security/nss/lib/ssl/sslsock.c@b8a032363ba2
security/nss/lib/ssl/sslsock.c
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
1 /*
2 * vtables (and methods that call through them) for the 4 types of
3 * SSLSockets supported. Only one type is still supported.
4 * Various other functions.
5 *
6 * This Source Code Form is subject to the terms of the Mozilla Public
7 * License, v. 2.0. If a copy of the MPL was not distributed with this
8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
9 #include "seccomon.h"
10 #include "cert.h"
11 #include "keyhi.h"
12 #include "ssl.h"
13 #include "sslimpl.h"
14 #include "sslproto.h"
15 #include "nspr.h"
16 #include "private/pprio.h"
17 #ifndef NO_PKCS11_BYPASS
18 #include "blapi.h"
19 #endif
20 #include "nss.h"
22 #define SET_ERROR_CODE /* reminder */
24 static const sslSocketOps ssl_default_ops = { /* No SSL. */
25 ssl_DefConnect,
26 NULL,
27 ssl_DefBind,
28 ssl_DefListen,
29 ssl_DefShutdown,
30 ssl_DefClose,
31 ssl_DefRecv,
32 ssl_DefSend,
33 ssl_DefRead,
34 ssl_DefWrite,
35 ssl_DefGetpeername,
36 ssl_DefGetsockname
37 };
39 static const sslSocketOps ssl_secure_ops = { /* SSL. */
40 ssl_SecureConnect,
41 NULL,
42 ssl_DefBind,
43 ssl_DefListen,
44 ssl_SecureShutdown,
45 ssl_SecureClose,
46 ssl_SecureRecv,
47 ssl_SecureSend,
48 ssl_SecureRead,
49 ssl_SecureWrite,
50 ssl_DefGetpeername,
51 ssl_DefGetsockname
52 };
54 /*
55 ** default settings for socket enables
56 */
57 static sslOptions ssl_defaults = {
58 { siBuffer, NULL, 0 }, /* nextProtoNego */
59 PR_TRUE, /* useSecurity */
60 PR_FALSE, /* useSocks */
61 PR_FALSE, /* requestCertificate */
62 2, /* requireCertificate */
63 PR_FALSE, /* handshakeAsClient */
64 PR_FALSE, /* handshakeAsServer */
65 PR_FALSE, /* enableSSL2 */ /* now defaults to off in NSS 3.13 */
66 PR_FALSE, /* unusedBit9 */
67 PR_FALSE, /* unusedBit10 */
68 PR_FALSE, /* noCache */
69 PR_FALSE, /* fdx */
70 PR_FALSE, /* v2CompatibleHello */ /* now defaults to off in NSS 3.13 */
71 PR_TRUE, /* detectRollBack */
72 PR_FALSE, /* noStepDown */
73 PR_FALSE, /* bypassPKCS11 */
74 PR_FALSE, /* noLocks */
75 PR_FALSE, /* enableSessionTickets */
76 PR_FALSE, /* enableDeflate */
77 2, /* enableRenegotiation (default: requires extension) */
78 PR_FALSE, /* requireSafeNegotiation */
79 PR_FALSE, /* enableFalseStart */
80 PR_TRUE, /* cbcRandomIV */
81 PR_FALSE, /* enableOCSPStapling */
82 PR_TRUE, /* enableNPN */
83 PR_FALSE, /* enableALPN */
84 PR_FALSE, /* dummy */
85 PR_FALSE /* enableFallbackSCSV */
86 };
88 /*
89 * default range of enabled SSL/TLS protocols
90 */
91 static SSLVersionRange versions_defaults_stream = {
92 SSL_LIBRARY_VERSION_3_0,
93 SSL_LIBRARY_VERSION_TLS_1_0
94 };
96 static SSLVersionRange versions_defaults_datagram = {
97 SSL_LIBRARY_VERSION_TLS_1_1,
98 SSL_LIBRARY_VERSION_TLS_1_1
99 };
101 #define VERSIONS_DEFAULTS(variant) \
102 (variant == ssl_variant_stream ? &versions_defaults_stream : \
103 &versions_defaults_datagram)
105 sslSessionIDLookupFunc ssl_sid_lookup;
106 sslSessionIDCacheFunc ssl_sid_cache;
107 sslSessionIDUncacheFunc ssl_sid_uncache;
109 static PRBool ssl_inited = PR_FALSE;
110 static PRDescIdentity ssl_layer_id;
112 PRBool locksEverDisabled; /* implicitly PR_FALSE */
113 PRBool ssl_force_locks; /* implicitly PR_FALSE */
114 int ssl_lock_readers = 1; /* default true. */
115 char ssl_debug;
116 char ssl_trace;
117 FILE * ssl_trace_iob;
118 FILE * ssl_keylog_iob;
119 char lockStatus[] = "Locks are ENABLED. ";
120 #define LOCKSTATUS_OFFSET 10 /* offset of ENABLED */
122 /* SRTP_NULL_HMAC_SHA1_80 and SRTP_NULL_HMAC_SHA1_32 are not implemented. */
123 static const PRUint16 srtpCiphers[] = {
124 SRTP_AES128_CM_HMAC_SHA1_80,
125 SRTP_AES128_CM_HMAC_SHA1_32,
126 0
127 };
129 /* forward declarations. */
130 static sslSocket *ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant variant);
131 static SECStatus ssl_MakeLocks(sslSocket *ss);
132 static void ssl_SetDefaultsFromEnvironment(void);
133 static PRStatus ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack,
134 PRDescIdentity id);
136 /************************************************************************/
138 /*
139 ** Lookup a socket structure from a file descriptor.
140 ** Only functions called through the PRIOMethods table should use this.
141 ** Other app-callable functions should use ssl_FindSocket.
142 */
143 static sslSocket *
144 ssl_GetPrivate(PRFileDesc *fd)
145 {
146 sslSocket *ss;
148 PORT_Assert(fd != NULL);
149 PORT_Assert(fd->methods->file_type == PR_DESC_LAYERED);
150 PORT_Assert(fd->identity == ssl_layer_id);
152 if (fd->methods->file_type != PR_DESC_LAYERED ||
153 fd->identity != ssl_layer_id) {
154 PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
155 return NULL;
156 }
158 ss = (sslSocket *)fd->secret;
159 /* Set ss->fd lazily. We can't rely on the value of ss->fd set by
160 * ssl_PushIOLayer because another PR_PushIOLayer call will switch the
161 * contents of the PRFileDesc pointed by ss->fd and the new layer.
162 * See bug 807250.
163 */
164 ss->fd = fd;
165 return ss;
166 }
168 /* This function tries to find the SSL layer in the stack.
169 * It searches for the first SSL layer at or below the argument fd,
170 * and failing that, it searches for the nearest SSL layer above the
171 * argument fd. It returns the private sslSocket from the found layer.
172 */
173 sslSocket *
174 ssl_FindSocket(PRFileDesc *fd)
175 {
176 PRFileDesc *layer;
177 sslSocket *ss;
179 PORT_Assert(fd != NULL);
180 PORT_Assert(ssl_layer_id != 0);
182 layer = PR_GetIdentitiesLayer(fd, ssl_layer_id);
183 if (layer == NULL) {
184 PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
185 return NULL;
186 }
188 ss = (sslSocket *)layer->secret;
189 /* Set ss->fd lazily. We can't rely on the value of ss->fd set by
190 * ssl_PushIOLayer because another PR_PushIOLayer call will switch the
191 * contents of the PRFileDesc pointed by ss->fd and the new layer.
192 * See bug 807250.
193 */
194 ss->fd = layer;
195 return ss;
196 }
198 static sslSocket *
199 ssl_DupSocket(sslSocket *os)
200 {
201 sslSocket *ss;
202 SECStatus rv;
204 ss = ssl_NewSocket((PRBool)(!os->opt.noLocks), os->protocolVariant);
205 if (ss) {
206 ss->opt = os->opt;
207 ss->opt.useSocks = PR_FALSE;
208 ss->vrange = os->vrange;
210 ss->peerID = !os->peerID ? NULL : PORT_Strdup(os->peerID);
211 ss->url = !os->url ? NULL : PORT_Strdup(os->url);
213 ss->ops = os->ops;
214 ss->rTimeout = os->rTimeout;
215 ss->wTimeout = os->wTimeout;
216 ss->cTimeout = os->cTimeout;
217 ss->dbHandle = os->dbHandle;
219 /* copy ssl2&3 policy & prefs, even if it's not selected (yet) */
220 ss->allowedByPolicy = os->allowedByPolicy;
221 ss->maybeAllowedByPolicy= os->maybeAllowedByPolicy;
222 ss->chosenPreference = os->chosenPreference;
223 PORT_Memcpy(ss->cipherSuites, os->cipherSuites, sizeof os->cipherSuites);
224 PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, os->ssl3.dtlsSRTPCiphers,
225 sizeof(PRUint16) * os->ssl3.dtlsSRTPCipherCount);
226 ss->ssl3.dtlsSRTPCipherCount = os->ssl3.dtlsSRTPCipherCount;
228 if (os->cipherSpecs) {
229 ss->cipherSpecs = (unsigned char*)PORT_Alloc(os->sizeCipherSpecs);
230 if (ss->cipherSpecs)
231 PORT_Memcpy(ss->cipherSpecs, os->cipherSpecs,
232 os->sizeCipherSpecs);
233 ss->sizeCipherSpecs = os->sizeCipherSpecs;
234 ss->preferredCipher = os->preferredCipher;
235 } else {
236 ss->cipherSpecs = NULL; /* produced lazily */
237 ss->sizeCipherSpecs = 0;
238 ss->preferredCipher = NULL;
239 }
240 if (ss->opt.useSecurity) {
241 /* This int should be SSLKEAType, but CC on Irix complains,
242 * during the for loop.
