss->TCPconnected) {
2275 if (!ss->handshakeBegun) {
2276 /* If the handshake has not begun, poll on read or write
2277 ** based on the local application's role in the handshake,
2278 ** not based on what the application requested.
2280 new_flags &= ~PR_POLL_RW;
2281 if (ss->handshaking == sslHandshakingAsClient) {
2282 new_flags |= PR_POLL_WRITE;
2283 } else { /* handshaking as server */
2284 new_flags |= PR_POLL_READ;
2287 /* First handshake is in progress */
2288 if (ss->lastWriteBlocked) {
2289 if (new_flags & PR_POLL_READ) {
2290 /* The caller is waiting for data to be received,
2291 ** but the initial handshake is blocked on write, or the
2292 ** client's first handshake record has not been written.
2293 ** The code should select on write, not read.
2295 new_flags ^= PR_POLL_READ; /* don't select on read. */
2296 new_flags |= PR_POLL_WRITE; /* do select on write. */
2298 } else if (new_flags & PR_POLL_WRITE) {
2299 /* The caller is trying to write, but the handshake is
2300 ** blocked waiting for data to read, and the first
2301 ** handshake has been sent. So do NOT to poll on write
2302 ** unless we did false start.
2304 if (!(ss->version >= SSL_LIBRARY_VERSION_3_0 &&
2305 ss->ssl3.hs.canFalseStart)) {
2306 new_flags ^= PR_POLL_WRITE; /* don't select on write. */
2308 new_flags |= PR_POLL_READ; /* do select on read. */
2311 } else if ((new_flags & PR_POLL_READ) && (SSL_DataPending(fd) > 0)) {
2312 *p_out_flags = PR_POLL_READ; /* it's ready already. */
2314 } else if ((ss->lastWriteBlocked) && (how_flags & PR_POLL_READ) &&
2315 (ss->pendingBuf.len != 0)) { /* write data waiting to be sent */
2316 new_flags |= PR_POLL_WRITE; /* also select on write. */
2319 if (ss->version >= SSL_LIBRARY_VERSION_3_0 &&
2320 ss->ssl3.hs.restartTarget != NULL) {
2321 /* Read and write will block until the asynchronous callback completes
2322 * (e.g. until SSL_AuthCertificateComplete is called), so don't tell
2323 * the caller to poll the socket unless there is pending write data.
2325 if (ss->lastWriteBlocked && ss->pendingBuf.len != 0) {
2326 /* Ignore any newly-received data on the socket, but do wait for
2327 * the socket to become writable again. Here, it is OK for an error
2328 * to be detected, because our logic for sending pending write data
2329 * will allow us to report the error to the caller without the risk
2330 * of the application spinning.
2332 new_flags &= (PR_POLL_WRITE | PR_POLL_EXCEPT);
2334 /* Unfortunately, clearing new_flags will make it impossible for
2335 * the application to detect errors that it would otherwise be
2336 * able to detect with PR_POLL_EXCEPT, until the asynchronous
2337 * callback completes. However, we must clear all the flags to
2338 * prevent the application from spinning (alternating between
2339 * calling PR_Poll that would return PR_POLL_EXCEPT, and send/recv
2340 * which won't actually report the I/O error while we are waiting
2341 * for the asynchronous callback to complete).
