15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * This file is PRIVATE to SSL and should be the first thing included by 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * any SSL implementation file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * 52a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) * This Source Code Form is subject to the terms of the Mozilla Public 62a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) * License, v. 2.0. If a copy of the MPL was not distributed with this 72a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#ifndef __sslimpl_h_ 105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define __sslimpl_h_ 115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#ifdef DEBUG 135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#undef NDEBUG 145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#else 155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#undef NDEBUG 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define NDEBUG 175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "secport.h" 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "secerr.h" 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "sslerr.h" 215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "ssl3prot.h" 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "hasht.h" 23c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "keythi.h" 245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "nssilock.h" 255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "pkcs11t.h" 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if defined(XP_UNIX) || defined(XP_BEOS) 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "unistd.h" 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "nssrwlk.h" 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "prthread.h" 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "prclist.h" 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "sslt.h" /* for some formerly private types, now public */ 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#ifdef NSS_PLATFORM_CLIENT_AUTH 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if defined(XP_WIN32) 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <windows.h> 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <wincrypt.h> 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#elif defined(XP_MACOSX) 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <Security/Security.h> 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* to make some of these old enums public without namespace pollution, 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** it was necessary to prepend ssl_ to the names. 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** These #defines preserve compatibility with the old code here in libssl. 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)*/ 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef SSLKEAType SSL3KEAType; 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef SSLMACAlgorithm SSL3MACAlgorithm; 505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef SSLSignType SSL3SignType; 515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define sign_null ssl_sign_null 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define sign_rsa ssl_sign_rsa 545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define sign_dsa ssl_sign_dsa 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define sign_ecdsa ssl_sign_ecdsa 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define calg_null ssl_calg_null 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define calg_rc4 ssl_calg_rc4 595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define calg_rc2 ssl_calg_rc2 605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define calg_des ssl_calg_des 615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define calg_3des ssl_calg_3des 625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define calg_idea ssl_calg_idea 635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define calg_fortezza ssl_calg_fortezza /* deprecated, must preserve */ 645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define calg_aes ssl_calg_aes 655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define calg_camellia ssl_calg_camellia 665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define calg_seed ssl_calg_seed 675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define mac_null ssl_mac_null 695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define mac_md5 ssl_mac_md5 705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define mac_sha ssl_mac_sha 715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define hmac_md5 ssl_hmac_md5 725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define hmac_sha ssl_hmac_sha 73868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)#define hmac_sha256 ssl_hmac_sha256 745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SET_ERROR_CODE /* reminder */ 765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SEND_ALERT /* reminder */ 775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define TEST_FOR_FAILURE /* reminder */ 785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define DEAL_WITH_FAILURE /* reminder */ 795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if defined(DEBUG) || defined(TRACE) 815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#ifdef __cplusplus 825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define Debug 1 835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#else 845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int Debug; 855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#else 875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#undef Debug 885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if defined(DEBUG) && !defined(TRACE) && !defined(NISCC_TEST) 915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define TRACE 925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#ifdef TRACE 955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL_TRC(a,b) if (ssl_trace >= (a)) ssl_Trace b 965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define PRINT_BUF(a,b) if (ssl_trace >= (a)) ssl_PrintBuf b 975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define DUMP_MSG(a,b) if (ssl_trace >= (a)) ssl_DumpMsg b 985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#else 995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL_TRC(a,b) 1005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define PRINT_BUF(a,b) 1015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define DUMP_MSG(a,b) 1025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 1035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#ifdef DEBUG 1055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL_DBG(b) if (ssl_debug) ssl_Trace b 1065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#else 1075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL_DBG(b) 1085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 1095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "private/pprthred.h" /* for PR_InMonitor() */ 1115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define ssl_InMonitor(m) PZ_InMonitor(m) 1125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define LSB(x) ((unsigned char) ((x) & 0xff)) 1145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define MSB(x) ((unsigned char) (((unsigned)(x)) >> 8)) 1155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/************************************************************************/ 1175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef enum { SSLAppOpRead = 0, 1195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLAppOpWrite, 1205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLAppOpRDWR, 1215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLAppOpPost, 1225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLAppOpHeader 1235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} SSLAppOperation; 1245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL_MIN_MASTER_KEY_BYTES 5 1265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL_MAX_MASTER_KEY_BYTES 64 1275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL2_SESSIONID_BYTES 16 1295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL3_SESSIONID_BYTES 32 1305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL_MIN_CHALLENGE_BYTES 16 1325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL_MAX_CHALLENGE_BYTES 32 1335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL_CHALLENGE_BYTES 16 1345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL_CONNECTIONID_BYTES 16 1365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL_MIN_CYPHER_ARG_BYTES 0 1385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL_MAX_CYPHER_ARG_BYTES 32 1395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL_MAX_MAC_BYTES 16 1415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL3_RSA_PMS_LENGTH 48 1435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL3_MASTER_SECRET_LENGTH 48 1445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* number of wrap mechanisms potentially used to wrap master secrets. */ 1465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL_NUM_WRAP_MECHS 16 1475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* This makes the cert cache entry exactly 4k. */ 1495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL_MAX_CACHED_CERT_LEN 4060 1505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define NUM_MIXERS 9 1525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Mask of the 25 named curves we support. */ 154c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define SSL3_ALL_SUPPORTED_CURVES_MASK 0x3fffffe 155a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles)/* Mask of only 3 curves, suite B */ 156c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define SSL3_SUITE_B_SUPPORTED_CURVES_MASK 0x3800000 1575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#ifndef BPB 1595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define BPB 8 /* Bits Per Byte */ 1605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 1615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define EXPORT_RSA_KEY_LENGTH 64 /* bytes */ 1635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define INITIAL_DTLS_TIMEOUT_MS 1000 /* Default value from RFC 4347 = 1s*/ 1655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define MAX_DTLS_TIMEOUT_MS 60000 /* 1 minute */ 1665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define DTLS_FINISHED_TIMER_MS 120000 /* Time to wait in FINISHED state */ 1675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct sslBufferStr sslBuffer; 1695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct sslConnectInfoStr sslConnectInfo; 1705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct sslGatherStr sslGather; 1715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct sslSecurityInfoStr sslSecurityInfo; 1725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct sslSessionIDStr sslSessionID; 1735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct sslSocketStr sslSocket; 1745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct sslSocketOpsStr sslSocketOps; 1755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct ssl3StateStr ssl3State; 1775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct ssl3CertNodeStr ssl3CertNode; 1785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct ssl3BulkCipherDefStr ssl3BulkCipherDef; 1795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct ssl3MACDefStr ssl3MACDef; 1805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct ssl3KeyPairStr ssl3KeyPair; 1815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)struct ssl3CertNodeStr { 1835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) struct ssl3CertNodeStr *next; 1845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERTCertificate * cert; 1855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 1865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef SECStatus (*sslHandshakeFunc)(sslSocket *ss); 1885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* This type points to the low layer send func, 1905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** e.g. ssl2_SendStream or ssl3_SendPlainText. 1915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** These functions return the same values as PR_Send, 1925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** i.e. >= 0 means number of bytes sent, < 0 means error. 1935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)*/ 1945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef PRInt32 (*sslSendFunc)(sslSocket *ss, const unsigned char *buf, 1955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRInt32 n, PRInt32 flags); 1965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef void (*sslSessionIDCacheFunc) (sslSessionID *sid); 1985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef void (*sslSessionIDUncacheFunc)(sslSessionID *sid); 1995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef sslSessionID *(*sslSessionIDLookupFunc)(const PRIPv6Addr *addr, 2005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char* sid, 2015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int sidLen, 2025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERTCertDBHandle * dbHandle); 2035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* registerable callback function that either appends extension to buffer 2055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * or returns length of data that it would have appended. 2065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 2075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef PRInt32 (*ssl3HelloExtensionSenderFunc)(sslSocket *ss, PRBool append, 2085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint32 maxBytes); 2095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* registerable callback function that handles a received extension, 2115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * of the given type. 2125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 2135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef SECStatus (* ssl3HelloExtensionHandlerFunc)(sslSocket *ss, 2145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint16 ex_type, 2155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECItem * data); 2165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* row in a table of hello extension senders */ 2185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct { 2195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRInt32 ex_type; 2205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ssl3HelloExtensionSenderFunc ex_sender; 2215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} ssl3HelloExtensionSender; 2225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* row in a table of hello extension handlers */ 2245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct { 2255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRInt32 ex_type; 2265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ssl3HelloExtensionHandlerFunc ex_handler; 2275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} ssl3HelloExtensionHandler; 2285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus 2305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)ssl3_RegisterServerHelloExtensionSender(sslSocket *ss, PRUint16 ex_type, 2315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ssl3HelloExtensionSenderFunc cb); 2325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern PRInt32 2345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes, 2355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const ssl3HelloExtensionSender *sender); 2365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Socket ops */ 2385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)struct sslSocketOpsStr { 2395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int (*connect) (sslSocket *, const PRNetAddr *); 2405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRFileDesc *(*accept) (sslSocket *, PRNetAddr *); 2415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int (*bind) (sslSocket *, const PRNetAddr *); 2425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int (*listen) (sslSocket *, int); 2435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int (*shutdown)(sslSocket *, int); 2445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int (*close) (sslSocket *); 2455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int (*recv) (sslSocket *, unsigned char *, int, int); 2475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* points to the higher-layer send func, e.g. ssl_SecureSend. */ 2495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int (*send) (sslSocket *, const unsigned char *, int, int); 2505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int (*read) (sslSocket *, unsigned char *, int); 2515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int (*write) (sslSocket *, const unsigned char *, int); 2525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int (*getpeername)(sslSocket *, PRNetAddr *); 2545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int (*getsockname)(sslSocket *, PRNetAddr *); 2555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 2565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Flags interpreted by ssl send functions. */ 2585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define ssl_SEND_FLAG_FORCE_INTO_BUFFER 0x40000000 2595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define ssl_SEND_FLAG_NO_BUFFER 0x20000000 2605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define ssl_SEND_FLAG_USE_EPOCH 0x10000000 /* DTLS only */ 2615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define ssl_SEND_FLAG_NO_RETRANSMIT 0x08000000 /* DTLS only */ 2625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define ssl_SEND_FLAG_CAP_RECORD_VERSION \ 2635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 0x04000000 /* TLS only */ 2645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define ssl_SEND_FLAG_MASK 0x7f000000 2655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* 2675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** A buffer object. 2685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)*/ 2695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)struct sslBufferStr { 2705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char * buf; 2715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int len; 2725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int space; 2735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 2745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* 2765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** SSL3 cipher suite policy and preference struct. 