243 */
244 int i;
245 sslServerCerts * oc = os->serverCerts;
246 sslServerCerts * sc = ss->serverCerts;
248 for (i=kt_null; i < kt_kea_size; i++, oc++, sc++) {
249 if (oc->serverCert && oc->serverCertChain) {
250 sc->serverCert = CERT_DupCertificate(oc->serverCert);
251 sc->serverCertChain = CERT_DupCertList(oc->serverCertChain);
252 if (!sc->serverCertChain)
253 goto loser;
254 } else {
255 sc->serverCert = NULL;
256 sc->serverCertChain = NULL;
257 }
258 sc->serverKeyPair = oc->serverKeyPair ?
259 ssl3_GetKeyPairRef(oc->serverKeyPair) : NULL;
260 if (oc->serverKeyPair && !sc->serverKeyPair)
261 goto loser;
262 sc->serverKeyBits = oc->serverKeyBits;
263 ss->certStatusArray[i] = !os->certStatusArray[i] ? NULL :
264 SECITEM_DupArray(NULL, os->certStatusArray[i]);
265 }
266 ss->stepDownKeyPair = !os->stepDownKeyPair ? NULL :
267 ssl3_GetKeyPairRef(os->stepDownKeyPair);
268 ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL :
269 ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair);
270 /*
271 * XXX the preceding CERT_ and SECKEY_ functions can fail and return NULL.
272 * XXX We should detect this, and not just march on with NULL pointers.
273 */
274 ss->authCertificate = os->authCertificate;
275 ss->authCertificateArg = os->authCertificateArg;
276 ss->getClientAuthData = os->getClientAuthData;
277 ss->getClientAuthDataArg = os->getClientAuthDataArg;
278 ss->sniSocketConfig = os->sniSocketConfig;
279 ss->sniSocketConfigArg = os->sniSocketConfigArg;
280 ss->handleBadCert = os->handleBadCert;
281 ss->badCertArg = os->badCertArg;
282 ss->handshakeCallback = os->handshakeCallback;
283 ss->handshakeCallbackData = os->handshakeCallbackData;
284 ss->canFalseStartCallback = os->canFalseStartCallback;
285 ss->canFalseStartCallbackData = os->canFalseStartCallbackData;
286 ss->pkcs11PinArg = os->pkcs11PinArg;
288 /* Create security data */
289 rv = ssl_CopySecurityInfo(ss, os);
290 if (rv != SECSuccess) {
291 goto loser;
292 }
293 }
294 }
295 return ss;
297 loser:
298 ssl_FreeSocket(ss);
299 return NULL;
300 }
302 static void
303 ssl_DestroyLocks(sslSocket *ss)
304 {
305 /* Destroy locks. */
306 if (ss->firstHandshakeLock) {
307 PZ_DestroyMonitor(ss->firstHandshakeLock);
308 ss->firstHandshakeLock = NULL;
309 }
310 if (ss->ssl3HandshakeLock) {
311 PZ_DestroyMonitor(ss->ssl3HandshakeLock);
312 ss->ssl3HandshakeLock = NULL;
313 }
314 if (ss->specLock) {
315 NSSRWLock_Destroy(ss->specLock);
316 ss->specLock = NULL;
317 }
319 if (ss->recvLock) {
320 PZ_DestroyLock(ss->recvLock);
321 ss->recvLock = NULL;
322 }
323 if (ss->sendLock) {
324 PZ_DestroyLock(ss->sendLock);
325 ss->sendLock = NULL;
326 }
327 if (ss->xmitBufLock) {
328 PZ_DestroyMonitor(ss->xmitBufLock);
329 ss->xmitBufLock = NULL;
330 }
331 if (ss->recvBufLock) {
332 PZ_DestroyMonitor(ss->recvBufLock);
333 ss->recvBufLock = NULL;
334 }
335 }
337 /* Caller holds any relevant locks */
338 static void
339 ssl_DestroySocketContents(sslSocket *ss)
340 {
341 /* "i" should be of type SSLKEAType, but CC on IRIX complains during
342 * the for loop.
343 */
344 int i;
346 /* Free up socket */
347 ssl_DestroySecurityInfo(&ss->sec);
349 ssl3_DestroySSL3Info(ss);
351 PORT_Free(ss->saveBuf.buf);
352 PORT_Free(ss->pendingBuf.buf);
353 ssl_DestroyGather(&ss->gs);
355 if (ss->peerID != NULL)
356 PORT_Free(ss->peerID);
357 if (ss->url != NULL)
358 PORT_Free((void *)ss->url); /* CONST */
359 if (ss->cipherSpecs) {
360 PORT_Free(ss->cipherSpecs);
361 ss->cipherSpecs = NULL;
362 ss->sizeCipherSpecs = 0;
363 }
365 /* Clean up server configuration */
366 for (i=kt_null; i < kt_kea_size; i++) {
367 sslServerCerts * sc = ss->serverCerts + i;
368 if (sc->serverCert != NULL)
369 CERT_DestroyCertificate(sc->serverCert);
370 if (sc->serverCertChain != NULL)
371 CERT_DestroyCertificateList(sc->serverCertChain);
372 if (sc->serverKeyPair != NULL)
373 ssl3_FreeKeyPair(sc->serverKeyPair);
374 if (ss->certStatusArray[i] != NULL) {
375 SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE);
376 ss->certStatusArray[i] = NULL;
377 }
378 }
379 if (ss->stepDownKeyPair) {
380 ssl3_FreeKeyPair(ss->stepDownKeyPair);
381 ss->stepDownKeyPair = NULL;
382 }
383 if (ss->ephemeralECDHKeyPair) {
384 ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
385 ss->ephemeralECDHKeyPair = NULL;
386 }
387 SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE);
388 PORT_Assert(!ss->xtnData.sniNameArr);
389 if (ss->xtnData.sniNameArr) {
390 PORT_Free(ss->xtnData.sniNameArr);
391 ss->xtnData.sniNameArr = NULL;
392 }
393 }
395 /*
396 * free an sslSocket struct, and all the stuff that hangs off of it
397 */
398 void
399 ssl_FreeSocket(sslSocket *ss)
400 {
401 /* Get every lock you can imagine!
402 ** Caller already holds these:
403 ** SSL_LOCK_READER(ss);
404 ** SSL_LOCK_WRITER(ss);
405 */
406 ssl_Get1stHandshakeLock(ss);
407 ssl_GetRecvBufLock(ss);
408 ssl_GetSSL3HandshakeLock(ss);
409 ssl_GetXmitBufLock(ss);
410 ssl_GetSpecWriteLock(ss);
412 ssl_DestroySocketContents(ss);
414 /* Release all the locks acquired above. */
415 SSL_UNLOCK_READER(ss);
416 SSL_UNLOCK_WRITER(ss);
417 ssl_Release1stHandshakeLock(ss);
418 ssl_ReleaseRecvBufLock(ss);
419 ssl_ReleaseSSL3HandshakeLock(ss);
420 ssl_ReleaseXmitBufLock(ss);
421 ssl_ReleaseSpecWriteLock(ss);
423 ssl_DestroyLocks(ss);
425 #ifdef DEBUG
426 PORT_Memset(ss, 0x1f, sizeof *ss);
427 #endif
428 PORT_Free(ss);
429 return;
430 }
432 /************************************************************************/
433 SECStatus
434 ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled)
435 {
436 PRFileDesc * osfd = ss->fd->lower;
437 SECStatus rv = SECFailure;
438 PRSocketOptionData opt;
440 opt.option = PR_SockOpt_NoDelay;
441 opt.value.no_delay = (PRBool)!enabled;
443 if (osfd->methods->setsocketoption) {
444 rv = (SECStatus) osfd->methods->setsocketoption(osfd, &opt);
445 } else {
446 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
447 }
449 return rv;
450 }
452 static void
453 ssl_ChooseOps(sslSocket *ss)
454 {
455 ss->ops = ss->opt.useSecurity ? &ssl_secure_ops : &ssl_default_ops;
456 }
458 /* Called from SSL_Enable (immediately below) */
459 static SECStatus
460 PrepareSocket(sslSocket *ss)
461 {
462 SECStatus rv = SECSuccess;
464 ssl_ChooseOps(ss);
465 return rv;
466 }
468 SECStatus
469 SSL_Enable(PRFileDesc *fd, int which, PRBool on)
470 {
471 return SSL_OptionSet(fd, which, on);
472 }
474 #ifndef NO_PKCS11_BYPASS
475 static const PRCallOnceType pristineCallOnce;
476 static PRCallOnceType setupBypassOnce;
478 static SECStatus SSL_BypassShutdown(void* appData, void* nssData)
479 {
480 /* unload freeBL shared library from memory */
481 BL_Unload();
482 setupBypassOnce = pristineCallOnce;
483 return SECSuccess;
484 }
486 static PRStatus SSL_BypassRegisterShutdown(void)
487 {
488 SECStatus rv = NSS_RegisterShutdown(SSL_BypassShutdown, NULL);
489 PORT_Assert(SECSuccess == rv);
490 return SECSuccess == rv ? PR_SUCCESS : PR_FAILURE;
491 }
492 #endif
494 static PRStatus SSL_BypassSetup(void)
495 {
496 #ifdef NO_PKCS11_BYPASS
497 /* Guarantee binary compatibility */
498 return PR_SUCCESS;
499 #else
500 return PR_CallOnce(&setupBypassOnce, &SSL_BypassRegisterShutdown);
501 #endif
502 }
504 /* Implements the semantics for SSL_OptionSet(SSL_ENABLE_TLS, on) described in
505 * ssl.h in the section "SSL version range setting API".