2347 if (new_flags && (fd->lower->methods->poll != NULL)) {
2348 PRInt16 lower_out_flags = 0;
2349 PRInt16 lower_new_flags;
2350 lower_new_flags = fd->lower->methods->poll(fd->lower, new_flags,
2352 if ((lower_new_flags & lower_out_flags) && (how_flags != new_flags)) {
2353 PRInt16 out_flags = lower_out_flags & ~PR_POLL_RW;
2354 if (lower_out_flags & PR_POLL_READ)
2355 out_flags |= PR_POLL_WRITE;
2356 if (lower_out_flags & PR_POLL_WRITE)
2357 out_flags |= PR_POLL_READ;
2358 *p_out_flags = out_flags;
2359 new_flags = how_flags;
2361 *p_out_flags = lower_out_flags;
2362 new_flags = lower_new_flags;
2369 static PRInt32 PR_CALLBACK
2370 ssl_TransmitFile(PRFileDesc *sd, PRFileDesc *fd,
2371 const void *headers, PRInt32 hlen,
2372 PRTransmitFileFlags flags, PRIntervalTime timeout)
2377 sfd.file_offset = 0;
2378 sfd.file_nbytes = 0;
2379 sfd.header = headers;
2384 return sd->methods->sendfile(sd, &sfd, flags, timeout);
2389 ssl_FdIsBlocking(PRFileDesc *fd)
2391 PRSocketOptionData opt;
2394 opt.option = PR_SockOpt_Nonblocking;
2395 opt.value.non_blocking = PR_FALSE;
2396 status = PR_GetSocketOption(fd, &opt);
2397 if (status != PR_SUCCESS)
2399 return (PRBool)!opt.value.non_blocking;
2403 ssl_SocketIsBlocking(sslSocket *ss)
2405 return ssl_FdIsBlocking(ss->fd);
2408 PRInt32 sslFirstBufSize = 8 * 1024;
2409 PRInt32 sslCopyLimit = 1024;
2411 static PRInt32 PR_CALLBACK
2412 ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors,
2413 PRIntervalTime timeout)
2420 const PRInt32 first_len = sslFirstBufSize;
2421 const PRInt32 limit = sslCopyLimit;
2423 PRIOVec myIov = { 0, 0 };
2424 char buf[MAX_FRAGMENT_LENGTH];
2427 PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
2430 if (vectors > PR_MAX_IOVECTOR_SIZE) {
2431 PORT_SetError(PR_BUFFER_OVERFLOW_ERROR);
2434 for (i = 0; i < vectors; i++) {
2435 if (iov[i].iov_len < 0) {
2436 PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
2440 blocking = ssl_FdIsBlocking(fd);
2442 #define K16 sizeof(buf)
2443 #define KILL_VECTORS while (vectors && !iov->iov_len) { ++iov; --vectors; }
2444 #define GET_VECTOR do { myIov = *iov++; --vectors; KILL_VECTORS } while (0)
2445 #define HANDLE_ERR(rv, len) \
2449 && (PR_GetError() == PR_WOULD_BLOCK_ERROR) \
2456 /* Only a nonblocking socket can have partial sends */ \
2457 PR_ASSERT(!blocking); \
2460 #define SEND(bfr, len) \
2462 rv = ssl_Send(fd, bfr, len, 0, timeout); \
2463 HANDLE_ERR(rv, len) \
2467 /* Make sure the first write is at least 8 KB, if possible. */
2470 return ssl_Send(fd, 0, 0, 0, timeout);
2473 return ssl_Send(fd, myIov.iov_base, myIov.iov_len, 0, timeout);
2475 if (myIov.iov_len < first_len) {
2476 PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len);
2477 bufLen = myIov.iov_len;
2478 left = first_len - bufLen;
2479 while (vectors && left) {
2482 toCopy = PR_MIN(left, myIov.iov_len);
2483 PORT_Memcpy(buf + bufLen, myIov.iov_base, toCopy);
2486 myIov.iov_base += toCopy;
2487 myIov.iov_len -= toCopy;
2489 SEND( buf, bufLen );
2492 while (vectors || myIov.iov_len) {
2494 if (!myIov.iov_len) {
2497 while (myIov.iov_len >= K16) {
2498 SEND(myIov.iov_base, K16);
2499 myIov.iov_base += K16;
2500 myIov.iov_len -= K16;
2505 if (!vectors || myIov.iov_len > limit) {
2507 } else if ((addLen = iov->iov_len % K16) + myIov.iov_len <= limit) {
2508 /* Addlen is already computed. */;
2509 } else if (vectors > 1 &&
2510 iov[1].iov_len % K16 + addLen + myIov.iov_len <= 2 * limit) {
2511 addLen = limit - myIov.iov_len;
2516 SEND( myIov.iov_base, myIov.iov_len );
2520 PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len);
2521 bufLen = myIov.iov_len;
2524 PORT_Memcpy(buf + bufLen, myIov.iov_base, addLen);
2525 myIov.iov_base += addLen;
2526 myIov.iov_len -= addLen;
2529 left = PR_MIN( limit, K16 - bufLen);
2530 if (!vectors /* no more left */
2531 || myIov.iov_len > 0 /* we didn't use that one all up */
2532 || bufLen >= K16 /* it's full. */
2535 } else if ((addLen = iov->iov_len % K16) <= left) {
2536 /* Addlen is already computed. */;
2537 } else if (vectors > 1 &&
2538 iov[1].iov_len % K16 + addLen <= left + limit) {
2544 SEND( buf, bufLen );
2550 * These functions aren't implemented.