2775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)*/ 2785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct { 2795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if !defined(_WIN32) 2805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int cipher_suite : 16; 2815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int policy : 8; 2825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int enabled : 1; 2835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int isPresent : 1; 2845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#else 2855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ssl3CipherSuite cipher_suite; 2865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint8 policy; 2875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char enabled : 1; 2885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char isPresent : 1; 2895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 2905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} ssl3CipherSuiteCfg; 2915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#ifdef NSS_ENABLE_ECC 293868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)#define ssl_V3_SUITES_IMPLEMENTED 57 2945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#else 295868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)#define ssl_V3_SUITES_IMPLEMENTED 35 2965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif /* NSS_ENABLE_ECC */ 2975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define MAX_DTLS_SRTP_CIPHER_SUITES 4 2995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct sslOptionsStr { 3015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* If SSL_SetNextProtoNego has been called, then this contains the 3025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * list of supported protocols. */ 3035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECItem nextProtoNego; 3045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int useSecurity : 1; /* 1 */ 3065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int useSocks : 1; /* 2 */ 3075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int requestCertificate : 1; /* 3 */ 3085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int requireCertificate : 2; /* 4-5 */ 3095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int handshakeAsClient : 1; /* 6 */ 3105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int handshakeAsServer : 1; /* 7 */ 3115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int enableSSL2 : 1; /* 8 */ 3125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int unusedBit9 : 1; /* 9 */ 3135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int unusedBit10 : 1; /* 10 */ 3145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int noCache : 1; /* 11 */ 3155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int fdx : 1; /* 12 */ 3165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int v2CompatibleHello : 1; /* 13 */ 3175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int detectRollBack : 1; /* 14 */ 3185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int noStepDown : 1; /* 15 */ 3195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int bypassPKCS11 : 1; /* 16 */ 3205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int noLocks : 1; /* 17 */ 3215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int enableSessionTickets : 1; /* 18 */ 3225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int enableDeflate : 1; /* 19 */ 3235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int enableRenegotiation : 2; /* 20-21 */ 3245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int requireSafeNegotiation : 1; /* 22 */ 3255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int enableFalseStart : 1; /* 23 */ 3265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int cbcRandomIV : 1; /* 24 */ 3275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int enableOCSPStapling : 1; /* 25 */ 3285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} sslOptions; 3295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef enum { sslHandshakingUndetermined = 0, 3315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sslHandshakingAsClient, 3325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sslHandshakingAsServer 3335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} sslHandshakingType; 3345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct sslServerCertsStr { 3365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* Configuration state for server sockets */ 3375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERTCertificate * serverCert; 3385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERTCertificateList * serverCertChain; 3395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ssl3KeyPair * serverKeyPair; 3405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int serverKeyBits; 3415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} sslServerCerts; 3425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SERVERKEY serverKeyPair->privKey 3445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL_LOCK_RANK_SPEC 255 3465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL_LOCK_RANK_GLOBAL NSS_RWLOCK_RANK_NONE 3475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* These are the valid values for shutdownHow. 3495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** These values are each 1 greater than the NSPR values, and the code 3505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** depends on that relation to efficiently convert PR_SHUTDOWN values 3515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** into ssl_SHUTDOWN values. These values use one bit for read, and 3525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** another bit for write, and can be used as bitmasks. 3535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)*/ 3545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define ssl_SHUTDOWN_NONE 0 /* NOT shutdown at all */ 3555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define ssl_SHUTDOWN_RCV 1 /* PR_SHUTDOWN_RCV +1 */ 3565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define ssl_SHUTDOWN_SEND 2 /* PR_SHUTDOWN_SEND +1 */ 3575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define ssl_SHUTDOWN_BOTH 3 /* PR_SHUTDOWN_BOTH +1 */ 3585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* 3605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** A gather object. Used to read some data until a count has been 3615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** satisfied. Primarily for support of async sockets. 3625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** Everything in here is protected by the recvBufLock. 3635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)*/ 3645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)struct sslGatherStr { 3655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int state; /* see GS_ values below. */ /* ssl 2 & 3 */ 3665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* "buf" holds received plaintext SSL records, after decrypt and MAC check. 3685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * SSL2: recv'd ciphertext records are put here, then decrypted in place. 3695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * SSL3: recv'd ciphertext records are put in inbuf (see below), then 3705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * decrypted into buf. 3715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 3725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sslBuffer buf; /*recvBufLock*/ /* ssl 2 & 3 */ 3735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* number of bytes previously read into hdr or buf(ssl2) or inbuf (ssl3). 3755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ** (offset - writeOffset) is the number of ciphertext bytes read in but 3765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ** not yet deciphered. 3775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 3785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int offset; /* ssl 2 & 3 */ 3795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* number of bytes to read in next call to ssl_DefRecv (recv) */ 3815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int remainder; /* ssl 2 & 3 */ 3825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* Number of ciphertext bytes to read in after 2-byte SSL record header. */ 3845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int count; /* ssl2 only */ 3855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* size of the final plaintext record. 3875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ** == count - (recordPadding + MAC size) 3885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 3895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int recordLen; /* ssl2 only */ 3905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* number of bytes of padding to be removed after decrypting. */ 3925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* This value is taken from the record's hdr[2], which means a too large 3935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * value could crash us. 3945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 3955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int recordPadding; /* ssl2 only */ 3965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* plaintext DATA begins this many bytes into "buf". */ 3985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int recordOffset; /* ssl2 only */ 3995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int encrypted; /* SSL2 session is now encrypted. ssl2 only */ 4015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* These next two values are used by SSL2 and SSL3. 4035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ** DoRecv uses them to extract application data. 4045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ** The difference between writeOffset and readOffset is the amount of 4055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ** data available to the application. Note that the actual offset of 4065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ** the data in "buf" is recordOffset (above), not readOffset. 4075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ** In the current implementation, this is made available before the 4085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ** MAC is checked!! 4095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 4105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int readOffset; /* Spot where DATA reader (e.g. application 4115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ** or handshake code) will read next. 4125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ** Always zero for SSl3 application data. 4135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 4145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* offset in buf/inbuf/hdr into which new data will be read from socket. */ 4155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int writeOffset; 4165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* Buffer for ssl3 to read (encrypted) data from the socket */ 4185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sslBuffer inbuf; /*recvBufLock*/ /* ssl3 only */ 4195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* The ssl[23]_GatherData functions read data into this buffer, rather 4215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ** than into buf or inbuf, while in the GS_HEADER state. 4225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ** The portion of the SSL record header put here always comes off the wire 4235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ** as plaintext, never ciphertext. 4245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ** For SSL2, the plaintext portion is two bytes long. For SSl3 it is 5. 4255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ** For DTLS it is 13. 4265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 4275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char hdr[13]; /* ssl 2 & 3 or dtls */ 4285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* Buffer for DTLS data read off the wire as a single datagram */ 4305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sslBuffer dtlsPacket; 4315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* the start of the buffered DTLS record in dtlsPacket */ 4335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int dtlsPacketOffset; 4345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 4355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* sslGather.state */ 4375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define GS_INIT 0 4385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define GS_HEADER 1 4395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define GS_MAC 2 4405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define GS_DATA 3 4415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define GS_PAD 4 4425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef SECStatus (*SSLCipher)(void * context, 4445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char * out, 4455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int * outlen, 4465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int maxout, 4475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const unsigned char *in, 4485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int inlen); 4495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef SECStatus (*SSLCompressor)(void * context, 4505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char * out, 4515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int * outlen, 4525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int maxout, 4535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const unsigned char *in, 4545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int inlen); 4555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef SECStatus (*SSLDestroy)(void *context, PRBool freeit); 4565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if defined(NSS_PLATFORM_CLIENT_AUTH) && defined(XP_WIN32) 4585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef PCERT_KEY_CONTEXT PlatformKey; 4595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#elif defined(NSS_PLATFORM_CLIENT_AUTH) && defined(XP_MACOSX) 4605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef SecKeyRef PlatformKey; 4615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#else 4625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef void *PlatformKey; 4635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 4645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* 4685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** ssl3State and CipherSpec structs 4695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)*/ 4705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* The SSL bulk cipher definition */ 4725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef enum { 4735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) cipher_null, 4745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) cipher_rc4, 4755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) cipher_rc4_40, 4765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) cipher_rc4_56, 4775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) cipher_rc2, 4785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) cipher_rc2_40, 4795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) cipher_des, 4805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) cipher_3des, 4815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) cipher_des40, 4825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) cipher_idea, 4835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) cipher_aes_128, 4845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) cipher_aes_256, 4855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) cipher_camellia_128, 4865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) cipher_camellia_256, 4875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) cipher_seed, 4885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) cipher_missing /* reserved for no such supported cipher */ 4895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* This enum must match ssl3_cipherName[] in ssl3con.c. */ 4905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} SSL3BulkCipher; 4915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef enum { type_stream, type_block } CipherType; 4935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define MAX_IV_LENGTH 24 4955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* 4975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * Do not depend upon 64 bit arithmetic in the underlying machine. 4985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 4995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct { 5005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint32 high; 5015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint32 low; 5025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} SSL3SequenceNumber; 5035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef PRUint16 DTLSEpoch; 5055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef void (*DTLSTimerCb)(sslSocket *); 5075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5087d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles)#define MAX_MAC_CONTEXT_BYTES 400 /* 400 is large enough for MD5, SHA-1, and 5097d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles) * SHA-256. For SHA-384 support, increase 5107d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles) * it to 712. */ 5115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define MAX_MAC_CONTEXT_LLONGS (MAX_MAC_CONTEXT_BYTES / 8) 5125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define MAX_CIPHER_CONTEXT_BYTES 2080 5145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define MAX_CIPHER_CONTEXT_LLONGS (MAX_CIPHER_CONTEXT_BYTES / 8) 5155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct { 5172a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) SSL3Opaque wrapped_master_secret[48]; 5185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint16 wrapped_master_secret_len; 5195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint8 msIsWrapped; 5205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint8 resumable; 5212a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)} ssl3SidKeys; /* 52 bytes */ 5225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct { 5245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PK11SymKey *write_key; 5255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PK11SymKey *write_mac_key; 5265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PK11Context *write_mac_context; 5275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECItem write_key_item; 5285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECItem write_iv_item; 5295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECItem write_mac_key_item; 5305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3Opaque write_iv[MAX_IV_LENGTH]; 5315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint64 cipher_context[MAX_CIPHER_CONTEXT_LLONGS]; 5325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} ssl3KeyMaterial; 5335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* The DTLS anti-replay window. Defined here because we need it in 5355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * the cipher spec. Note that this is a ring buffer but left and 5365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * right represent the true window, with modular arithmetic used to 5375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * map them onto the buffer. 5385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 5395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define DTLS_RECVD_RECORDS_WINDOW 1024 /* Packets; approximate 5405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * Must be divisible by 8 5415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 5425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct DTLSRecvdRecordsStr { 5435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char data[DTLS_RECVD_RECORDS_WINDOW/8]; 5445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint64 left; 5455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint64 right; 5465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} DTLSRecvdRecords; 5475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* 5495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** These are the "specs" in the "ssl3" struct. 5505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** Access to the pointers to these specs, and all the specs' contents 5515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** (direct and indirect) is protected by the reader/writer lock ss->specLock. 