506 */
507 static void
508 ssl_EnableTLS(SSLVersionRange *vrange, PRBool on)
509 {
510 if (SSL3_ALL_VERSIONS_DISABLED(vrange)) {
511 if (on) {
512 vrange->min = SSL_LIBRARY_VERSION_TLS_1_0;
513 vrange->max = SSL_LIBRARY_VERSION_TLS_1_0;
514 } /* else don't change anything */
515 return;
516 }
518 if (on) {
519 /* Expand the range of enabled version to include TLS 1.0 */
520 vrange->min = PR_MIN(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
521 vrange->max = PR_MAX(vrange->max, SSL_LIBRARY_VERSION_TLS_1_0);
522 } else {
523 /* Disable all TLS versions, leaving only SSL 3.0 if it was enabled */
524 if (vrange->min == SSL_LIBRARY_VERSION_3_0) {
525 vrange->max = SSL_LIBRARY_VERSION_3_0;
526 } else {
527 /* Only TLS was enabled, so now no versions are. */
528 vrange->min = SSL_LIBRARY_VERSION_NONE;
529 vrange->max = SSL_LIBRARY_VERSION_NONE;
530 }
531 }
532 }
534 /* Implements the semantics for SSL_OptionSet(SSL_ENABLE_SSL3, on) described in
535 * ssl.h in the section "SSL version range setting API".
536 */
537 static void
538 ssl_EnableSSL3(SSLVersionRange *vrange, PRBool on)
539 {
540 if (SSL3_ALL_VERSIONS_DISABLED(vrange)) {
541 if (on) {
542 vrange->min = SSL_LIBRARY_VERSION_3_0;
543 vrange->max = SSL_LIBRARY_VERSION_3_0;
544 } /* else don't change anything */
545 return;
546 }
548 if (on) {
549 /* Expand the range of enabled versions to include SSL 3.0. We know
550 * SSL 3.0 or some version of TLS is already enabled at this point, so
551 * we don't need to change vrange->max.
552 */
553 vrange->min = SSL_LIBRARY_VERSION_3_0;
554 } else {
555 /* Disable SSL 3.0, leaving TLS unaffected. */
556 if (vrange->max > SSL_LIBRARY_VERSION_3_0) {
557 vrange->min = PR_MAX(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
558 } else {
559 /* Only SSL 3.0 was enabled, so now no versions are. */
560 vrange->min = SSL_LIBRARY_VERSION_NONE;
561 vrange->max = SSL_LIBRARY_VERSION_NONE;
562 }
563 }
564 }
566 SECStatus
567 SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
568 {
569 sslSocket *ss = ssl_FindSocket(fd);
570 SECStatus rv = SECSuccess;
571 PRBool holdingLocks;
573 if (!ss) {
574 SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd));
575 return SECFailure;
576 }
578 holdingLocks = (!ss->opt.noLocks);
579 ssl_Get1stHandshakeLock(ss);
580 ssl_GetSSL3HandshakeLock(ss);
582 switch (which) {
583 case SSL_SOCKS:
584 ss->opt.useSocks = PR_FALSE;
585 rv = PrepareSocket(ss);
586 if (on) {
587 PORT_SetError(SEC_ERROR_INVALID_ARGS);
588 rv = SECFailure;
589 }
590 break;
592 case SSL_SECURITY:
593 ss->opt.useSecurity = on;
594 rv = PrepareSocket(ss);
595 break;
597 case SSL_REQUEST_CERTIFICATE:
598 ss->opt.requestCertificate = on;
599 break;
601 case SSL_REQUIRE_CERTIFICATE:
602 ss->opt.requireCertificate = on;
603 break;
605 case SSL_HANDSHAKE_AS_CLIENT:
606 if ( ss->opt.handshakeAsServer && on ) {
607 PORT_SetError(SEC_ERROR_INVALID_ARGS);
608 rv = SECFailure;
609 break;
610 }
611 ss->opt.handshakeAsClient = on;
612 break;
614 case SSL_HANDSHAKE_AS_SERVER:
615 if ( ss->opt.handshakeAsClient && on ) {
616 PORT_SetError(SEC_ERROR_INVALID_ARGS);
617 rv = SECFailure;
618 break;
619 }
620 ss->opt.handshakeAsServer = on;
621 break;
623 case SSL_ENABLE_TLS:
624 if (IS_DTLS(ss)) {
625 if (on) {
626 PORT_SetError(SEC_ERROR_INVALID_ARGS);
627 rv = SECFailure; /* not allowed */
628 }
629 break;
630 }
631 ssl_EnableTLS(&ss->vrange, on);
632 ss->preferredCipher = NULL;
633 if (ss->cipherSpecs) {
634 PORT_Free(ss->cipherSpecs);
635 ss->cipherSpecs = NULL;
636 ss->sizeCipherSpecs = 0;
637 }
638 break;
640 case SSL_ENABLE_SSL3:
641 if (IS_DTLS(ss)) {
642 if (on) {
643 PORT_SetError(SEC_ERROR_INVALID_ARGS);
644 rv = SECFailure; /* not allowed */
645 }
646 break;
647 }
648 ssl_EnableSSL3(&ss->vrange, on);
649 ss->preferredCipher = NULL;
650 if (ss->cipherSpecs) {
651 PORT_Free(ss->cipherSpecs);
652 ss->cipherSpecs = NULL;
653 ss->sizeCipherSpecs = 0;
654 }
655 break;
657 case SSL_ENABLE_SSL2:
658 if (IS_DTLS(ss)) {
659 if (on) {
660 PORT_SetError(SEC_ERROR_INVALID_ARGS);
661 rv = SECFailure; /* not allowed */
662 }
663 break;
664 }
665 ss->opt.enableSSL2 = on;
666 if (on) {
667 ss->opt.v2CompatibleHello = on;
668 }
669 ss->preferredCipher = NULL;
670 if (ss->cipherSpecs) {
671 PORT_Free(ss->cipherSpecs);
672 ss->cipherSpecs = NULL;
673 ss->sizeCipherSpecs = 0;
674 }
675 break;
677 case SSL_NO_CACHE:
678 ss->opt.noCache = on;
679 break;
681 case SSL_ENABLE_FDX:
682 if (on && ss->opt.noLocks) {
683 PORT_SetError(SEC_ERROR_INVALID_ARGS);
684 rv = SECFailure;
685 }
686 ss->opt.fdx = on;
687 break;
689 case SSL_V2_COMPATIBLE_HELLO:
690 if (IS_DTLS(ss)) {
691 if (on) {
692 PORT_SetError(SEC_ERROR_INVALID_ARGS);
693 rv = SECFailure; /* not allowed */
694 }
695 break;
696 }
697 ss->opt.v2CompatibleHello = on;
698 if (!on) {
699 ss->opt.enableSSL2 = on;
700 }
701 break;
703 case SSL_ROLLBACK_DETECTION:
704 ss->opt.detectRollBack = on;
705 break;
707 case SSL_NO_STEP_DOWN:
708 ss->opt.noStepDown = on;
709 if (on)
710 SSL_DisableExportCipherSuites(fd);
711 break;
713 case SSL_BYPASS_PKCS11:
714 if (ss->handshakeBegun) {
715 PORT_SetError(PR_INVALID_STATE_ERROR);
716 rv = SECFailure;
717 } else {
718 if (PR_FALSE != on) {
719 if (PR_SUCCESS == SSL_BypassSetup() ) {
720 #ifdef NO_PKCS11_BYPASS
721 ss->opt.bypassPKCS11 = PR_FALSE;
722 #else
723 ss->opt.bypassPKCS11 = on;
724 #endif
725 } else {
726 rv = SECFailure;
727 }
728 } else {
729 ss->opt.bypassPKCS11 = PR_FALSE;
730 }
731 }
732 break;
734 case SSL_NO_LOCKS:
735 if (on && ss->opt.fdx) {
736 PORT_SetError(SEC_ERROR_INVALID_ARGS);
737 rv = SECFailure;
738 }
739 if (on && ssl_force_locks)
740 on = PR_FALSE; /* silent override */
741 ss->opt.noLocks = on;
742 if (on) {
743 locksEverDisabled = PR_TRUE;
744 strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
745 } else if (!holdingLocks) {
746 rv = ssl_MakeLocks(ss);
747 if (rv != SECSuccess) {
748 ss->opt.noLocks = PR_TRUE;
749 }
750 }
751 break;
753 case SSL_ENABLE_SESSION_TICKETS:
754 ss->opt.enableSessionTickets = on;
755 break;
757 case SSL_ENABLE_DEFLATE:
758 ss->opt.enableDeflate = on;
759 break;
761 case SSL_ENABLE_RENEGOTIATION:
762 ss->opt.enableRenegotiation = on;
763 break;
765 case SSL_REQUIRE_SAFE_NEGOTIATION:
766 ss->opt.requireSafeNegotiation = on;
767 break;
769 case SSL_ENABLE_FALSE_START:
770 ss->opt.enableFalseStart = on;
771 break;
773 case SSL_CBC_RANDOM_IV:
774 ss->opt.cbcRandomIV = on;
775 break;
777 case SSL_ENABLE_OCSP_STAPLING:
778 ss->opt.enableOCSPStapling = on;
779 break;
781 case SSL_ENABLE_NPN:
782 ss->opt.enableNPN = on;
783 break;
785 case SSL_ENABLE_ALPN:
786 ss->opt.enableALPN = on;
787 break;
789 case SSL_ENABLE_FALLBACK_SCSV:
790 ss->opt.enableFallbackSCSV = on;
791 break;
793 default:
794 PORT_SetError(SEC_ERROR_INVALID_ARGS);
795 rv = SECFailure;
796 }
798 /* We can't use the macros for releasing the locks here,
799 * because ss->opt.noLocks might have changed just above.