2553 static PRInt32 PR_CALLBACK
2554 ssl_Available(PRFileDesc *fd)
2557 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2561 static PRInt64 PR_CALLBACK
2562 ssl_Available64(PRFileDesc *fd)
2567 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2572 static PRStatus PR_CALLBACK
2573 ssl_FSync(PRFileDesc *fd)
2576 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2580 static PRInt32 PR_CALLBACK
2581 ssl_Seek(PRFileDesc *fd, PRInt32 offset, PRSeekWhence how) {
2583 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2587 static PRInt64 PR_CALLBACK
2588 ssl_Seek64(PRFileDesc *fd, PRInt64 offset, PRSeekWhence how) {
2592 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2597 static PRStatus PR_CALLBACK
2598 ssl_FileInfo(PRFileDesc *fd, PRFileInfo *info)
2601 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2605 static PRStatus PR_CALLBACK
2606 ssl_FileInfo64(PRFileDesc *fd, PRFileInfo64 *info)
2609 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2613 static PRInt32 PR_CALLBACK
2614 ssl_RecvFrom(PRFileDesc *fd, void *buf, PRInt32 amount, PRIntn flags,
2615 PRNetAddr *addr, PRIntervalTime timeout)
2618 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2622 static PRInt32 PR_CALLBACK
2623 ssl_SendTo(PRFileDesc *fd, const void *buf, PRInt32 amount, PRIntn flags,
2624 const PRNetAddr *addr, PRIntervalTime timeout)
2627 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2631 static const PRIOMethods ssl_methods = {
2633 ssl_Close, /* close */
2634 ssl_Read, /* read */
2635 ssl_Write, /* write */
2636 ssl_Available, /* available */
2637 ssl_Available64, /* available64 */
2638 ssl_FSync, /* fsync */
2639 ssl_Seek, /* seek */
2640 ssl_Seek64, /* seek64 */
2641 ssl_FileInfo, /* fileInfo */
2642 ssl_FileInfo64, /* fileInfo64 */
2643 ssl_WriteV, /* writev */
2644 ssl_Connect, /* connect */
2645 ssl_Accept, /* accept */
2646 ssl_Bind, /* bind */
2647 ssl_Listen, /* listen */
2648 ssl_Shutdown, /* shutdown */
2649 ssl_Recv, /* recv */
2650 ssl_Send, /* send */
2651 ssl_RecvFrom, /* recvfrom */
2652 ssl_SendTo, /* sendto */
2653 ssl_Poll, /* poll */
2654 PR_EmulateAcceptRead, /* acceptread */
2655 ssl_TransmitFile, /* transmitfile */
2656 ssl_GetSockName, /* getsockname */
2657 ssl_GetPeerName, /* getpeername */
2658 NULL, /* getsockopt OBSOLETE */
2659 NULL, /* setsockopt OBSOLETE */
2660 NULL, /* getsocketoption */
2661 NULL, /* setsocketoption */
2662 PR_EmulateSendFile, /* Send a (partial) file with header/trailer*/
2663 NULL, /* reserved for future use */
2664 NULL, /* reserved for future use */
2665 NULL, /* reserved for future use */
2666 NULL, /* reserved for future use */
2667 NULL /* reserved for future use */
2671 static PRIOMethods combined_methods;
2674 ssl_SetupIOMethods(void)
2676 PRIOMethods *new_methods = &combined_methods;
2677 const PRIOMethods *nspr_methods = PR_GetDefaultIOMethods();
2678 const PRIOMethods *my_methods = &ssl_methods;
2680 *new_methods = *nspr_methods;
2682 new_methods->file_type = my_methods->file_type;
2683 new_methods->close = my_methods->close;
2684 new_methods->read = my_methods->read;
2685 new_methods->write = my_methods->write;
2686 new_methods->available = my_methods->available;
2687 new_methods->available64 = my_methods->available64;
2688 new_methods->fsync = my_methods->fsync;
2689 new_methods->seek = my_methods->seek;
2690 new_methods->seek64 = my_methods->seek64;
2691 new_methods->fileInfo = my_methods->fileInfo;
2692 new_methods->fileInfo64 = my_methods->fileInfo64;
2693 new_methods->writev = my_methods->writev;
2694 new_methods->connect = my_methods->connect;
2695 new_methods->accept = my_methods->accept;
2696 new_methods->bind = my_methods->bind;
2697 new_methods->listen = my_methods->listen;
2698 new_methods->shutdown = my_methods->shutdown;
2699 new_methods->recv = my_methods->recv;
2700 new_methods->send = my_methods->send;
2701 new_methods->recvfrom = my_methods->recvfrom;
2702 new_methods->sendto = my_methods->sendto;
2703 new_methods->poll = my_methods->poll;
2704 new_methods->acceptread = my_methods->acceptread;
2705 new_methods->transmitfile = my_methods->transmitfile;
2706 new_methods->getsockname = my_methods->getsockname;
2707 new_methods->getpeername = my_methods->getpeername;
2708 /* new_methods->getsocketoption = my_methods->getsocketoption; */
2709 /* new_methods->setsocketoption = my_methods->setsocketoption; */
2710 new_methods->sendfile = my_methods->sendfile;
2714 static PRCallOnceType initIoLayerOnce;
2717 ssl_InitIOLayer(void)
2719 ssl_layer_id = PR_GetUniqueIdentity("SSL");
2720 ssl_SetupIOMethods();
2721 ssl_inited = PR_TRUE;
2726 ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack, PRDescIdentity id)
2728 PRFileDesc *layer = NULL;
2732 status = PR_CallOnce(&initIoLayerOnce, &ssl_InitIOLayer);
2733 if (status != PR_SUCCESS)
2740 layer = PR_CreateIOLayerStub(ssl_layer_id, &combined_methods);
2743 layer->secret = (PRFilePrivate *)ns;
2745 /* Here, "stack" points to the PRFileDesc on the top of the stack.