5525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)*/ 5535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct { 5545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const ssl3BulkCipherDef *cipher_def; 5555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const ssl3MACDef * mac_def; 5565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLCompressionMethod compression_method; 5575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int mac_size; 5585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLCipher encode; 5595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLCipher decode; 5605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLDestroy destroy; 5615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void * encodeContext; 5625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void * decodeContext; 5635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLCompressor compressor; /* Don't name these fields compress */ 5645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLCompressor decompressor; /* and uncompress because zconf.h */ 5655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* may define them as macros. */ 5665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLDestroy destroyCompressContext; 5675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void * compressContext; 5685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLDestroy destroyDecompressContext; 5695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void * decompressContext; 5705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRBool bypassCiphers; /* did double bypass (at least) */ 5715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PK11SymKey * master_secret; 5725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3SequenceNumber write_seq_num; 5735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3SequenceNumber read_seq_num; 5745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3ProtocolVersion version; 5755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ssl3KeyMaterial client; 5765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ssl3KeyMaterial server; 5775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECItem msItem; 5785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char key_block[NUM_MIXERS * MD5_LENGTH]; 5795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char raw_master_secret[56]; 5805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECItem srvVirtName; /* for server: name that was negotiated 5815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * with a client. For client - is 5825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * always set to NULL.*/ 5835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DTLSEpoch epoch; 5845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DTLSRecvdRecords recvdRecords; 5855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} ssl3CipherSpec; 5865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef enum { never_cached, 5885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) in_client_cache, 5895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) in_server_cache, 5905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) invalid_cache /* no longer in any cache. */ 5915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} Cached; 5925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define MAX_PEER_CERT_CHAIN_SIZE 8 5945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)struct sslSessionIDStr { 5965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sslSessionID * next; /* chain used for client sockets, only */ 5975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERTCertificate * peerCert; 5995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERTCertificate * peerCertChain[MAX_PEER_CERT_CHAIN_SIZE]; 600c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) SECItemArray peerCertStatus; /* client only */ 6015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const char * peerID; /* client only */ 6025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const char * urlSvrName; /* client only */ 6035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERTCertificate * localCert; 6045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 6055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRIPv6Addr addr; 6065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint16 port; 6075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 6085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3ProtocolVersion version; 6095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 6105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint32 creationTime; /* seconds since Jan 1, 1970 */ 6115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint32 lastAccessTime; /* seconds since Jan 1, 1970 */ 6125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint32 expirationTime; /* seconds since Jan 1, 1970 */ 6135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Cached cached; 6145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int references; 6155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 6165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLSignType authAlgorithm; 6175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint32 authKeyBits; 6185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLKEAType keaType; 6195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint32 keaKeyBits; 6205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 6215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) union { 6225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) struct { 6235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* the V2 code depends upon the size of sessionID. */ 6245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char sessionID[SSL2_SESSIONID_BYTES]; 6255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 6265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* Stuff used to recreate key and read/write cipher objects */ 6275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECItem masterKey; /* never wrapped */ 6285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int cipherType; 6295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECItem cipherArg; 6305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int keyBits; 6315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int secretKeyBits; 6325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } ssl2; 6335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) struct { 6345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* values that are copied into the server's on-disk SID cache. */ 635a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles) PRUint8 sessionIDLength; 6365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3Opaque sessionID[SSL3_SESSIONID_BYTES]; 6375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 6385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ssl3CipherSuite cipherSuite; 6395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLCompressionMethod compression; 6405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int policy; 6415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ssl3SidKeys keys; 6425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CK_MECHANISM_TYPE masterWrapMech; 6435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* mechanism used to wrap master secret */ 6445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3KEAType exchKeyType; 6455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* key type used in exchange algorithm, 6465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * and to wrap the sym wrapping key. */ 6475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#ifdef NSS_ENABLE_ECC 6485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint32 negotiatedECCurves; 6495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif /* NSS_ENABLE_ECC */ 6505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 6515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* The following values are NOT restored from the server's on-disk 6525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * session cache, but are restored from the client's cache. 6535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 6545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PK11SymKey * clientWriteKey; 6555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PK11SymKey * serverWriteKey; 6565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 6575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* The following values pertain to the slot that wrapped the 6585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ** master secret. (used only in client) 6595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 6605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECMODModuleID masterModuleID; 6615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* what module wrapped the master secret */ 6625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CK_SLOT_ID masterSlotID; 6635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint16 masterWrapIndex; 6645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* what's the key index for the wrapping key */ 6655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint16 masterWrapSeries; 6665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* keep track of the slot series, so we don't 6675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * accidently try to use new keys after the 6685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * card gets removed and replaced.*/ 6695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 6705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* The following values pertain to the slot that did the signature 6715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ** for client auth. (used only in client) 6725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 6735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECMODModuleID clAuthModuleID; 6745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CK_SLOT_ID clAuthSlotID; 6755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint16 clAuthSeries; 6765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 6775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) char masterValid; 6785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) char clAuthValid; 6795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 6805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* Session ticket if we have one, is sent as an extension in the 6815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * ClientHello message. This field is used by clients. 6825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 6835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) NewSessionTicket sessionTicket; 6845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECItem srvName; 6855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } ssl3; 6865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } u; 6875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 6885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 6895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 6905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct ssl3CipherSuiteDefStr { 6915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ssl3CipherSuite cipher_suite; 6925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3BulkCipher bulk_cipher_alg; 6935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3MACAlgorithm mac_alg; 6945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3KeyExchangeAlgorithm key_exchange_alg; 6955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} ssl3CipherSuiteDef; 6965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 6975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* 6985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** There are tables of these, all const. 6995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)*/ 7005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct { 7015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3KeyExchangeAlgorithm kea; 7025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3KEAType exchKeyType; 7035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3SignType signKeyType; 7045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRBool is_limited; 7055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int key_size_limit; 7065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRBool tls_keygen; 7075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} ssl3KEADef; 7085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 7095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef enum { kg_null, kg_strong, kg_export } SSL3KeyGenMode; 7105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 7115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* 7125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** There are tables of these, all const. 7135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)*/ 7145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)struct ssl3BulkCipherDefStr { 7155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3BulkCipher cipher; 7165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLCipherAlgorithm calg; 7175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int key_size; 7185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int secret_key_size; 7195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CipherType type; 7205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int iv_size; 7215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int block_size; 7225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3KeyGenMode keygen_mode; 7235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 7245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 7255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* 7265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** There are tables of these, all const. 7275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)*/ 7285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)struct ssl3MACDefStr { 7295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3MACAlgorithm mac; 7305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CK_MECHANISM_TYPE mmech; 7315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int pad_size; 7325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int mac_size; 7335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 7345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 7355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef enum { 7365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) wait_client_hello, 7375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) wait_client_cert, 7385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) wait_client_key, 7395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) wait_cert_verify, 7405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) wait_change_cipher, 7415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) wait_finished, 7425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) wait_server_hello, 743c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) wait_certificate_status, 7445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) wait_server_cert, 7455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) wait_server_key, 7465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) wait_cert_request, 7475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) wait_hello_done, 7485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) wait_new_session_ticket, 7495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) idle_handshake 7505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} SSL3WaitState; 7515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 7525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* 7535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * TLS extension related constants and data structures. 7545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 7555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct TLSExtensionDataStr TLSExtensionData; 7565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct SessionTicketDataStr SessionTicketData; 7575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 7585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)struct TLSExtensionDataStr { 7595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* registered callbacks that send server hello extensions */ 7605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ssl3HelloExtensionSender serverSenders[SSL_MAX_EXTENSIONS]; 7615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* Keep track of the extensions that are negotiated. */ 7625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint16 numAdvertised; 7635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint16 numNegotiated; 7645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint16 advertised[SSL_MAX_EXTENSIONS]; 7655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint16 negotiated[SSL_MAX_EXTENSIONS]; 7665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 7675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* SessionTicket Extension related data. */ 7685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRBool ticketTimestampVerified; 7695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRBool emptySessionTicket; 7705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 7715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* SNI Extension related data 7725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * Names data is not coppied from the input buffer. It can not be 7735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * used outside the scope where input buffer is defined and that 7745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * is beyond ssl3_HandleClientHello function. */ 7755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECItem *sniNameArr; 7765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint32 sniNameArrSize; 7775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 7785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 7795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef SECStatus (*sslRestartTarget)(sslSocket *); 7805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 7815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* 7825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** A DTLS queued message (potentially to be retransmitted) 7835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)*/ 7845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct DTLSQueuedMessageStr { 7855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRCList link; /* The linked list link */ 7865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DTLSEpoch epoch; /* The epoch to use */ 7875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3ContentType type; /* The message type */ 7885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char *data; /* The data */ 7895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint16 len; /* The data length */ 7905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} DTLSQueuedMessage; 7915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 7927d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles)typedef enum { 7937d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles) handshake_hash_unknown = 0, 7947d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles) handshake_hash_combo = 1, /* The MD5/SHA-1 combination */ 7957d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles) handshake_hash_single = 2 /* A single hash */ 7967d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles)} SSL3HandshakeHashType; 7977d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles) 7985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* 7995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** This is the "hs" member of the "ssl3" struct. 8005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** This entire struct is protected by ssl3HandshakeLock 8015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)*/ 8025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct SSL3HandshakeStateStr { 8035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3Random server_random; 8045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3Random client_random; 8055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3WaitState ws; 8067d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles) 8077d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles) /* This group of members is used for handshake running hashes. */ 8087d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles) SSL3HandshakeHashType hashType; 8097d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles) sslBuffer messages; /* Accumulated handshake messages */ 8107d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles)#ifndef NO_PKCS11_BYPASS 8117d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles) /* Bypass mode: 8127d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles) * SSL 3.0 - TLS 1.1 use both |md5_cx| and |sha_cx|. |md5_cx| is used for 8137d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles) * MD5 and |sha_cx| for SHA-1. 