800 * We must release these locks (monitors) here, if we aquired them above,
801 * regardless of the current value of ss->opt.noLocks.
802 */
803 if (holdingLocks) {
804 PZ_ExitMonitor((ss)->ssl3HandshakeLock);
805 PZ_ExitMonitor((ss)->firstHandshakeLock);
806 }
808 return rv;
809 }
811 SECStatus
812 SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
813 {
814 sslSocket *ss = ssl_FindSocket(fd);
815 SECStatus rv = SECSuccess;
816 PRBool on = PR_FALSE;
818 if (!pOn) {
819 PORT_SetError(SEC_ERROR_INVALID_ARGS);
820 return SECFailure;
821 }
822 if (!ss) {
823 SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd));
824 *pOn = PR_FALSE;
825 return SECFailure;
826 }
828 ssl_Get1stHandshakeLock(ss);
829 ssl_GetSSL3HandshakeLock(ss);
831 switch (which) {
832 case SSL_SOCKS: on = PR_FALSE; break;
833 case SSL_SECURITY: on = ss->opt.useSecurity; break;
834 case SSL_REQUEST_CERTIFICATE: on = ss->opt.requestCertificate; break;
835 case SSL_REQUIRE_CERTIFICATE: on = ss->opt.requireCertificate; break;
836 case SSL_HANDSHAKE_AS_CLIENT: on = ss->opt.handshakeAsClient; break;
837 case SSL_HANDSHAKE_AS_SERVER: on = ss->opt.handshakeAsServer; break;
838 case SSL_ENABLE_TLS:
839 on = ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_0;
840 break;
841 case SSL_ENABLE_SSL3:
842 on = ss->vrange.min == SSL_LIBRARY_VERSION_3_0;
843 break;
844 case SSL_ENABLE_SSL2: on = ss->opt.enableSSL2; break;
845 case SSL_NO_CACHE: on = ss->opt.noCache; break;
846 case SSL_ENABLE_FDX: on = ss->opt.fdx; break;
847 case SSL_V2_COMPATIBLE_HELLO: on = ss->opt.v2CompatibleHello; break;
848 case SSL_ROLLBACK_DETECTION: on = ss->opt.detectRollBack; break;
849 case SSL_NO_STEP_DOWN: on = ss->opt.noStepDown; break;
850 case SSL_BYPASS_PKCS11: on = ss->opt.bypassPKCS11; break;
851 case SSL_NO_LOCKS: on = ss->opt.noLocks; break;
852 case SSL_ENABLE_SESSION_TICKETS:
853 on = ss->opt.enableSessionTickets;
854 break;
855 case SSL_ENABLE_DEFLATE: on = ss->opt.enableDeflate; break;
856 case SSL_ENABLE_RENEGOTIATION:
857 on = ss->opt.enableRenegotiation; break;
858 case SSL_REQUIRE_SAFE_NEGOTIATION:
859 on = ss->opt.requireSafeNegotiation; break;
860 case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break;
861 case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break;
862 case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break;
863 case SSL_ENABLE_NPN: on = ss->opt.enableNPN; break;
864 case SSL_ENABLE_ALPN: on = ss->opt.enableALPN; break;
865 case SSL_ENABLE_FALLBACK_SCSV: on = ss->opt.enableFallbackSCSV; break;
867 default:
868 PORT_SetError(SEC_ERROR_INVALID_ARGS);
869 rv = SECFailure;
870 }
872 ssl_ReleaseSSL3HandshakeLock(ss);
873 ssl_Release1stHandshakeLock(ss);
875 *pOn = on;
876 return rv;
877 }
879 SECStatus
880 SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
881 {
882 SECStatus rv = SECSuccess;
883 PRBool on = PR_FALSE;
885 if (!pOn) {
886 PORT_SetError(SEC_ERROR_INVALID_ARGS);
887 return SECFailure;
888 }
890 ssl_SetDefaultsFromEnvironment();
892 switch (which) {
893 case SSL_SOCKS: on = PR_FALSE; break;
894 case SSL_SECURITY: on = ssl_defaults.useSecurity; break;
895 case SSL_REQUEST_CERTIFICATE: on = ssl_defaults.requestCertificate; break;
896 case SSL_REQUIRE_CERTIFICATE: on = ssl_defaults.requireCertificate; break;
897 case SSL_HANDSHAKE_AS_CLIENT: on = ssl_defaults.handshakeAsClient; break;
898 case SSL_HANDSHAKE_AS_SERVER: on = ssl_defaults.handshakeAsServer; break;
899 case SSL_ENABLE_TLS:
900 on = versions_defaults_stream.max >= SSL_LIBRARY_VERSION_TLS_1_0;
901 break;
902 case SSL_ENABLE_SSL3:
903 on = versions_defaults_stream.min == SSL_LIBRARY_VERSION_3_0;
904 break;
905 case SSL_ENABLE_SSL2: on = ssl_defaults.enableSSL2; break;
906 case SSL_NO_CACHE: on = ssl_defaults.noCache; break;
907 case SSL_ENABLE_FDX: on = ssl_defaults.fdx; break;
908 case SSL_V2_COMPATIBLE_HELLO: on = ssl_defaults.v2CompatibleHello; break;
909 case SSL_ROLLBACK_DETECTION: on = ssl_defaults.detectRollBack; break;
910 case SSL_NO_STEP_DOWN: on = ssl_defaults.noStepDown; break;
911 case SSL_BYPASS_PKCS11: on = ssl_defaults.bypassPKCS11; break;
912 case SSL_NO_LOCKS: on = ssl_defaults.noLocks; break;
913 case SSL_ENABLE_SESSION_TICKETS:
914 on = ssl_defaults.enableSessionTickets;
915 break;
916 case SSL_ENABLE_DEFLATE: on = ssl_defaults.enableDeflate; break;
917 case SSL_ENABLE_RENEGOTIATION:
918 on = ssl_defaults.enableRenegotiation; break;
919 case SSL_REQUIRE_SAFE_NEGOTIATION:
920 on = ssl_defaults.requireSafeNegotiation;
921 break;
922 case SSL_ENABLE_FALSE_START: on = ssl_defaults.enableFalseStart; break;
923 case SSL_CBC_RANDOM_IV: on = ssl_defaults.cbcRandomIV; break;
924 case SSL_ENABLE_OCSP_STAPLING:
925 on = ssl_defaults.enableOCSPStapling;
926 break;
927 case SSL_ENABLE_NPN: on = ssl_defaults.enableNPN; break;
928 case SSL_ENABLE_ALPN: on = ssl_defaults.enableALPN; break;
929 case SSL_ENABLE_FALLBACK_SCSV:
930 on = ssl_defaults.enableFallbackSCSV;
931 break;
933 default:
934 PORT_SetError(SEC_ERROR_INVALID_ARGS);
935 rv = SECFailure;
936 }
938 *pOn = on;
939 return rv;
940 }
942 /* XXX Use Global Lock to protect this stuff. */
943 SECStatus
944 SSL_EnableDefault(int which, PRBool on)
945 {
946 return SSL_OptionSetDefault(which, on);
947 }
949 SECStatus
950 SSL_OptionSetDefault(PRInt32 which, PRBool on)
951 {
952 SECStatus status = ssl_Init();
954 if (status != SECSuccess) {
955 return status;
956 }
958 ssl_SetDefaultsFromEnvironment();
960 switch (which) {
961 case SSL_SOCKS:
962 ssl_defaults.useSocks = PR_FALSE;
963 if (on) {
964 PORT_SetError(SEC_ERROR_INVALID_ARGS);
965 return SECFailure;
966 }
967 break;
969 case SSL_SECURITY:
970 ssl_defaults.useSecurity = on;
971 break;
973 case SSL_REQUEST_CERTIFICATE:
974 ssl_defaults.requestCertificate = on;
975 break;
977 case SSL_REQUIRE_CERTIFICATE:
978 ssl_defaults.requireCertificate = on;
979 break;
981 case SSL_HANDSHAKE_AS_CLIENT:
982 if ( ssl_defaults.handshakeAsServer && on ) {
983 PORT_SetError(SEC_ERROR_INVALID_ARGS);
984 return SECFailure;
985 }
986 ssl_defaults.handshakeAsClient = on;
987 break;
989 case SSL_HANDSHAKE_AS_SERVER:
990 if ( ssl_defaults.handshakeAsClient && on ) {
991 PORT_SetError(SEC_ERROR_INVALID_ARGS);
992 return SECFailure;
993 }
994 ssl_defaults.handshakeAsServer = on;
995 break;
997 case SSL_ENABLE_TLS:
998 ssl_EnableTLS(&versions_defaults_stream, on);
999 break;
1001 case SSL_ENABLE_SSL3:
1002 ssl_EnableSSL3(&versions_defaults_stream, on);
1003 break;
1005 case SSL_ENABLE_SSL2:
1006 ssl_defaults.enableSSL2 = on;
1007 if (on) {
1008 ssl_defaults.v2CompatibleHello = on;
1009 }
1010 break;
1012 case SSL_NO_CACHE:
1013 ssl_defaults.noCache = on;
1014 break;
1016 case SSL_ENABLE_FDX:
1017 if (on && ssl_defaults.noLocks) {
1018 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1019 return SECFailure;
1020 }
1021 ssl_defaults.fdx = on;
1022 break;
1024 case SSL_V2_COMPATIBLE_HELLO:
1025 ssl_defaults.v2CompatibleHello = on;
1026 if (!on) {
1027 ssl_defaults.enableSSL2 = on;
1028 }
1029 break;
1031 case SSL_ROLLBACK_DETECTION:
1032 ssl_defaults.detectRollBack = on;
1033 break;
1035 case SSL_NO_STEP_DOWN:
1036 ssl_defaults.noStepDown = on;
1037 if (on)
1038 SSL_DisableDefaultExportCipherSuites();
1039 break;
1041 case SSL_BYPASS_PKCS11:
1042 if (PR_FALSE != on) {
1043 if (PR_SUCCESS == SSL_BypassSetup()) {
1044 #ifdef NO_PKCS11_BYPASS
1045 ssl_defaults.bypassPKCS11 = PR_FALSE;
1046 #else
1047 ssl_defaults.bypassPKCS11 = on;
1048 #endif
1049 } else {
1050 return SECFailure;
1051 }
1052 } else {
1053 ssl_defaults.bypassPKCS11 = PR_FALSE;
1054 }
1055 break;
1057 case SSL_NO_LOCKS:
1058 if (on && ssl_defaults.fdx) {
1059 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1060 return SECFailure;
1061 }
1062 if (on && ssl_force_locks)
1063 on = PR_FALSE; /* silent override */
1064 ssl_defaults.noLocks = on;
1065 if (on) {
1066 locksEverDisabled = PR_TRUE;