2746 ** "layer" points to a new FD that is to be inserted into the stack.
2747 ** If layer is being pushed onto the top of the stack, then
2748 ** PR_PushIOLayer switches the contents of stack and layer, and then
2749 ** puts stack on top of layer, so that after it is done, the top of
2750 ** stack is the same "stack" as it was before, and layer is now the
2751 ** FD for the former top of stack.
2752 ** After this call, stack always points to the top PRFD on the stack.
2753 ** If this function fails, the contents of stack and layer are as
2754 ** they were before the call.
2756 status = PR_PushIOLayer(stack, id, layer);
2757 if (status != PR_SUCCESS)
2760 ns->fd = (id == PR_TOP_IO_LAYER) ? stack : layer;
2765 layer->dtor(layer); /* free layer */
2770 /* if this fails, caller must destroy socket. */
2772 ssl_MakeLocks(sslSocket *ss)
2774 ss->firstHandshakeLock = PZ_NewMonitor(nssILockSSL);
2775 if (!ss->firstHandshakeLock)
2777 ss->ssl3HandshakeLock = PZ_NewMonitor(nssILockSSL);
2778 if (!ss->ssl3HandshakeLock)
2780 ss->specLock = NSSRWLock_New(SSL_LOCK_RANK_SPEC, NULL);
2783 ss->recvBufLock = PZ_NewMonitor(nssILockSSL);
2784 if (!ss->recvBufLock)
2786 ss->xmitBufLock = PZ_NewMonitor(nssILockSSL);
2787 if (!ss->xmitBufLock)
2789 ss->writerThread = NULL;
2790 if (ssl_lock_readers) {
2791 ss->recvLock = PZ_NewLock(nssILockSSL);
2794 ss->sendLock = PZ_NewLock(nssILockSSL);
2800 ssl_DestroyLocks(ss);
2804 #if defined(XP_UNIX) || defined(XP_WIN32) || defined(XP_BEOS)
2805 #define NSS_HAVE_GETENV 1
2808 #define LOWER(x) (x | 0x20) /* cheap ToLower function ignores LOCALE */
2811 ssl_SetDefaultsFromEnvironment(void)
2813 #if defined( NSS_HAVE_GETENV )
2814 static int firsttime = 1;
2820 ev = getenv("SSLDEBUGFILE");
2822 ssl_trace_iob = fopen(ev, "w");
2824 if (!ssl_trace_iob) {
2825 ssl_trace_iob = stderr;
2828 ev = getenv("SSLTRACE");
2830 ssl_trace = atoi(ev);
2831 SSL_TRACE(("SSL: tracing set to %d", ssl_trace));
2834 ev = getenv("SSLDEBUG");
2836 ssl_debug = atoi(ev);
2837 SSL_TRACE(("SSL: debugging set to %d", ssl_debug));
2840 ev = getenv("SSLKEYLOGFILE");
2842 ssl_keylog_iob = fopen(ev, "a");
2843 if (!ssl_keylog_iob) {
2844 SSL_TRACE(("SSL: failed to open key log file"));
2846 if (ftell(ssl_keylog_iob) == 0) {
2847 fputs("# SSL/TLS secrets log file, generated by NSS\n",
2850 SSL_TRACE(("SSL: logging SSL/TLS secrets to %s", ev));
2853 #ifndef NO_PKCS11_BYPASS
2854 ev = getenv("SSLBYPASS");
2856 ssl_defaults.bypassPKCS11 = (ev[0] == '1');
2857 SSL_TRACE(("SSL: bypass default set to %d", \
2858 ssl_defaults.bypassPKCS11));
2860 #endif /* NO_PKCS11_BYPASS */
2861 ev = getenv("SSLFORCELOCKS");
2862 if (ev && ev[0] == '1') {
2863 ssl_force_locks = PR_TRUE;
2864 ssl_defaults.noLocks = 0;
2865 strcpy(lockStatus + LOCKSTATUS_OFFSET, "FORCED. ");
2866 SSL_TRACE(("SSL: force_locks set to %d", ssl_force_locks));
2868 ev = getenv("NSS_SSL_ENABLE_RENEGOTIATION");