8147d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles) * TLS 1.2 and later use only |sha_cx|, for SHA-256. NOTE: When we support 8157d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles) * SHA-384, increase MAX_MAC_CONTEXT_BYTES to 712. */ 8165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint64 md5_cx[MAX_MAC_CONTEXT_LLONGS]; 8175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS]; 8187d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles) const SECHashObject * sha_obj; 8197d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles) /* The function prototype of sha_obj->clone() does not match the prototype 8207d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles) * of the freebl <HASH>_Clone functions, so we need a dedicated function 8217d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles) * pointer for the <HASH>_Clone function. */ 8227d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles) void (*sha_clone)(void *dest, void *src); 8237d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles)#endif 8247d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles) /* PKCS #11 mode: 8257d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles) * SSL 3.0 - TLS 1.1 use both |md5| and |sha|. |md5| is used for MD5 and 8267d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles) * |sha| for SHA-1. 8277d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles) * TLS 1.2 and later use only |sha|, for SHA-256. */ 828f7530a7a2b0c81a081d469940714dcf4d3f2505eTorne (Richard Coles) /* NOTE: On the client side, TLS 1.2 and later use |md5| as a backup 829f7530a7a2b0c81a081d469940714dcf4d3f2505eTorne (Richard Coles) * handshake hash for generating client auth signatures. Confusingly, the 830f7530a7a2b0c81a081d469940714dcf4d3f2505eTorne (Richard Coles) * backup hash function is SHA-1. */ 8317d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles) PK11Context * md5; 8325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PK11Context * sha; 8337d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles) 8345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)const ssl3KEADef * kea_def; 8355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ssl3CipherSuite cipher_suite; 8365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)const ssl3CipherSuiteDef *suite_def; 8375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLCompressionMethod compression; 8385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sslBuffer msg_body; /* protected by recvBufLock */ 8395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* partial handshake message from record layer */ 8405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int header_bytes; 8415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* number of bytes consumed from handshake */ 8425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* message for message type and header length */ 8435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3HandshakeType msg_type; 8445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned long msg_len; 8455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECItem ca_list; /* used only by client */ 8465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRBool isResuming; /* are we resuming a session */ 8475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRBool usedStepDownKey; /* we did a server key exchange. */ 8485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRBool sendingSCSV; /* instead of empty RI */ 8495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sslBuffer msgState; /* current state for handshake messages*/ 8505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* protected by recvBufLock */ 8515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint16 finishedBytes; /* size of single finished below */ 8525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) union { 8535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TLSFinished tFinished[2]; /* client, then server */ 854868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) SSL3Finished sFinished[2]; 8555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3Opaque data[72]; 8565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } finishedMsgs; 8575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#ifdef NSS_ENABLE_ECC 8585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint32 negotiatedECCurves; /* bit mask */ 8595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif /* NSS_ENABLE_ECC */ 8605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 8615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRBool authCertificatePending; 8625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* Which function should SSL_RestartHandshake* call if we're blocked? 8635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * One of NULL, ssl3_SendClientSecondRound, ssl3_FinishHandshake, 8645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * or ssl3_AlwaysFail */ 8655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sslRestartTarget restartTarget; 8665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* Shared state between ssl3_HandleFinished and ssl3_FinishHandshake */ 8675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRBool cacheSID; 8685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 869868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) /* clientSigAndHash contains the contents of the signature_algorithms 870868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) * extension (if any) from the client. This is only valid for TLS 1.2 871868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) * or later. */ 872868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) SSL3SignatureAndHashAlgorithm *clientSigAndHash; 873868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) unsigned int numClientSigAndHash; 874868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) 8755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* This group of values is used for DTLS */ 8765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint16 sendMessageSeq; /* The sending message sequence 8775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * number */ 8782a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) PRCList lastMessageFlight; /* The last message flight we 8792a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) * sent */ 8805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint16 maxMessageSent; /* The largest message we sent */ 8815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint16 recvMessageSeq; /* The receiving message sequence 8825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * number */ 8835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sslBuffer recvdFragments; /* The fragments we have received in 8845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * a bitmask */ 8855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRInt32 recvdHighWater; /* The high water mark for fragments 8865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * received. -1 means no reassembly 8875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * in progress. */ 8885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char cookie[32]; /* The cookie */ 8895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char cookieLen; /* The length of the cookie */ 8905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRIntervalTime rtTimerStarted; /* When the timer was started */ 8915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DTLSTimerCb rtTimerCb; /* The function to call on expiry */ 8925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint32 rtTimeoutMs; /* The length of the current timeout 8935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * used for backoff (in ms) */ 8945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint32 rtRetries; /* The retry counter */ 8955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} SSL3HandshakeState; 8965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 8975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 8985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 8995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* 9005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** This is the "ssl3" struct, as in "ss->ssl3". 9015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** note: 9025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** usually, crSpec == cwSpec and prSpec == pwSpec. 9035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** Sometimes, crSpec == pwSpec and prSpec == cwSpec. 9045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** But there are never more than 2 actual specs. 9055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** No spec must ever be modified if either "current" pointer points to it. 9065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)*/ 9075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)struct ssl3StateStr { 9085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 9095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* 9105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ** The following Specs and Spec pointers must be protected using the 9115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ** Spec Lock. 9125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 9135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ssl3CipherSpec * crSpec; /* current read spec. */ 9145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ssl3CipherSpec * prSpec; /* pending read spec. */ 9155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ssl3CipherSpec * cwSpec; /* current write spec. */ 9165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ssl3CipherSpec * pwSpec; /* pending write spec. */ 9175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 9185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERTCertificate * clientCertificate; /* used by client */ 9195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECKEYPrivateKey * clientPrivateKey; /* used by client */ 9205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* platformClientKey is present even when NSS_PLATFORM_CLIENT_AUTH is not 9215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * defined in order to allow cleaner conditional code. 9225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * At most one of clientPrivateKey and platformClientKey may be set. */ 9235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PlatformKey platformClientKey; /* used by client */ 9245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERTCertificateList *clientCertChain; /* used by client */ 9255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRBool sendEmptyCert; /* used by client */ 9265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 9275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECKEYPrivateKey *channelID; /* used by client */ 9285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECKEYPublicKey *channelIDPub; /* used by client */ 9295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 9305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int policy; 9315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* This says what cipher suites we can do, and should 9325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * be either SSL_ALLOWED or SSL_RESTRICTED 9335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 934a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles) PLArenaPool * peerCertArena; 9355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* These are used to keep track of the peer CA */ 9365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void * peerCertChain; 9375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* chain while we are trying to validate it. */ 9385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERTDistNames * ca_list; 9395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* used by server. trusted CAs for this socket. */ 9405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRBool initialized; 9415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3HandshakeState hs; 9425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ssl3CipherSpec specs[2]; /* one is current, one is pending. */ 9435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 9445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* In a client: if the server supports Next Protocol Negotiation, then 9455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * this is the protocol that was negotiated. 9465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 9475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECItem nextProto; 9485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLNextProtoState nextProtoState; 9495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 9505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint16 mtu; /* Our estimate of the MTU */ 9515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 9525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* DTLS-SRTP cipher suite preferences (if any) */ 9535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint16 dtlsSRTPCiphers[MAX_DTLS_SRTP_CIPHER_SUITES]; 9545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint16 dtlsSRTPCipherCount; 9555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint16 dtlsSRTPCipherSuite; /* 0 if not selected */ 9565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 9575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 9585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define DTLS_MAX_MTU 1500 /* Ethernet MTU but without subtracting the 9595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * headers, so slightly larger than expected */ 9605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define IS_DTLS(ss) (ss->protocolVariant == ssl_variant_datagram) 9615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 9625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct { 9635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3ContentType type; 9645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3ProtocolVersion version; 9655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3SequenceNumber seq_num; /* DTLS only */ 9665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sslBuffer * buf; 9675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} SSL3Ciphertext; 9685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 9695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)struct ssl3KeyPairStr { 9705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECKEYPrivateKey * privKey; 9715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECKEYPublicKey * pubKey; 9725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRInt32 refCount; /* use PR_Atomic calls for this. */ 9735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 9745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 9755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct SSLWrappedSymWrappingKeyStr { 9765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3Opaque wrappedSymmetricWrappingkey[512]; 9775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CK_MECHANISM_TYPE symWrapMechanism; 9785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* unwrapped symmetric wrapping key uses this mechanism */ 9795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CK_MECHANISM_TYPE asymWrapMechanism; 9805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* mechanism used to wrap the SymmetricWrappingKey using 9815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * server's public and/or private keys. */ 9825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3KEAType exchKeyType; /* type of keys used to wrap SymWrapKey*/ 9835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRInt32 symWrapMechIndex; 9845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint16 wrappedSymKeyLen; 9855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} SSLWrappedSymWrappingKey; 9865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 9875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct SessionTicketStr { 988a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles) PRUint16 ticket_version; 9895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3ProtocolVersion ssl_version; 9905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ssl3CipherSuite cipher_suite; 9915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLCompressionMethod compression_method; 9925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLSignType authAlgorithm; 993a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles) PRUint32 authKeyBits; 9945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLKEAType keaType; 995a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles) PRUint32 keaKeyBits; 9965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* 9975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * exchKeyType and msWrapMech contain meaningful values only if 9985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * ms_is_wrapped is true. 9995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 1000a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles) PRUint8 ms_is_wrapped; 10015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLKEAType exchKeyType; /* XXX(wtc): same as keaType above? */ 10025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CK_MECHANISM_TYPE msWrapMech; 1003a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles) PRUint16 ms_length; 10045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3Opaque master_secret[48]; 10055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ClientIdentity client_identity; 10065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECItem peer_cert; 1007a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles) PRUint32 timestamp; 10085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECItem srvName; /* negotiated server name */ 10095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} SessionTicket; 10105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 10115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* 10125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * SSL2 buffers used in SSL3. 10135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * writeBuf in the SecurityInfo maintained by sslsecur.c is used 10145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * to hold the data just about to be passed to the kernel 10155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * sendBuf in the ConnectInfo maintained by sslcon.c is used 10165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * to hold handshake messages as they are accumulated 10175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 10185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 10195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* 10205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** This is "ci", as in "ss->sec.ci". 