1067 strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
1068 }
1069 break;
1071 case SSL_ENABLE_SESSION_TICKETS:
1072 ssl_defaults.enableSessionTickets = on;
1073 break;
1075 case SSL_ENABLE_DEFLATE:
1076 ssl_defaults.enableDeflate = on;
1077 break;
1079 case SSL_ENABLE_RENEGOTIATION:
1080 ssl_defaults.enableRenegotiation = on;
1081 break;
1083 case SSL_REQUIRE_SAFE_NEGOTIATION:
1084 ssl_defaults.requireSafeNegotiation = on;
1085 break;
1087 case SSL_ENABLE_FALSE_START:
1088 ssl_defaults.enableFalseStart = on;
1089 break;
1091 case SSL_CBC_RANDOM_IV:
1092 ssl_defaults.cbcRandomIV = on;
1093 break;
1095 case SSL_ENABLE_OCSP_STAPLING:
1096 ssl_defaults.enableOCSPStapling = on;
1097 break;
1099 case SSL_ENABLE_NPN:
1100 ssl_defaults.enableNPN = on;
1101 break;
1103 case SSL_ENABLE_ALPN:
1104 ssl_defaults.enableALPN = on;
1105 break;
1107 case SSL_ENABLE_FALLBACK_SCSV:
1108 ssl_defaults.enableFallbackSCSV = on;
1109 break;
1111 default:
1112 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1113 return SECFailure;
1114 }
1115 return SECSuccess;
1116 }
1118 /* function tells us if the cipher suite is one that we no longer support. */
1119 static PRBool
1120 ssl_IsRemovedCipherSuite(PRInt32 suite)
1121 {
1122 switch (suite) {
1123 case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
1124 case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:
1125 case SSL_FORTEZZA_DMS_WITH_RC4_128_SHA:
1126 return PR_TRUE;
1127 default:
1128 return PR_FALSE;
1129 }
1130 }
1132 /* Part of the public NSS API.
1133 * Since this is a global (not per-socket) setting, we cannot use the
1134 * HandshakeLock to protect this. Probably want a global lock.
1135 */
1136 SECStatus
1137 SSL_SetPolicy(long which, int policy)
1138 {
1139 if ((which & 0xfffe) == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) {
1140 /* one of the two old FIPS ciphers */
1141 if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA)
1142 which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA;
1143 else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA)
1144 which = SSL_RSA_FIPS_WITH_DES_CBC_SHA;
1145 }
1146 if (ssl_IsRemovedCipherSuite(which))
1147 return SECSuccess;
1148 return SSL_CipherPolicySet(which, policy);
1149 }
1151 SECStatus
1152 SSL_CipherPolicySet(PRInt32 which, PRInt32 policy)
1153 {
1154 SECStatus rv = ssl_Init();
1156 if (rv != SECSuccess) {
1157 return rv;
1158 }
1160 if (ssl_IsRemovedCipherSuite(which)) {
1161 rv = SECSuccess;
1162 } else if (SSL_IS_SSL2_CIPHER(which)) {
1163 rv = ssl2_SetPolicy(which, policy);
1164 } else {
1165 rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy);
1166 }
1167 return rv;
1168 }
1170 SECStatus
1171 SSL_CipherPolicyGet(PRInt32 which, PRInt32 *oPolicy)
1172 {
1173 SECStatus rv;
1175 if (!oPolicy) {
1176 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1177 return SECFailure;
1178 }
1179 if (ssl_IsRemovedCipherSuite(which)) {
1180 *oPolicy = SSL_NOT_ALLOWED;
1181 rv = SECSuccess;
1182 } else if (SSL_IS_SSL2_CIPHER(which)) {
1183 rv = ssl2_GetPolicy(which, oPolicy);
1184 } else {
1185 rv = ssl3_GetPolicy((ssl3CipherSuite)which, oPolicy);
1186 }
1187 return rv;
1188 }
1190 /* Part of the public NSS API.
1191 * Since this is a global (not per-socket) setting, we cannot use the
1192 * HandshakeLock to protect this. Probably want a global lock.
1193 * These changes have no effect on any sslSockets already created.
1194 */
1195 SECStatus
1196 SSL_EnableCipher(long which, PRBool enabled)
1197 {
1198 if ((which & 0xfffe) == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) {
1199 /* one of the two old FIPS ciphers */
1200 if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA)
1201 which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA;
1202 else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA)
1203 which = SSL_RSA_FIPS_WITH_DES_CBC_SHA;
1204 }
1205 if (ssl_IsRemovedCipherSuite(which))
1206 return SECSuccess;
1207 return SSL_CipherPrefSetDefault(which, enabled);
1208 }
1210 SECStatus
1211 SSL_CipherPrefSetDefault(PRInt32 which, PRBool enabled)
1212 {
1213 SECStatus rv = ssl_Init();
1215 if (rv != SECSuccess) {
1216 return rv;
1217 }
1219 if (ssl_IsRemovedCipherSuite(which))
1220 return SECSuccess;
1221 if (enabled && ssl_defaults.noStepDown && SSL_IsExportCipherSuite(which)) {
1222 PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
1223 return SECFailure;
1224 }
1225 if (SSL_IS_SSL2_CIPHER(which)) {
1226 rv = ssl2_CipherPrefSetDefault(which, enabled);
1227 } else {
1228 rv = ssl3_CipherPrefSetDefault((ssl3CipherSuite)which, enabled);
1229 }
1230 return rv;
1231 }
1233 SECStatus
1234 SSL_CipherPrefGetDefault(PRInt32 which, PRBool *enabled)
1235 {
1236 SECStatus rv;
1238 if (!enabled) {
1239 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1240 return SECFailure;
1241 }
1242 if (ssl_IsRemovedCipherSuite(which)) {
1243 *enabled = PR_FALSE;
1244 rv = SECSuccess;
1245 } else if (SSL_IS_SSL2_CIPHER(which)) {
1246 rv = ssl2_CipherPrefGetDefault(which, enabled);
1247 } else {
1248 rv = ssl3_CipherPrefGetDefault((ssl3CipherSuite)which, enabled);
1249 }
1250 return rv;
1251 }
1253 SECStatus
1254 SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled)
1255 {
1256 SECStatus rv;
1257 sslSocket *ss = ssl_FindSocket(fd);
1259 if (!ss) {
1260 SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefSet", SSL_GETPID(), fd));
1261 return SECFailure;
1262 }
1263 if (ssl_IsRemovedCipherSuite(which))
1264 return SECSuccess;
1265 if (enabled && ss->opt.noStepDown && SSL_IsExportCipherSuite(which)) {
1266 PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
1267 return SECFailure;
1268 }
1269 if (SSL_IS_SSL2_CIPHER(which)) {
1270 rv = ssl2_CipherPrefSet(ss, which, enabled);
1271 } else {
1272 rv = ssl3_CipherPrefSet(ss, (ssl3CipherSuite)which, enabled);
1273 }
1274 return rv;
1275 }
1277 SECStatus
1278 SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 which, PRBool *enabled)
1279 {
1280 SECStatus rv;
1281 sslSocket *ss = ssl_FindSocket(fd);
1283 if (!enabled) {
1284 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1285 return SECFailure;
1286 }
1287 if (!ss) {
1288 SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefGet", SSL_GETPID(), fd));
1289 *enabled = PR_FALSE;
1290 return SECFailure;
1291 }
1292 if (ssl_IsRemovedCipherSuite(which)) {
1293 *enabled = PR_FALSE;
1294 rv = SECSuccess;
1295 } else if (SSL_IS_SSL2_CIPHER(which)) {
1296 rv = ssl2_CipherPrefGet(ss, which, enabled);
1297 } else {
1298 rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled);
1299 }
1300 return rv;
1301 }
1303 SECStatus
1304 NSS_SetDomesticPolicy(void)
1305 {
1306 SECStatus status = SECSuccess;
1307 const PRUint16 *cipher;
1309 for (cipher = SSL_ImplementedCiphers; *cipher != 0; ++cipher) {
1310 status = SSL_SetPolicy(*cipher, SSL_ALLOWED);
1311 if (status != SECSuccess)
1312 break;
1313 }
1314 return status;
1315 }
1317 SECStatus
1318 NSS_SetExportPolicy(void)
1319 {
1320 return NSS_SetDomesticPolicy();
1321 }
1323 SECStatus
1324 NSS_SetFrancePolicy(void)
1325 {
1326 return NSS_SetDomesticPolicy();
1327 }
1331 /* LOCKS ??? XXX */
1332 static PRFileDesc *
1333 ssl_ImportFD(PRFileDesc *model, PRFileDesc *fd, SSLProtocolVariant variant)
1334 {
1335 sslSocket * ns = NULL;
1336 PRStatus rv;
1337 PRNetAddr addr;
1338 SECStatus status = ssl_Init();
1340 if (status != SECSuccess) {
1341 return NULL;
1342 }
1344 if (model == NULL) {
1345 /* Just create a default socket if we're given NULL for the model */
1346 ns = ssl_NewSocket((PRBool)(!ssl_defaults.noLocks), variant);
1347 } else {
1348 sslSocket * ss = ssl_FindSocket(model);
1349 if (ss == NULL || ss->protocolVariant != variant) {
1350 SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ImportFD",
1351 SSL_GETPID(), model));
1352 return NULL;
1353 }
1354 ns = ssl_DupSocket(ss);
1355 }
1356 if (ns == NULL)
1357 return NULL;
1359 rv = ssl_PushIOLayer(ns, fd, PR_TOP_IO_LAYER);