2870 if (ev[0] == '1' || LOWER(ev[0]) == 'u')
2871 ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_UNRESTRICTED;
2872 else if (ev[0] == '0' || LOWER(ev[0]) == 'n')
2873 ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_NEVER;
2874 else if (ev[0] == '2' || LOWER(ev[0]) == 'r')
2875 ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN;
2876 else if (ev[0] == '3' || LOWER(ev[0]) == 't')
2877 ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_TRANSITIONAL;
2878 SSL_TRACE(("SSL: enableRenegotiation set to %d",
2879 ssl_defaults.enableRenegotiation));
2881 ev = getenv("NSS_SSL_REQUIRE_SAFE_NEGOTIATION");
2882 if (ev && ev[0] == '1') {
2883 ssl_defaults.requireSafeNegotiation = PR_TRUE;
2884 SSL_TRACE(("SSL: requireSafeNegotiation set to %d",
2887 ev = getenv("NSS_SSL_CBC_RANDOM_IV");
2888 if (ev && ev[0] == '0') {
2889 ssl_defaults.cbcRandomIV = PR_FALSE;
2890 SSL_TRACE(("SSL: cbcRandomIV set to 0"));
2893 #endif /* NSS_HAVE_GETENV */
2897 ** Create a newsocket structure for a file descriptor.
2900 ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
2904 ssl_SetDefaultsFromEnvironment();
2906 if (ssl_force_locks)
2907 makeLocks = PR_TRUE;
2909 /* Make a new socket and get it ready */
2910 ss = (sslSocket*) PORT_ZAlloc(sizeof(sslSocket));
2912 /* This should be of type SSLKEAType, but CC on IRIX
2913 * complains during the for loop.
2918 ss->opt = ssl_defaults;
2919 ss->opt.useSocks = PR_FALSE;
2920 ss->opt.noLocks = !makeLocks;
2921 ss->vrange = *VERSIONS_DEFAULTS(protocolVariant);
2922 ss->protocolVariant = protocolVariant;
2925 ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
2926 ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
2927 ss->cTimeout = PR_INTERVAL_NO_TIMEOUT;
2928 ss->cipherSpecs = NULL;
2929 ss->sizeCipherSpecs = 0; /* produced lazily */
2930 ss->preferredCipher = NULL;
2933 for (i=kt_null; i < kt_kea_size; i++) {
2934 sslServerCerts * sc = ss->serverCerts + i;
2935 sc->serverCert = NULL;
2936 sc->serverCertChain = NULL;
2937 sc->serverKeyPair = NULL;
2938 sc->serverKeyBits = 0;
2939 ss->certStatusArray[i] = NULL;
2941 ss->stepDownKeyPair = NULL;
2942 ss->dbHandle = CERT_GetDefaultCertDB();
2944 /* Provide default implementation of hooks */
2945 ss->authCertificate = SSL_AuthCertificate;
2946 ss->authCertificateArg = (void *)ss->dbHandle;
2947 ss->sniSocketConfig = NULL;
2948 ss->sniSocketConfigArg = NULL;
2949 ss->getClientAuthData = NULL;
2950 ss->handleBadCert = NULL;
2951 ss->badCertArg = NULL;
2952 ss->pkcs11PinArg = NULL;
2953 ss->ephemeralECDHKeyPair = NULL;
2956 ssl2_InitSocketPolicy(ss);
2957 ssl3_InitSocketPolicy(ss);
2958 PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight);
2961 status = ssl_MakeLocks(ss);
2962 if (status != SECSuccess)
2965 status = ssl_CreateSecurityInfo(ss);
2966 if (status != SECSuccess)
2968 status = ssl_InitGather(&ss->gs);
2969 if (status != SECSuccess) {
2971 ssl_DestroySocketContents(ss);
2972 ssl_DestroyLocks(ss);