10215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** 10225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** Protection: All the variables in here are protected by 10235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** firstHandshakeLock AND (in ssl3) ssl3HandshakeLock 10245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)*/ 10255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)struct sslConnectInfoStr { 10265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* outgoing handshakes appended to this. */ 10275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sslBuffer sendBuf; /*xmitBufLock*/ /* ssl 2 & 3 */ 10285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 10295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRIPv6Addr peer; /* ssl 2 & 3 */ 10305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned short port; /* ssl 2 & 3 */ 10315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 10325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sslSessionID *sid; /* ssl 2 & 3 */ 10335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 10345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* see CIS_HAVE defines below for the bit values in *elements. */ 10355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) char elements; /* ssl2 only */ 10365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) char requiredElements; /* ssl2 only */ 10375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) char sentElements; /* ssl2 only */ 10385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 10395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) char sentFinished; /* ssl2 only */ 10405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 10415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* Length of server challenge. Used by client when saving challenge */ 10425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int serverChallengeLen; /* ssl2 only */ 10435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* type of authentication requested by server */ 10445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char authType; /* ssl2 only */ 10455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 10465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* Challenge sent by client to server in client-hello message */ 10475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* SSL3 gets a copy of this. See ssl3_StartHandshakeHash(). */ 10485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char clientChallenge[SSL_MAX_CHALLENGE_BYTES]; /* ssl 2 & 3 */ 10495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 10505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* Connection-id sent by server to client in server-hello message */ 10515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char connectionID[SSL_CONNECTIONID_BYTES]; /* ssl2 only */ 10525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 10535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* Challenge sent by server to client in request-certificate message */ 10545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char serverChallenge[SSL_MAX_CHALLENGE_BYTES]; /* ssl2 only */ 10555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 10565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* Information kept to handle a request-certificate message */ 10575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char readKey[SSL_MAX_MASTER_KEY_BYTES]; /* ssl2 only */ 10585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char writeKey[SSL_MAX_MASTER_KEY_BYTES]; /* ssl2 only */ 10595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned keySize; /* ssl2 only */ 10605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 10615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 10625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* bit values for ci->elements, ci->requiredElements, sentElements. */ 10635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define CIS_HAVE_MASTER_KEY 0x01 10645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define CIS_HAVE_CERTIFICATE 0x02 10655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define CIS_HAVE_FINISHED 0x04 10665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define CIS_HAVE_VERIFY 0x08 10675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 10685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Note: The entire content of this struct and whatever it points to gets 10695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * blown away by SSL_ResetHandshake(). This is "sec" as in "ss->sec". 10705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * 10715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * Unless otherwise specified below, the contents of this struct are 10725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * protected by firstHandshakeLock AND (in ssl3) ssl3HandshakeLock. 10735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 10745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)struct sslSecurityInfoStr { 10755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sslSendFunc send; /*xmitBufLock*/ /* ssl 2 & 3 */ 10765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int isServer; /* Spec Lock?*/ /* ssl 2 & 3 */ 10775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sslBuffer writeBuf; /*xmitBufLock*/ /* ssl 2 & 3 */ 10785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 10795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int cipherType; /* ssl 2 & 3 */ 10805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int keyBits; /* ssl 2 & 3 */ 10815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int secretKeyBits; /* ssl 2 & 3 */ 10825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERTCertificate *localCert; /* ssl 2 & 3 */ 10835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERTCertificate *peerCert; /* ssl 2 & 3 */ 10845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECKEYPublicKey *peerKey; /* ssl3 only */ 10855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 10865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLSignType authAlgorithm; 10875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint32 authKeyBits; 10885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLKEAType keaType; 10895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint32 keaKeyBits; 10905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 10915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* 10925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ** Procs used for SID cache (nonce) management. 10935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ** Different implementations exist for clients/servers 10945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ** The lookup proc is only used for servers. Baloney! 10955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 10965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sslSessionIDCacheFunc cache; /* ssl 2 & 3 */ 10975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sslSessionIDUncacheFunc uncache; /* ssl 2 & 3 */ 10985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 10995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* 11005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ** everything below here is for ssl2 only. 11015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ** This stuff is equivalent to SSL3's "spec", and is protected by the 11025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ** same "Spec Lock" as used for SSL3's specs. 11035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 11045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint32 sendSequence; /*xmitBufLock*/ /* ssl2 only */ 11055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint32 rcvSequence; /*recvBufLock*/ /* ssl2 only */ 11065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 11075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* Hash information; used for one-way-hash functions (MD2, MD5, etc.) */ 11085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const SECHashObject *hash; /* Spec Lock */ /* ssl2 only */ 11095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void *hashcx; /* Spec Lock */ /* ssl2 only */ 11105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 11115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECItem sendSecret; /* Spec Lock */ /* ssl2 only */ 11125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECItem rcvSecret; /* Spec Lock */ /* ssl2 only */ 11135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 11145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* Session cypher contexts; one for each direction */ 11155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void *readcx; /* Spec Lock */ /* ssl2 only */ 11165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void *writecx; /* Spec Lock */ /* ssl2 only */ 11175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLCipher enc; /* Spec Lock */ /* ssl2 only */ 11185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLCipher dec; /* Spec Lock */ /* ssl2 only */ 11195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void (*destroy)(void *, PRBool); /* Spec Lock */ /* ssl2 only */ 11205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 11215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* Blocking information for the session cypher */ 11225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int blockShift; /* Spec Lock */ /* ssl2 only */ 11235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int blockSize; /* Spec Lock */ /* ssl2 only */ 11245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 11255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* These are used during a connection handshake */ 11265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sslConnectInfo ci; /* ssl 2 & 3 */ 11275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 11285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 11295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 11305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* 11315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** SSL Socket struct 11325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** 11335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** Protection: XXX 11345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)*/ 11355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)struct sslSocketStr { 11365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRFileDesc * fd; 11375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 11385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* Pointer to operations vector for this socket */ 11395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const sslSocketOps * ops; 11405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 11415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* SSL socket options */ 11425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sslOptions opt; 11435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* Enabled version range */ 11445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLVersionRange vrange; 11455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 11465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* State flags */ 11475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned long clientAuthRequested; 11485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned long delayDisabled; /* Nagle delay disabled */ 11495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned long firstHsDone; /* first handshake is complete. */ 11505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned long handshakeBegun; 11515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned long lastWriteBlocked; 11525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned long recvdCloseNotify; /* received SSL EOF. */ 11535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned long TCPconnected; 11545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned long appDataBuffered; 11555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned long peerRequestedProtection; /* from old renegotiation */ 11565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 11575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* version of the protocol to use */ 11585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3ProtocolVersion version; 11595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3ProtocolVersion clientHelloVersion; /* version sent in client hello. */ 11605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 11615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sslSecurityInfo sec; /* not a pointer any more */ 11625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 11635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* protected by firstHandshakeLock AND (in ssl3) ssl3HandshakeLock. */ 11645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const char *url; /* ssl 2 & 3 */ 11655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 11665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sslHandshakeFunc handshake; /*firstHandshakeLock*/ 11675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sslHandshakeFunc nextHandshake; /*firstHandshakeLock*/ 11685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sslHandshakeFunc securityHandshake; /*firstHandshakeLock*/ 11695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 11705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* the following variable is only used with socks or other proxies. */ 11715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) char * peerID; /* String uniquely identifies target server. */ 11725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 11735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char * cipherSpecs; 11745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int sizeCipherSpecs; 11755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)const unsigned char * preferredCipher; 11765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 11775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* TLS ClientCertificateTypes requested during HandleCertificateRequest. */ 11785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* Will be NULL at all other times. */ 11795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const SECItem *requestedCertTypes; 11805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 11815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ssl3KeyPair * stepDownKeyPair; /* RSA step down keys */ 11825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 11835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* Callbacks */ 11845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLAuthCertificate authCertificate; 11855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void *authCertificateArg; 11865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLGetClientAuthData getClientAuthData; 11875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void *getClientAuthDataArg; 11885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#ifdef NSS_PLATFORM_CLIENT_AUTH 11895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLGetPlatformClientAuthData getPlatformClientAuthData; 11905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void *getPlatformClientAuthDataArg; 11915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif /* NSS_PLATFORM_CLIENT_AUTH */ 11925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLSNISocketConfig sniSocketConfig; 11935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void *sniSocketConfigArg; 11945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLBadCertHandler handleBadCert; 11955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void *badCertArg; 11965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLHandshakeCallback handshakeCallback; 11975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void *handshakeCallbackData; 11985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void *pkcs11PinArg; 11995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLNextProtoCallback nextProtoCallback; 12005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void *nextProtoArg; 12015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLClientChannelIDCallback getChannelID; 12025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void *getChannelIDArg; 12035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 12045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRIntervalTime rTimeout; /* timeout for NSPR I/O */ 12055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRIntervalTime wTimeout; /* timeout for NSPR I/O */ 12065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRIntervalTime cTimeout; /* timeout for NSPR I/O */ 12075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 12085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PZLock * recvLock; /* lock against multiple reader threads. */ 12095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PZLock * sendLock; /* lock against multiple sender threads. */ 12105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 12115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PZMonitor * recvBufLock; /* locks low level recv buffers. */ 12125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PZMonitor * xmitBufLock; /* locks low level xmit buffers. */ 12135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 12145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* Only one thread may operate on the socket until the initial handshake 12155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ** is complete. This Monitor ensures that. Since SSL2 handshake is 12165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ** only done once, this is also effectively the SSL2 handshake lock. 12175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 12185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PZMonitor * firstHandshakeLock; 12195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 12205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* This monitor protects the ssl3 handshake state machine data. 12215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ** Only one thread (reader or writer) may be in the ssl3 handshake state 12225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ** machine at any time. */ 12235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PZMonitor * ssl3HandshakeLock; 12245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 12255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* reader/writer lock, protects the secret data needed to encrypt and MAC 12265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ** outgoing records, and to decrypt and MAC check incoming ciphertext 12275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ** records. */ 12285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) NSSRWLock * specLock; 12295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 12305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* handle to perm cert db (and implicitly to the temp cert db) used 12315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ** with this socket. 