1360 if (rv != PR_SUCCESS) {
1361 ssl_FreeSocket(ns);
1362 SET_ERROR_CODE
1363 return NULL;
1364 }
1365 #if defined(DEBUG) || defined(FORCE_PR_ASSERT)
1366 {
1367 sslSocket * ss = ssl_FindSocket(fd);
1368 PORT_Assert(ss == ns);
1369 }
1370 #endif
1371 ns->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ns, &addr));
1372 return fd;
1373 }
1375 PRFileDesc *
1376 SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd)
1377 {
1378 return ssl_ImportFD(model, fd, ssl_variant_stream);
1379 }
1381 PRFileDesc *
1382 DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd)
1383 {
1384 return ssl_ImportFD(model, fd, ssl_variant_datagram);
1385 }
1387 /* SSL_SetNextProtoCallback is used to select an application protocol
1388 * for ALPN and NPN. For ALPN, this runs on the server; for NPN it
1389 * runs on the client. */
1390 /* Note: The ALPN version doesn't allow for the use of a default, setting a
1391 * status of SSL_NEXT_PROTO_NO_OVERLAP is treated as a failure. */
1392 SECStatus
1393 SSL_SetNextProtoCallback(PRFileDesc *fd, SSLNextProtoCallback callback,
1394 void *arg)
1395 {
1396 sslSocket *ss = ssl_FindSocket(fd);
1398 if (!ss) {
1399 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoCallback", SSL_GETPID(),
1400 fd));
1401 return SECFailure;
1402 }
1404 ssl_GetSSL3HandshakeLock(ss);
1405 ss->nextProtoCallback = callback;
1406 ss->nextProtoArg = arg;
1407 ssl_ReleaseSSL3HandshakeLock(ss);
1409 return SECSuccess;
1410 }
1412 /* ssl_NextProtoNegoCallback is set as an ALPN/NPN callback when
1413 * SSL_SetNextProtoNego is used.
1414 */
1415 static SECStatus
1416 ssl_NextProtoNegoCallback(void *arg, PRFileDesc *fd,
1417 const unsigned char *protos, unsigned int protos_len,
1418 unsigned char *protoOut, unsigned int *protoOutLen,
1419 unsigned int protoMaxLen)
1420 {
1421 unsigned int i, j;
1422 const unsigned char *result;
1423 sslSocket *ss = ssl_FindSocket(fd);
1425 if (!ss) {
1426 SSL_DBG(("%d: SSL[%d]: bad socket in ssl_NextProtoNegoCallback",
1427 SSL_GETPID(), fd));
1428 return SECFailure;
1429 }
1431 /* For each protocol in server preference, see if we support it. */
1432 for (i = 0; i < protos_len; ) {
1433 for (j = 0; j < ss->opt.nextProtoNego.len; ) {
1434 if (protos[i] == ss->opt.nextProtoNego.data[j] &&
1435 PORT_Memcmp(&protos[i+1], &ss->opt.nextProtoNego.data[j+1],
1436 protos[i]) == 0) {
1437 /* We found a match. */
1438 ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NEGOTIATED;
1439 result = &protos[i];
1440 goto found;
1441 }
1442 j += 1 + (unsigned int)ss->opt.nextProtoNego.data[j];
1443 }
1444 i += 1 + (unsigned int)protos[i];
1445 }
1447 /* The other side supports the extension, and either doesn't have any
1448 * protocols configured, or none of its options match ours. In this case we
1449 * request our favoured protocol. */
1450 /* This will be treated as a failure for ALPN. */
1451 ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NO_OVERLAP;
1452 result = ss->opt.nextProtoNego.data;
1454 found:
1455 if (protoMaxLen < result[0]) {
1456 PORT_SetError(SEC_ERROR_OUTPUT_LEN);
1457 return SECFailure;
1458 }
1459 memcpy(protoOut, result + 1, result[0]);
1460 *protoOutLen = result[0];
1461 return SECSuccess;
1462 }
1464 SECStatus
1465 SSL_SetNextProtoNego(PRFileDesc *fd, const unsigned char *data,
1466 unsigned int length)
1467 {
1468 sslSocket *ss;
1469 SECStatus rv;
1470 SECItem dataItem = { siBuffer, (unsigned char *) data, length };
1472 ss = ssl_FindSocket(fd);
1473 if (!ss) {
1474 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoNego",
1475 SSL_GETPID(), fd));
1476 return SECFailure;
1477 }
1479 if (ssl3_ValidateNextProtoNego(data, length) != SECSuccess)
1480 return SECFailure;
1482 ssl_GetSSL3HandshakeLock(ss);
1483 SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE);
1484 rv = SECITEM_CopyItem(NULL, &ss->opt.nextProtoNego, &dataItem);
1485 ssl_ReleaseSSL3HandshakeLock(ss);
1487 if (rv != SECSuccess)
1488 return rv;
1490 return SSL_SetNextProtoCallback(fd, ssl_NextProtoNegoCallback, NULL);
1491 }
1493 SECStatus
1494 SSL_GetNextProto(PRFileDesc *fd, SSLNextProtoState *state, unsigned char *buf,
1495 unsigned int *bufLen, unsigned int bufLenMax)
1496 {
1497 sslSocket *ss = ssl_FindSocket(fd);
1499 if (!ss) {
1500 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNextProto", SSL_GETPID(),
1501 fd));
1502 return SECFailure;
1503 }
1505 if (!state || !buf || !bufLen) {
1506 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1507 return SECFailure;
1508 }
1510 *state = ss->ssl3.nextProtoState;
1512 if (ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NO_SUPPORT &&
1513 ss->ssl3.nextProto.data) {
1514 if (ss->ssl3.nextProto.len > bufLenMax) {
1515 PORT_SetError(SEC_ERROR_OUTPUT_LEN);
1516 return SECFailure;
1517 }
1518 PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len);
1519 *bufLen = ss->ssl3.nextProto.len;
1520 } else {
1521 *bufLen = 0;
1522 }
1524 return SECSuccess;
1525 }
1527 SECStatus SSL_SetSRTPCiphers(PRFileDesc *fd,
1528 const PRUint16 *ciphers,
1529 unsigned int numCiphers)
1530 {
1531 sslSocket *ss;
1532 unsigned int i;
1534 ss = ssl_FindSocket(fd);
1535 if (!ss || !IS_DTLS(ss)) {
1536 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSRTPCiphers",
1537 SSL_GETPID(), fd));
1538 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1539 return SECFailure;
1540 }
1542 if (numCiphers > MAX_DTLS_SRTP_CIPHER_SUITES) {
1543 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1544 return SECFailure;
1545 }
1547 ss->ssl3.dtlsSRTPCipherCount = 0;
1548 for (i = 0; i < numCiphers; i++) {
1549 const PRUint16 *srtpCipher = srtpCiphers;
1551 while (*srtpCipher) {
1552 if (ciphers[i] == *srtpCipher)
1553 break;
1554 srtpCipher++;
1555 }
1556 if (*srtpCipher) {
1557 ss->ssl3.dtlsSRTPCiphers[ss->ssl3.dtlsSRTPCipherCount++] =
1558 ciphers[i];
1559 } else {
1560 SSL_DBG(("%d: SSL[%d]: invalid or unimplemented SRTP cipher "
1561 "suite specified: 0x%04hx", SSL_GETPID(), fd,
1562 ciphers[i]));
1563 }
1564 }
1566 if (ss->ssl3.dtlsSRTPCipherCount == 0) {
1567 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1568 return SECFailure;
1569 }
1571 return SECSuccess;
1572 }
1574 SECStatus
1575 SSL_GetSRTPCipher(PRFileDesc *fd, PRUint16 *cipher)
1576 {
1577 sslSocket * ss;
1579 ss = ssl_FindSocket(fd);
1580 if (!ss) {
1581 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetSRTPCipher",
1582 SSL_GETPID(), fd));
1583 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1584 return SECFailure;
1585 }
1587 if (!ss->ssl3.dtlsSRTPCipherSuite) {
1588 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1589 return SECFailure;
1590 }
1592 *cipher = ss->ssl3.dtlsSRTPCipherSuite;
1593 return SECSuccess;
1594 }
1596 PRFileDesc *
1597 SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
1598 {
1599 sslSocket * sm = NULL, *ss = NULL;
1600 int i;
1601 sslServerCerts * mc = NULL;
1602 sslServerCerts * sc = NULL;
1604 if (model == NULL) {
1605 PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
1606 return NULL;
1607 }
1608 sm = ssl_FindSocket(model);
1609 if (sm == NULL) {
1610 SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ReconfigFD",
1611 SSL_GETPID(), model));
1612 return NULL;
1613 }
1614 ss = ssl_FindSocket(fd);
1615 PORT_Assert(ss);
1616 if (ss == NULL) {
1617 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1618 return NULL;
1619 }
1621 ss->opt = sm->opt;
1622 ss->vrange = sm->vrange;
1623 PORT_Memcpy(ss->cipherSuites, sm->cipherSuites, sizeof sm->cipherSuites);
1624 PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, sm->ssl3.dtlsSRTPCiphers,
1625 sizeof(PRUint16) * sm->ssl3.dtlsSRTPCipherCount);
1626 ss->ssl3.dtlsSRTPCipherCount = sm->ssl3.dtlsSRTPCipherCount;
1628 if (!ss->opt.useSecurity) {
1629 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1630 return NULL;
1631 }
1632 /* This int should be SSLKEAType, but CC on Irix complains,
1633 * during the for loop.