12325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 12335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERTCertDBHandle * dbHandle; 12345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 12355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRThread * writerThread; /* thread holds SSL_LOCK_WRITER lock */ 12365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 12375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint16 shutdownHow; /* See ssl_SHUTDOWN defines below. */ 12385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 12395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint16 allowedByPolicy; /* copy of global policy bits. */ 12405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint16 maybeAllowedByPolicy; /* copy of global policy bits. */ 12415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint16 chosenPreference; /* SSL2 cipher preferences. */ 12425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 12435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sslHandshakingType handshaking; 12445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 12455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* Gather object used for gathering data */ 12465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sslGather gs; /*recvBufLock*/ 12475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 12485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sslBuffer saveBuf; /*xmitBufLock*/ 12495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sslBuffer pendingBuf; /*xmitBufLock*/ 12505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 12515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* Configuration state for server sockets */ 12525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* server cert and key for each KEA type */ 12535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sslServerCerts serverCerts[kt_kea_size]; 1254a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles) /* each cert needs its own status */ 1255a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles) SECItemArray * certStatusArray[kt_kea_size]; 12565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 12575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED]; 12585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ssl3KeyPair * ephemeralECDHKeyPair; /* for ECDHE-* handshake */ 12595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 12605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* SSL3 state info. Formerly was a pointer */ 12615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ssl3State ssl3; 12625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 12635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* 12645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * TLS extension related data. 12655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 12665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* True when the current session is a stateless resume. */ 12675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRBool statelessResume; 12685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TLSExtensionData xtnData; 12695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 12705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* Whether we are doing stream or datagram mode */ 12715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLProtocolVariant protocolVariant; 12725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 12735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 12745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 12755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 12765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* All the global data items declared here should be protected using the 12775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)** ssl_global_data_lock, which is a reader/writer lock. 12785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)*/ 12795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern NSSRWLock * ssl_global_data_lock; 12805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern char ssl_debug; 12815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern char ssl_trace; 12825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern FILE * ssl_trace_iob; 12835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern FILE * ssl_keylog_iob; 12845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern CERTDistNames * ssl3_server_ca_list; 12855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern PRUint32 ssl_sid_timeout; 12865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern PRUint32 ssl3_sid_timeout; 12875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 12885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern const char * const ssl_cipherName[]; 12895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern const char * const ssl3_cipherName[]; 12905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 12915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern sslSessionIDLookupFunc ssl_sid_lookup; 12925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern sslSessionIDCacheFunc ssl_sid_cache; 12935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern sslSessionIDUncacheFunc ssl_sid_uncache; 12945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 12955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/************************************************************************/ 12965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 12975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)SEC_BEGIN_PROTOS 12985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1299c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)/* Functions for handling SECItemArrays, added in NSS 3.15 */ 1300c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)extern SECItemArray *SECITEM_AllocArray(PLArenaPool *arena, 1301c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) SECItemArray *array, 1302c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) unsigned int len); 1303c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)extern SECItemArray *SECITEM_DupArray(PLArenaPool *arena, 1304c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const SECItemArray *from); 1305c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)extern void SECITEM_FreeArray(SECItemArray *array, PRBool freeit); 1306c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)extern void SECITEM_ZfreeArray(SECItemArray *array, PRBool freeit); 1307c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 13085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Internal initialization and installation of the SSL error tables */ 13095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl_Init(void); 13105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl_InitializePRErrorTable(void); 13115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 13125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Implementation of ops for default (non socks, non secure) case */ 13135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl_DefConnect(sslSocket *ss, const PRNetAddr *addr); 13145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern PRFileDesc *ssl_DefAccept(sslSocket *ss, PRNetAddr *addr); 13155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl_DefBind(sslSocket *ss, const PRNetAddr *addr); 13165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl_DefListen(sslSocket *ss, int backlog); 13175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl_DefShutdown(sslSocket *ss, int how); 13185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl_DefClose(sslSocket *ss); 13195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl_DefRecv(sslSocket *ss, unsigned char *buf, int len, int flags); 13205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl_DefSend(sslSocket *ss, const unsigned char *buf, 13215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int len, int flags); 13225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl_DefRead(sslSocket *ss, unsigned char *buf, int len); 13235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl_DefWrite(sslSocket *ss, const unsigned char *buf, int len); 13245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl_DefGetpeername(sslSocket *ss, PRNetAddr *name); 13255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl_DefGetsockname(sslSocket *ss, PRNetAddr *name); 13265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl_DefGetsockopt(sslSocket *ss, PRSockOption optname, 13275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void *optval, PRInt32 *optlen); 13285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl_DefSetsockopt(sslSocket *ss, PRSockOption optname, 13295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const void *optval, PRInt32 optlen); 13305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 13315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Implementation of ops for socks only case */ 13325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl_SocksConnect(sslSocket *ss, const PRNetAddr *addr); 13335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern PRFileDesc *ssl_SocksAccept(sslSocket *ss, PRNetAddr *addr); 13345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl_SocksBind(sslSocket *ss, const PRNetAddr *addr); 13355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl_SocksListen(sslSocket *ss, int backlog); 13365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl_SocksGetsockname(sslSocket *ss, PRNetAddr *name); 13375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl_SocksRecv(sslSocket *ss, unsigned char *buf, int len, int flags); 13385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl_SocksSend(sslSocket *ss, const unsigned char *buf, 13395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int len, int flags); 13405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl_SocksRead(sslSocket *ss, unsigned char *buf, int len); 13415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl_SocksWrite(sslSocket *ss, const unsigned char *buf, int len); 13425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 13435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Implementation of ops for secure only case */ 13445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl_SecureConnect(sslSocket *ss, const PRNetAddr *addr); 13455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern PRFileDesc *ssl_SecureAccept(sslSocket *ss, PRNetAddr *addr); 13465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl_SecureRecv(sslSocket *ss, unsigned char *buf, 13475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int len, int flags); 13485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl_SecureSend(sslSocket *ss, const unsigned char *buf, 13495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int len, int flags); 13505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl_SecureRead(sslSocket *ss, unsigned char *buf, int len); 13515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl_SecureWrite(sslSocket *ss, const unsigned char *buf, int len); 13525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl_SecureShutdown(sslSocket *ss, int how); 13535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl_SecureClose(sslSocket *ss); 13545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 13555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Implementation of ops for secure socks case */ 13565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl_SecureSocksConnect(sslSocket *ss, const PRNetAddr *addr); 13575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern PRFileDesc *ssl_SecureSocksAccept(sslSocket *ss, PRNetAddr *addr); 13585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern PRFileDesc *ssl_FindTop(sslSocket *ss); 13595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 13605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Gather funcs. */ 13615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern sslGather * ssl_NewGather(void); 13625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl_InitGather(sslGather *gs); 13635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern void ssl_DestroyGather(sslGather *gs); 13645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags); 13655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl2_GatherRecord(sslSocket *ss, int flags); 13665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl_GatherRecord1stHandshake(sslSocket *ss); 13675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 13685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl2_HandleClientHelloMessage(sslSocket *ss); 13695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl2_HandleServerHelloMessage(sslSocket *ss); 13705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl2_StartGatherBytes(sslSocket *ss, sslGather *gs, 13715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int count); 13725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 13735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl_CreateSecurityInfo(sslSocket *ss); 13745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl_CopySecurityInfo(sslSocket *ss, sslSocket *os); 13755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern void ssl_ResetSecurityInfo(sslSecurityInfo *sec, PRBool doMemset); 13765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern void ssl_DestroySecurityInfo(sslSecurityInfo *sec); 13775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 13785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern void ssl_PrintBuf(sslSocket *ss, const char *msg, const void *cp, int len); 13795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern void ssl_DumpMsg(sslSocket *ss, unsigned char *bp, unsigned len); 13805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 13815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl_SendSavedWriteData(sslSocket *ss); 13825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl_SaveWriteData(sslSocket *ss, 13835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const void* p, unsigned int l); 13845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl2_BeginClientHandshake(sslSocket *ss); 13855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl2_BeginServerHandshake(sslSocket *ss); 13865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl_Do1stHandshake(sslSocket *ss); 13875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 13885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus sslBuffer_Grow(sslBuffer *b, unsigned int newLen); 13895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus sslBuffer_Append(sslBuffer *b, const void * data, 13905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int len); 13915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 13925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern void ssl2_UseClearSendFunc(sslSocket *ss); 13935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern void ssl_ChooseSessionIDProcs(sslSecurityInfo *sec); 13945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 13955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern sslSessionID *ssl3_NewSessionID(sslSocket *ss, PRBool is_server); 13965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern sslSessionID *ssl_LookupSID(const PRIPv6Addr *addr, PRUint16 port, 13975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const char *peerID, const char *urlSvrName); 13985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern void ssl_FreeSID(sslSessionID *sid); 13995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 14005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl3_SendApplicationData(sslSocket *ss, const PRUint8 *in, 14015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int len, int flags); 14025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 14035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern PRBool ssl_FdIsBlocking(PRFileDesc *fd); 14045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 14055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern PRBool ssl_SocketIsBlocking(sslSocket *ss); 14065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 14075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern void ssl3_SetAlwaysBlock(sslSocket *ss); 14085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 14095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled); 14105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 14115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern PRBool ssl3_CanFalseStart(sslSocket *ss); 14125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus 14135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)ssl3_CompressMACEncryptRecord(ssl3CipherSpec * cwSpec, 14145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRBool isServer, 14155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRBool isDTLS, 14165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRBool capRecordVersion, 14175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3ContentType type, 14185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const SSL3Opaque * pIn, 14195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint32 contentLen, 14205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sslBuffer * wrBuf); 14215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern PRInt32 ssl3_SendRecord(sslSocket *ss, DTLSEpoch epoch, 14225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3ContentType type, 14235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const SSL3Opaque* pIn, PRInt32 nIn, 14245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRInt32 flags); 14255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 14265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#ifdef NSS_ENABLE_ZLIB 14275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* 14285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * The DEFLATE algorithm can result in an expansion of 0.1% + 12 bytes. For a 14295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * maximum TLS record payload of 2**14 bytes, that's 29 bytes. 14305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 14315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL3_COMPRESSION_MAX_EXPANSION 29 14325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#else /* !NSS_ENABLE_ZLIB */ 14335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL3_COMPRESSION_MAX_EXPANSION 0 14345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 14355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 14365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* 14375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * make sure there is room in the write buffer for padding and 14385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * other compression and cryptographic expansions. 14395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 14405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL3_BUFFER_FUDGE 100 + SSL3_COMPRESSION_MAX_EXPANSION 14415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 14425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL_LOCK_READER(ss) if (ss->recvLock) PZ_Lock(ss->recvLock) 14435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL_UNLOCK_READER(ss) if (ss->recvLock) PZ_Unlock(ss->recvLock) 14445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL_LOCK_WRITER(ss) if (ss->sendLock) PZ_Lock(ss->sendLock) 14455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL_UNLOCK_WRITER(ss) if (ss->sendLock) PZ_Unlock(ss->sendLock) 14465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 14475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* firstHandshakeLock -> recvBufLock */ 14485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define ssl_Get1stHandshakeLock(ss) \ 14495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) { if (!ss->opt.noLocks) { \ 14505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PORT_Assert(PZ_InMonitor((ss)->firstHandshakeLock) || \ 14515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) !ssl_HaveRecvBufLock(ss)); \ 14525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PZ_EnterMonitor((ss)->firstHandshakeLock); \ 14535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } } 14545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define ssl_Release1stHandshakeLock(ss) \ 14555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) { if (!ss->opt.noLocks) PZ_ExitMonitor((ss)->firstHandshakeLock); } 14565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define ssl_Have1stHandshakeLock(ss) \ 14575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) (PZ_InMonitor((ss)->firstHandshakeLock)) 14585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 14595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* ssl3HandshakeLock -> xmitBufLock */ 14605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define ssl_GetSSL3HandshakeLock(ss) \ 14615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) { if (!ss->opt.noLocks) { \ 14625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PORT_Assert(!ssl_HaveXmitBufLock(ss)); \ 14635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PZ_EnterMonitor((ss)->ssl3HandshakeLock); \ 14645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } } 14655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define ssl_ReleaseSSL3HandshakeLock(ss) \ 14665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) { if (!ss->opt.noLocks) PZ_ExitMonitor((ss)->ssl3HandshakeLock); } 14675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define ssl_HaveSSL3HandshakeLock(ss) \ 14685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) (PZ_InMonitor((ss)->ssl3HandshakeLock)) 14695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 14705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define ssl_GetSpecReadLock(ss) \ 14715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) { if (!ss->opt.noLocks) NSSRWLock_LockRead((ss)->specLock); } 14725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define ssl_ReleaseSpecReadLock(ss) \ 14735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) { if (!ss->opt.noLocks) NSSRWLock_UnlockRead((ss)->specLock); } 14745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* NSSRWLock_HaveReadLock is not exported so there's no 14755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * ssl_HaveSpecReadLock macro. */ 14765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 14775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define ssl_GetSpecWriteLock(ss) \ 14785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) { if (!ss->opt.noLocks) NSSRWLock_LockWrite((ss)->specLock); } 14795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define ssl_ReleaseSpecWriteLock(ss) \ 14805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) { if (!ss->opt.noLocks) NSSRWLock_UnlockWrite((ss)->specLock); } 14815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define ssl_HaveSpecWriteLock(ss) \ 14825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) (NSSRWLock_HaveWriteLock((ss)->specLock)) 14835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 14845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* recvBufLock -> ssl3HandshakeLock -> xmitBufLock */ 14855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define ssl_GetRecvBufLock(ss) \ 14865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) { if (!ss->opt.noLocks) { \ 14875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PORT_Assert(!ssl_HaveSSL3HandshakeLock(ss)); \ 14885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PORT_Assert(!ssl_HaveXmitBufLock(ss)); \ 14895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PZ_EnterMonitor((ss)->recvBufLock); \ 14905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } } 14915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define ssl_ReleaseRecvBufLock(ss) \ 14925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) { if (!ss->opt.noLocks) PZ_ExitMonitor( (ss)->recvBufLock); } 14935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define ssl_HaveRecvBufLock(ss) \ 14945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) (PZ_InMonitor((ss)->recvBufLock)) 14955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 14965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* xmitBufLock -> specLock */ 14975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define ssl_GetXmitBufLock(ss) \ 14985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) { if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->xmitBufLock); } 14995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define ssl_ReleaseXmitBufLock(ss) \ 15005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) { if (!ss->opt.noLocks) PZ_ExitMonitor( (ss)->xmitBufLock); } 15015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define ssl_HaveXmitBufLock(ss) \ 15025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) (PZ_InMonitor((ss)->xmitBufLock)) 15035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 15045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Placeholder value used in version ranges when SSL 3.0 and all 15055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * versions of TLS are disabled. 15065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 15075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL_LIBRARY_VERSION_NONE 0 15085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 15095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* SSL_LIBRARY_VERSION_MAX_SUPPORTED is the maximum version that this version 15105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * of libssl supports. Applications should use SSL_VersionRangeGetSupported at 15115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * runtime to determine which versions are supported by the version of libssl 15125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * in use. 15135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 1514868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)#define SSL_LIBRARY_VERSION_MAX_SUPPORTED SSL_LIBRARY_VERSION_TLS_1_2 15155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 15165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Rename this macro SSL_ALL_VERSIONS_DISABLED when SSL 2.0 is removed. */ 15175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL3_ALL_VERSIONS_DISABLED(vrange) \ 15185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ((vrange)->min == SSL_LIBRARY_VERSION_NONE) 15195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 15205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern PRBool ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant, 15215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3ProtocolVersion version); 15225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 15235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_KeyAndMacDeriveBypass(ssl3CipherSpec * pwSpec, 15245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const unsigned char * cr, const unsigned char * sr, 15255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRBool isTLS, PRBool isExport); 15265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_MasterKeyDeriveBypass( ssl3CipherSpec * pwSpec, 15275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const unsigned char * cr, const unsigned char * sr, 15285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const SECItem * pms, PRBool isTLS, PRBool isRSA); 15295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 15305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* These functions are called from secnav, even though they're "private". */ 15315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 15325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl2_SendErrorMessage(struct sslSocketStr *ss, int error); 15335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern sslSocket *ssl_FindSocket(PRFileDesc *fd); 15345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern void ssl_FreeSocket(struct sslSocketStr *ssl); 15355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus SSL3_SendAlert(sslSocket *ss, SSL3AlertLevel level, 15365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3AlertDescription desc); 15375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_DecodeError(sslSocket *ss); 15385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 15395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_RestartHandshakeAfterCertReq(sslSocket * ss, 15405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERTCertificate * cert, 15415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECKEYPrivateKey * key, 15425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERTCertificateList *certChain); 15435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 15445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_RestartHandshakeAfterChannelIDReq( 15455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sslSocket *ss, 15465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECKEYPublicKey *channelIDPub, 15475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECKEYPrivateKey *channelID); 15485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 15495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error); 15505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 15515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* 15525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * for dealing with SSL 3.0 clients sending SSL 2.0 format hellos 15535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 15545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_HandleV2ClientHello( 15555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sslSocket *ss, unsigned char *buffer, int length); 15565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_StartHandshakeHash( 15575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sslSocket *ss, unsigned char *buf, int length); 15585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 15595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* 15605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * SSL3 specific routines 15615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 15625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)SECStatus ssl3_SendClientHello(sslSocket *ss, PRBool resending); 15635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 15645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* 15655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * input into the SSL3 machinery from the actualy network reading code 15665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 15675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)SECStatus ssl3_HandleRecord( 15685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sslSocket *ss, SSL3Ciphertext *cipher, sslBuffer *out); 15695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 15705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int ssl3_GatherAppDataRecord(sslSocket *ss, int flags); 15715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int ssl3_GatherCompleteHandshake(sslSocket *ss, int flags); 15725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* 15735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * When talking to export clients or using export cipher suites, servers 15745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * with public RSA keys larger than 512 bits need to use a 512-bit public 15755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * key, signed by the larger key. The smaller key is a "step down" key. 15765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * Generate that key pair and keep it around. 15775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 15785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_CreateRSAStepDownKeys(sslSocket *ss); 15795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 15805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#ifdef NSS_ENABLE_ECC 15815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern void ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss); 15825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern PRBool ssl3_IsECCEnabled(sslSocket *ss); 15835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_DisableECCSuites(sslSocket * ss, 15845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const ssl3CipherSuite * suite); 1585a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles)extern PRUint32 ssl3_GetSupportedECCurveMask(sslSocket *ss); 1586c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 15875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 15885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Macro for finding a curve equivalent in strength to RSA key's */ 15895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL_RSASTRENGTH_TO_ECSTRENGTH(s) \ 15905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ((s <= 1024) ? 160 \ 15915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) : ((s <= 2048) ? 224 \ 15925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) : ((s <= 3072) ? 256 \ 15935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) : ((s <= 7168) ? 384 : 521 ) ) ) ) 15945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 15955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Types and names of elliptic curves used in TLS */ 15965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef enum { ec_type_explicitPrime = 1, 15975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ec_type_explicitChar2Curve = 2, 15985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ec_type_named 15995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} ECType; 16005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 16015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef enum { ec_noName = 0, 16025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ec_sect163k1 = 1, 16035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ec_sect163r1 = 2, 16045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ec_sect163r2 = 3, 16055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ec_sect193r1 = 4, 16065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ec_sect193r2 = 5, 16075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ec_sect233k1 = 6, 16085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ec_sect233r1 = 7, 16095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ec_sect239k1 = 8, 16105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ec_sect283k1 = 9, 16115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ec_sect283r1 = 10, 16125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ec_sect409k1 = 11, 16135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ec_sect409r1 = 12, 16145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ec_sect571k1 = 13, 16155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ec_sect571r1 = 14, 16165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ec_secp160k1 = 15, 16175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ec_secp160r1 = 16, 16185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ec_secp160r2 = 17, 16195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ec_secp192k1 = 18, 16205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ec_secp192r1 = 19, 16215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ec_secp224k1 = 20, 16225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ec_secp224r1 = 21, 16235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ec_secp256k1 = 22, 16245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ec_secp256r1 = 23, 16255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ec_secp384r1 = 24, 16265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ec_secp521r1 = 25, 16275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ec_pastLastName 16285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} ECName; 16295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1630a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles)extern SECStatus ssl3_ECName2Params(PLArenaPool *arena, ECName curve, 16315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECKEYECParams *params); 16325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)ECName ssl3_GetCurveWithECKeyStrength(PRUint32 curvemsk, int requiredECCbits); 16335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 16345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 16355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif /* NSS_ENABLE_ECC */ 16365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 16375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool on); 16385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *on); 16395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl2_CipherPrefSetDefault(PRInt32 which, PRBool enabled); 16405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl2_CipherPrefGetDefault(PRInt32 which, PRBool *enabled); 16415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 16425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool on); 16435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *on); 16445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl2_CipherPrefSet(sslSocket *ss, PRInt32 which, PRBool enabled); 16455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl2_CipherPrefGet(sslSocket *ss, PRInt32 which, PRBool *enabled); 16465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 16475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_SetPolicy(ssl3CipherSuite which, PRInt32 policy); 16485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy); 16495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl2_SetPolicy(PRInt32 which, PRInt32 policy); 16505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl2_GetPolicy(PRInt32 which, PRInt32 *policy); 16515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 16525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern void ssl2_InitSocketPolicy(sslSocket *ss); 16535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern void ssl3_InitSocketPolicy(sslSocket *ss); 16545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 16555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_ConstructV2CipherSpecsHack(sslSocket *ss, 16565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char *cs, int *size); 16575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 16585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache); 16595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, 16605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint32 length); 16615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 16625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern void ssl3_DestroySSL3Info(sslSocket *ss); 16635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 16645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_NegotiateVersion(sslSocket *ss, 16655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3ProtocolVersion peerVersion, 16665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRBool allowLargerPeerVersion); 16675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 16685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl_GetPeerInfo(sslSocket *ss); 16695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 16705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#ifdef NSS_ENABLE_ECC 16715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* ECDH functions */ 16725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_SendECDHClientKeyExchange(sslSocket * ss, 16735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECKEYPublicKey * svrPubKey); 16745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_HandleECDHServerKeyExchange(sslSocket *ss, 16755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3Opaque *b, PRUint32 length); 16765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_HandleECDHClientKeyExchange(sslSocket *ss, 16775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3Opaque *b, PRUint32 length, 16785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECKEYPublicKey *srvrPubKey, 16795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECKEYPrivateKey *srvrPrivKey); 1680868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)extern SECStatus ssl3_SendECDHServerKeyExchange(sslSocket *ss, 1681868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) const SSL3SignatureAndHashAlgorithm *sigAndHash); 16825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 16835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1684868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)extern SECStatus ssl3_ComputeCommonKeyHash(SECOidTag hashAlg, 1685868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) PRUint8 * hashBuf, 16865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int bufLen, SSL3Hashes *hashes, 16875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRBool bypassPKCS11); 16885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern void ssl3_DestroyCipherSpec(ssl3CipherSpec *spec, PRBool freeSrvName); 16895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_InitPendingCipherSpec(sslSocket *ss, PK11SymKey *pms); 16905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_AppendHandshake(sslSocket *ss, const void *void_src, 16915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRInt32 bytes); 16925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_AppendHandshakeHeader(sslSocket *ss, 16935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3HandshakeType t, PRUint32 length); 16945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_AppendHandshakeNumber(sslSocket *ss, PRInt32 num, 16955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRInt32 lenSize); 16965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_AppendHandshakeVariable( sslSocket *ss, 16975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const SSL3Opaque *src, PRInt32 bytes, PRInt32 lenSize); 1698868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)extern SECStatus ssl3_AppendSignatureAndHashAlgorithm(sslSocket *ss, 1699868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) const SSL3SignatureAndHashAlgorithm* sigAndHash); 17005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRInt32 bytes, 17015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3Opaque **b, PRUint32 *length); 17025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern PRInt32 ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRInt32 bytes, 17035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3Opaque **b, PRUint32 *length); 17045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i, 17055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRInt32 bytes, SSL3Opaque **b, PRUint32 *length); 1706868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)extern SECOidTag ssl3_TLSHashAlgorithmToOID(int hashFunc); 1707868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)extern SECStatus ssl3_CheckSignatureAndHashAlgorithmConsistency( 1708868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) const SSL3SignatureAndHashAlgorithm *sigAndHash, 1709868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) CERTCertificate* cert); 1710868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)extern SECStatus ssl3_ConsumeSignatureAndHashAlgorithm(sslSocket *ss, 1711868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) SSL3Opaque **b, PRUint32 *length, 1712868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) SSL3SignatureAndHashAlgorithm *out); 17135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, 17145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECItem *buf, PRBool isTLS); 17155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_VerifySignedHashes(SSL3Hashes *hash, 17165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERTCertificate *cert, SECItem *buf, PRBool isTLS, 17175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void *pwArg); 17185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_CacheWrappedMasterSecret(sslSocket *ss, 17195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sslSessionID *sid, ssl3CipherSpec *spec, 17205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3KEAType effectiveExchKeyType); 17215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 17225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Functions that handle ClientHello and ServerHello extensions. */ 17235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_HandleServerNameXtn(sslSocket * ss, 17245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint16 ex_type, SECItem *data); 17255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_HandleSupportedCurvesXtn(sslSocket * ss, 17265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint16 ex_type, SECItem *data); 17275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_HandleSupportedPointFormatsXtn(sslSocket * ss, 17285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint16 ex_type, SECItem *data); 17295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_ClientHandleSessionTicketXtn(sslSocket *ss, 17305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint16 ex_type, SECItem *data); 17315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, 17325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint16 ex_type, SECItem *data); 17335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 17345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* ClientHello and ServerHello extension senders. 