1634 */
1635 for (i=kt_null; i < kt_kea_size; i++) {
1636 mc = &(sm->serverCerts[i]);
1637 sc = &(ss->serverCerts[i]);
1638 if (mc->serverCert && mc->serverCertChain) {
1639 if (sc->serverCert) {
1640 CERT_DestroyCertificate(sc->serverCert);
1641 }
1642 sc->serverCert = CERT_DupCertificate(mc->serverCert);
1643 if (sc->serverCertChain) {
1644 CERT_DestroyCertificateList(sc->serverCertChain);
1645 }
1646 sc->serverCertChain = CERT_DupCertList(mc->serverCertChain);
1647 if (!sc->serverCertChain)
1648 goto loser;
1649 if (sm->certStatusArray[i]) {
1650 if (ss->certStatusArray[i]) {
1651 SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE);
1652 ss->certStatusArray[i] = NULL;
1653 }
1654 ss->certStatusArray[i] = SECITEM_DupArray(NULL, sm->certStatusArray[i]);
1655 if (!ss->certStatusArray[i])
1656 goto loser;
1657 }
1658 }
1659 if (mc->serverKeyPair) {
1660 if (sc->serverKeyPair) {
1661 ssl3_FreeKeyPair(sc->serverKeyPair);
1662 }
1663 sc->serverKeyPair = ssl3_GetKeyPairRef(mc->serverKeyPair);
1664 sc->serverKeyBits = mc->serverKeyBits;
1665 }
1666 }
1667 if (sm->stepDownKeyPair) {
1668 if (ss->stepDownKeyPair) {
1669 ssl3_FreeKeyPair(ss->stepDownKeyPair);
1670 }
1671 ss->stepDownKeyPair = ssl3_GetKeyPairRef(sm->stepDownKeyPair);
1672 }
1673 if (sm->ephemeralECDHKeyPair) {
1674 if (ss->ephemeralECDHKeyPair) {
1675 ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
1676 }
1677 ss->ephemeralECDHKeyPair =
1678 ssl3_GetKeyPairRef(sm->ephemeralECDHKeyPair);
1679 }
1680 /* copy trust anchor names */
1681 if (sm->ssl3.ca_list) {
1682 if (ss->ssl3.ca_list) {
1683 CERT_FreeDistNames(ss->ssl3.ca_list);
1684 }
1685 ss->ssl3.ca_list = CERT_DupDistNames(sm->ssl3.ca_list);
1686 if (!ss->ssl3.ca_list) {
1687 goto loser;
1688 }
1689 }
1691 if (sm->authCertificate)
1692 ss->authCertificate = sm->authCertificate;
1693 if (sm->authCertificateArg)
1694 ss->authCertificateArg = sm->authCertificateArg;
1695 if (sm->getClientAuthData)
1696 ss->getClientAuthData = sm->getClientAuthData;
1697 if (sm->getClientAuthDataArg)
1698 ss->getClientAuthDataArg = sm->getClientAuthDataArg;
1699 if (sm->sniSocketConfig)
1700 ss->sniSocketConfig = sm->sniSocketConfig;
1701 if (sm->sniSocketConfigArg)
1702 ss->sniSocketConfigArg = sm->sniSocketConfigArg;
1703 if (sm->handleBadCert)
1704 ss->handleBadCert = sm->handleBadCert;
1705 if (sm->badCertArg)
1706 ss->badCertArg = sm->badCertArg;
1707 if (sm->handshakeCallback)
1708 ss->handshakeCallback = sm->handshakeCallback;
1709 if (sm->handshakeCallbackData)
1710 ss->handshakeCallbackData = sm->handshakeCallbackData;
1711 if (sm->pkcs11PinArg)
1712 ss->pkcs11PinArg = sm->pkcs11PinArg;
1713 return fd;
1714 loser:
1715 return NULL;
1716 }
1718 PRBool
1719 ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant,
1720 SSL3ProtocolVersion version)
1721 {
1722 switch (protocolVariant) {
1723 case ssl_variant_stream:
1724 return (version >= SSL_LIBRARY_VERSION_3_0 &&
1725 version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED);
1726 case ssl_variant_datagram:
1727 return (version >= SSL_LIBRARY_VERSION_TLS_1_1 &&
1728 version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED);
1729 default:
1730 /* Can't get here */
1731 PORT_Assert(PR_FALSE);
1732 return PR_FALSE;
1733 }
1734 }
1736 /* Returns PR_TRUE if the given version range is valid and
1737 ** fully supported; otherwise, returns PR_FALSE.
1738 */
1739 static PRBool
1740 ssl3_VersionRangeIsValid(SSLProtocolVariant protocolVariant,
1741 const SSLVersionRange *vrange)
1742 {
1743 return vrange &&
1744 vrange->min <= vrange->max &&
1745 ssl3_VersionIsSupported(protocolVariant, vrange->min) &&
1746 ssl3_VersionIsSupported(protocolVariant, vrange->max);
1747 }
1749 SECStatus
1750 SSL_VersionRangeGetSupported(SSLProtocolVariant protocolVariant,
1751 SSLVersionRange *vrange)
1752 {
1753 if (!vrange) {
1754 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1755 return SECFailure;
1756 }
1758 switch (protocolVariant) {
1759 case ssl_variant_stream:
1760 vrange->min = SSL_LIBRARY_VERSION_3_0;
1761 vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED;
1762 break;
1763 case ssl_variant_datagram:
1764 vrange->min = SSL_LIBRARY_VERSION_TLS_1_1;
1765 vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED;
1766 break;
1767 default:
1768 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1769 return SECFailure;
1770 }
1772 return SECSuccess;
1773 }
1775 SECStatus
1776 SSL_VersionRangeGetDefault(SSLProtocolVariant protocolVariant,
1777 SSLVersionRange *vrange)
1778 {
1779 if ((protocolVariant != ssl_variant_stream &&
1780 protocolVariant != ssl_variant_datagram) || !vrange) {
1781 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1782 return SECFailure;
1783 }
1785 *vrange = *VERSIONS_DEFAULTS(protocolVariant);
1787 return SECSuccess;
1788 }
1790 SECStatus
1791 SSL_VersionRangeSetDefault(SSLProtocolVariant protocolVariant,
1792 const SSLVersionRange *vrange)
1793 {
1794 if (!ssl3_VersionRangeIsValid(protocolVariant, vrange)) {
1795 PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
1796 return SECFailure;
1797 }
1799 *VERSIONS_DEFAULTS(protocolVariant) = *vrange;
1801 return SECSuccess;
1802 }
1804 SECStatus
1805 SSL_VersionRangeGet(PRFileDesc *fd, SSLVersionRange *vrange)
1806 {
1807 sslSocket *ss = ssl_FindSocket(fd);
1809 if (!ss) {
1810 SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeGet",
1811 SSL_GETPID(), fd));
1812 return SECFailure;
1813 }
1815 if (!vrange) {
1816 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1817 return SECFailure;
1818 }
1820 ssl_Get1stHandshakeLock(ss);
1821 ssl_GetSSL3HandshakeLock(ss);
1823 *vrange = ss->vrange;
1825 ssl_ReleaseSSL3HandshakeLock(ss);
1826 ssl_Release1stHandshakeLock(ss);
1828 return SECSuccess;
1829 }
1831 SECStatus
1832 SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange)
1833 {
1834 sslSocket *ss = ssl_FindSocket(fd);
1836 if (!ss) {
1837 SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeSet",
1838 SSL_GETPID(), fd));
1839 return SECFailure;
1840 }
1842 if (!ssl3_VersionRangeIsValid(ss->protocolVariant, vrange)) {
1843 PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
1844 return SECFailure;
1845 }
1847 ssl_Get1stHandshakeLock(ss);
1848 ssl_GetSSL3HandshakeLock(ss);
1850 ss->vrange = *vrange;
1852 ssl_ReleaseSSL3HandshakeLock(ss);
1853 ssl_Release1stHandshakeLock(ss);
1855 return SECSuccess;
1856 }
1858 const SECItemArray *
1859 SSL_PeerStapledOCSPResponses(PRFileDesc *fd)
1860 {
1861 sslSocket *ss = ssl_FindSocket(fd);
1863 if (!ss) {
1864 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_PeerStapledOCSPResponses",
1865 SSL_GETPID(), fd));
1866 return NULL;
1867 }
1869 if (!ss->sec.ci.sid) {
1870 PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
1871 return NULL;
1872 }
1874 return &ss->sec.ci.sid->peerCertStatus;
1875 }
1877 /************************************************************************/
1878 /* The following functions are the TOP LEVEL SSL functions.