17355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * Note that not all extension senders are exposed here; only those that 17365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * that need exposure. 17375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 17385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern PRInt32 ssl3_SendSessionTicketXtn(sslSocket *ss, PRBool append, 17395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint32 maxBytes); 17405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 17415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* ClientHello and ServerHello extension senders. 17425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * The code is in ssl3ext.c. 17435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 17445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern PRInt32 ssl3_SendServerNameXtn(sslSocket *ss, PRBool append, 17455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint32 maxBytes); 17465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 17475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Assigns new cert, cert chain and keys to ss->serverCerts 17485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * struct. If certChain is NULL, tries to find one. Aborts if 17495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * fails to do so. If cert and keyPair are NULL - unconfigures 17505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * sslSocket of kea type.*/ 17515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl_ConfigSecureServer(sslSocket *ss, CERTCertificate *cert, 17525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const CERTCertificateList *certChain, 17535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ssl3KeyPair *keyPair, SSLKEAType kea); 17545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 17555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#ifdef NSS_ENABLE_ECC 17565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern PRInt32 ssl3_SendSupportedCurvesXtn(sslSocket *ss, 17575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRBool append, PRUint32 maxBytes); 17585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern PRInt32 ssl3_SendSupportedPointFormatsXtn(sslSocket *ss, 17595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRBool append, PRUint32 maxBytes); 17605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 17615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 17625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* call the registered extension handlers. */ 17635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_HandleHelloExtensions(sslSocket *ss, 17645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3Opaque **b, PRUint32 *length); 17655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 17665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Hello Extension related routines. */ 17675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern PRBool ssl3_ExtensionNegotiated(sslSocket *ss, PRUint16 ex_type); 17685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_SetSIDSessionTicket(sslSessionID *sid, 17695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) NewSessionTicket *session_ticket); 17705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_SendNewSessionTicket(sslSocket *ss); 17715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern PRBool ssl_GetSessionTicketKeys(unsigned char *keyName, 17725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char *encKey, unsigned char *macKey); 17735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern PRBool ssl_GetSessionTicketKeysPKCS11(SECKEYPrivateKey *svrPrivKey, 17745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECKEYPublicKey *svrPubKey, void *pwArg, 17755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char *keyName, PK11SymKey **aesKey, 17765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PK11SymKey **macKey); 17775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 17785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Tell clients to consider tickets valid for this long. */ 17795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define TLS_EX_SESS_TICKET_LIFETIME_HINT (2 * 24 * 60 * 60) /* 2 days */ 17805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define TLS_EX_SESS_TICKET_VERSION (0x0100) 17815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 17825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char* data, 17835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int length); 17845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 17855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_GetTLSUniqueChannelBinding(sslSocket *ss, 17865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char *out, 17875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int *outLen, 17885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int outLenMax); 17895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 17905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Construct a new NSPR socket for the app to use */ 17915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern PRFileDesc *ssl_NewPRSocket(sslSocket *ss, PRFileDesc *fd); 17925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern void ssl_FreePRSocket(PRFileDesc *fd); 17935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 17945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Internal config function so SSL2 can initialize the present state of 17955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * various ciphers */ 17965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl3_config_match_init(sslSocket *); 17975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 17985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Create a new ref counted key pair object from two keys. */ 17995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern ssl3KeyPair * ssl3_NewKeyPair( SECKEYPrivateKey * privKey, 18005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECKEYPublicKey * pubKey); 18015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 18025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* get a new reference (bump ref count) to an ssl3KeyPair. */ 18035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern ssl3KeyPair * ssl3_GetKeyPairRef(ssl3KeyPair * keyPair); 18045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 18055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Decrement keypair's ref count and free if zero. */ 18065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern void ssl3_FreeKeyPair(ssl3KeyPair * keyPair); 18075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 18085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* calls for accessing wrapping keys across processes. */ 18095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern PRBool 18105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)ssl_GetWrappingKey( PRInt32 symWrapMechIndex, 18115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3KEAType exchKeyType, 18125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLWrappedSymWrappingKey *wswk); 18135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 18145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* The caller passes in the new value it wants 18155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * to set. This code tests the wrapped sym key entry in the file on disk. 18165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * If it is uninitialized, this function writes the caller's value into 18175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * the disk entry, and returns false. 18185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * Otherwise, it overwrites the caller's wswk with the value obtained from 18195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * the disk, and returns PR_TRUE. 18205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * This is all done while holding the locks/semaphores necessary to make 18215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * the operation atomic. 18225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 18235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern PRBool 18245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)ssl_SetWrappingKey(SSLWrappedSymWrappingKey *wswk); 18255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 18265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* get rid of the symmetric wrapping key references. */ 18275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus SSL3_ShutdownServerCache(void); 18285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 18295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl_InitSymWrapKeysLock(void); 18305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 18315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl_FreeSymWrapKeysLock(void); 18325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 18335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl_InitSessionCacheLocks(PRBool lazyInit); 18345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 18355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl_FreeSessionCacheLocks(void); 18365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 18375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/***************** platform client auth ****************/ 18385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 18395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#ifdef NSS_PLATFORM_CLIENT_AUTH 18405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Releases the platform key. 18415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern void ssl_FreePlatformKey(PlatformKey key); 18425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 18435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Implement the client CertificateVerify message for SSL3/TLS1.0 18445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus ssl3_PlatformSignHashes(SSL3Hashes *hash, 18455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PlatformKey key, SECItem *buf, 1846c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) PRBool isTLS, KeyType keyType); 18475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 18485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Converts a CERTCertList* (A collection of CERTCertificates) into a 18495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// CERTCertificateList* (A collection of SECItems), or returns NULL if 18505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// it cannot be converted. 18515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// This is to allow the platform-supplied chain to be created with purely 18525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// public API functions, using the preferred CERTCertList mutators, rather 18535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// pushing this hack to clients. 18545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern CERTCertificateList* hack_NewCertificateListFromCertList( 18555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERTCertList* list); 18565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif /* NSS_PLATFORM_CLIENT_AUTH */ 18575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 18585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/**************** DTLS-specific functions **************/ 18595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern void dtls_FreeQueuedMessage(DTLSQueuedMessage *msg); 18605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern void dtls_FreeQueuedMessages(PRCList *lst); 18615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern void dtls_FreeHandshakeMessages(PRCList *lst); 18625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 18635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf); 18645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus dtls_HandleHelloVerifyRequest(sslSocket *ss, 18655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3Opaque *b, PRUint32 length); 18665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus dtls_StageHandshakeMessage(sslSocket *ss); 18675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus dtls_QueueMessage(sslSocket *ss, SSL3ContentType type, 18685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const SSL3Opaque *pIn, PRInt32 nIn); 18695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus dtls_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags); 18705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus dtls_CompressMACEncryptRecord(sslSocket *ss, 18715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DTLSEpoch epoch, 18725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRBool use_epoch, 18735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL3ContentType type, 18745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const SSL3Opaque *pIn, 18755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRUint32 contentLen, 18765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) sslBuffer *wrBuf); 18775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)SECStatus ssl3_DisableNonDTLSSuites(sslSocket * ss); 18785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus dtls_StartTimer(sslSocket *ss, DTLSTimerCb cb); 18795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus dtls_RestartTimer(sslSocket *ss, PRBool backoff, 18805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DTLSTimerCb cb); 18815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern void dtls_CheckTimer(sslSocket *ss); 18825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern void dtls_CancelTimer(sslSocket *ss); 18835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern void dtls_FinishedTimerCb(sslSocket *ss); 18845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern void dtls_SetMTU(sslSocket *ss, PRUint16 advertised); 18855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern void dtls_InitRecvdRecords(DTLSRecvdRecords *records); 18865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int dtls_RecordGetRecvd(DTLSRecvdRecords *records, PRUint64 seq); 18875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern void dtls_RecordSetRecvd(DTLSRecvdRecords *records, PRUint64 seq); 18885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern void dtls_RehandshakeCleanup(sslSocket *ss); 18895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SSL3ProtocolVersion 18905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)dtls_TLSVersionToDTLSVersion(SSL3ProtocolVersion tlsv); 18915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SSL3ProtocolVersion 18925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)dtls_DTLSVersionToTLSVersion(SSL3ProtocolVersion dtlsv); 18935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 18945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/********************** misc calls *********************/ 18955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 18965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int ssl_MapLowLevelError(int hiLevelError); 18975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 18985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern PRUint32 ssl_Time(void); 18995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 19005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern void SSL_AtomicIncrementLong(long * x); 19015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 19025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)SECStatus SSL_DisableDefaultExportCipherSuites(void); 19035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)SECStatus SSL_DisableExportCipherSuites(PRFileDesc * fd); 19045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)PRBool SSL_IsExportCipherSuite(PRUint16 cipherSuite); 19055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 19065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern SECStatus 19075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, 19085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const char *label, unsigned int labelLen, 19095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const unsigned char *val, unsigned int valLen, 19105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char *out, unsigned int outLen); 19115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 19125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#ifdef TRACE 19135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL_TRACE(msg) ssl_Trace msg 19145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#else 19155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL_TRACE(msg) 19165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 19175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 19185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void ssl_Trace(const char *format, ...); 19195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 19205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)SEC_END_PROTOS 19215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 19225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) 19235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL_GETPID getpid 19245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#elif defined(WIN32) 19255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern int __cdecl _getpid(void); 19265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL_GETPID _getpid 19275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#else 19285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SSL_GETPID() 0 19295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 19305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 19315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif /* __sslimpl_h_ */ 1932