1879 ** They all get called through the NSPRIOMethods table below.
1880 */
1882 static PRFileDesc * PR_CALLBACK
1883 ssl_Accept(PRFileDesc *fd, PRNetAddr *sockaddr, PRIntervalTime timeout)
1884 {
1885 sslSocket *ss;
1886 sslSocket *ns = NULL;
1887 PRFileDesc *newfd = NULL;
1888 PRFileDesc *osfd;
1889 PRStatus status;
1891 ss = ssl_GetPrivate(fd);
1892 if (!ss) {
1893 SSL_DBG(("%d: SSL[%d]: bad socket in accept", SSL_GETPID(), fd));
1894 return NULL;
1895 }
1897 /* IF this is a listen socket, there shouldn't be any I/O going on */
1898 SSL_LOCK_READER(ss);
1899 SSL_LOCK_WRITER(ss);
1900 ssl_Get1stHandshakeLock(ss);
1901 ssl_GetSSL3HandshakeLock(ss);
1903 ss->cTimeout = timeout;
1905 osfd = ss->fd->lower;
1907 /* First accept connection */
1908 newfd = osfd->methods->accept(osfd, sockaddr, timeout);
1909 if (newfd == NULL) {
1910 SSL_DBG(("%d: SSL[%d]: accept failed, errno=%d",
1911 SSL_GETPID(), ss->fd, PORT_GetError()));
1912 } else {
1913 /* Create ssl module */
1914 ns = ssl_DupSocket(ss);
1915 }
1917 ssl_ReleaseSSL3HandshakeLock(ss);
1918 ssl_Release1stHandshakeLock(ss);
1919 SSL_UNLOCK_WRITER(ss);
1920 SSL_UNLOCK_READER(ss); /* ss isn't used below here. */
1922 if (ns == NULL)
1923 goto loser;
1925 /* push ssl module onto the new socket */
1926 status = ssl_PushIOLayer(ns, newfd, PR_TOP_IO_LAYER);
1927 if (status != PR_SUCCESS)
1928 goto loser;
1930 /* Now start server connection handshake with client.
1931 ** Don't need locks here because nobody else has a reference to ns yet.
1932 */
1933 if ( ns->opt.useSecurity ) {
1934 if ( ns->opt.handshakeAsClient ) {
1935 ns->handshake = ssl2_BeginClientHandshake;
1936 ss->handshaking = sslHandshakingAsClient;
1937 } else {
1938 ns->handshake = ssl2_BeginServerHandshake;
1939 ss->handshaking = sslHandshakingAsServer;
1940 }
1941 }
1942 ns->TCPconnected = 1;
1943 return newfd;
1945 loser:
1946 if (ns != NULL)
1947 ssl_FreeSocket(ns);
1948 if (newfd != NULL)
1949 PR_Close(newfd);
1950 return NULL;
1951 }
1953 static PRStatus PR_CALLBACK
1954 ssl_Connect(PRFileDesc *fd, const PRNetAddr *sockaddr, PRIntervalTime timeout)
1955 {
1956 sslSocket *ss;
1957 PRStatus rv;
1959 ss = ssl_GetPrivate(fd);
1960 if (!ss) {
1961 SSL_DBG(("%d: SSL[%d]: bad socket in connect", SSL_GETPID(), fd));
1962 return PR_FAILURE;
1963 }
1965 /* IF this is a listen socket, there shouldn't be any I/O going on */
1966 SSL_LOCK_READER(ss);
1967 SSL_LOCK_WRITER(ss);
1969 ss->cTimeout = timeout;
1970 rv = (PRStatus)(*ss->ops->connect)(ss, sockaddr);
1972 SSL_UNLOCK_WRITER(ss);
1973 SSL_UNLOCK_READER(ss);
1975 return rv;
1976 }
1978 static PRStatus PR_CALLBACK
1979 ssl_Bind(PRFileDesc *fd, const PRNetAddr *addr)
1980 {
1981 sslSocket * ss = ssl_GetPrivate(fd);
1982 PRStatus rv;
1984 if (!ss) {
1985 SSL_DBG(("%d: SSL[%d]: bad socket in bind", SSL_GETPID(), fd));
1986 return PR_FAILURE;
1987 }
1988 SSL_LOCK_READER(ss);
1989 SSL_LOCK_WRITER(ss);
1991 rv = (PRStatus)(*ss->ops->bind)(ss, addr);
1993 SSL_UNLOCK_WRITER(ss);
1994 SSL_UNLOCK_READER(ss);
1995 return rv;
1996 }
1998 static PRStatus PR_CALLBACK
1999 ssl_Listen(PRFileDesc *fd, PRIntn backlog)
2000 {
2001 sslSocket * ss = ssl_GetPrivate(fd);
2002 PRStatus rv;
2004 if (!ss) {
2005 SSL_DBG(("%d: SSL[%d]: bad socket in listen", SSL_GETPID(), fd));
2006 return PR_FAILURE;
2007 }
2008 SSL_LOCK_READER(ss);
2009 SSL_LOCK_WRITER(ss);
2011 rv = (PRStatus)(*ss->ops->listen)(ss, backlog);
2013 SSL_UNLOCK_WRITER(ss);
2014 SSL_UNLOCK_READER(ss);
2015 return rv;
2016 }
2018 static PRStatus PR_CALLBACK
2019 ssl_Shutdown(PRFileDesc *fd, PRIntn how)
2020 {
2021 sslSocket * ss = ssl_GetPrivate(fd);
2022 PRStatus rv;
2024 if (!ss) {
2025 SSL_DBG(("%d: SSL[%d]: bad socket in shutdown", SSL_GETPID(), fd));
2026 return PR_FAILURE;
2027 }
2028 if (how == PR_SHUTDOWN_RCV || how == PR_SHUTDOWN_BOTH) {
2029 SSL_LOCK_READER(ss);
2030 }
2031 if (how == PR_SHUTDOWN_SEND || how == PR_SHUTDOWN_BOTH) {
2032 SSL_LOCK_WRITER(ss);
2033 }
2035 rv = (PRStatus)(*ss->ops->shutdown)(ss, how);
2037 if (how == PR_SHUTDOWN_SEND || how == PR_SHUTDOWN_BOTH) {
2038 SSL_UNLOCK_WRITER(ss);
2039 }
2040 if (how == PR_SHUTDOWN_RCV || how == PR_SHUTDOWN_BOTH) {
2041 SSL_UNLOCK_READER(ss);
2042 }
2043 return rv;
2044 }
2046 static PRStatus PR_CALLBACK
2047 ssl_Close(PRFileDesc *fd)
2048 {
2049 sslSocket *ss;
2050 PRStatus rv;
2052 ss = ssl_GetPrivate(fd);
2053 if (!ss) {
2054 SSL_DBG(("%d: SSL[%d]: bad socket in close", SSL_GETPID(), fd));
2055 return PR_FAILURE;
2056 }
2058 /* There must not be any I/O going on */
2059 SSL_LOCK_READER(ss);
2060 SSL_LOCK_WRITER(ss);
2062 /* By the time this function returns,
2063 ** ss is an invalid pointer, and the locks to which it points have
2064 ** been unlocked and freed. So, this is the ONE PLACE in all of SSL
2065 ** where the LOCK calls and the corresponding UNLOCK calls are not in
2066 ** the same function scope. The unlock calls are in ssl_FreeSocket().
2067 */
2068 rv = (PRStatus)(*ss->ops->close)(ss);
2070 return rv;
2071 }
2073 static int PR_CALLBACK
2074 ssl_Recv(PRFileDesc *fd, void *buf, PRInt32 len, PRIntn flags,
2075 PRIntervalTime timeout)
2076 {
2077 sslSocket *ss;
2078 int rv;
2080 ss = ssl_GetPrivate(fd);
2081 if (!ss) {
2082 SSL_DBG(("%d: SSL[%d]: bad socket in recv", SSL_GETPID(), fd));
2083 return SECFailure;
2084 }
2085 SSL_LOCK_READER(ss);
2086 ss->rTimeout = timeout;
2087 if (!ss->opt.fdx)
2088 ss->wTimeout = timeout;
2089 rv = (*ss->ops->recv)(ss, (unsigned char*)buf, len, flags);
2090 SSL_UNLOCK_READER(ss);
2091 return rv;
2092 }
2094 static int PR_CALLBACK
2095 ssl_Send(PRFileDesc *fd, const void *buf, PRInt32 len, PRIntn flags,
2096 PRIntervalTime timeout)
2097 {
2098 sslSocket *ss;
2099 int rv;
2101 ss = ssl_GetPrivate(fd);
2102 if (!ss) {
2103 SSL_DBG(("%d: SSL[%d]: bad socket in send", SSL_GETPID(), fd));
2104 return SECFailure;
2105 }
2106 SSL_LOCK_WRITER(ss);
2107 ss->wTimeout = timeout;
2108 if (!ss->opt.fdx)
2109 ss->rTimeout = timeout;
2110 rv = (*ss->ops->send)(ss, (const unsigned char*)buf, len, flags);
2111 SSL_UNLOCK_WRITER(ss);
2112 return rv;
2113 }
2115 static int PR_CALLBACK
2116 ssl_Read(PRFileDesc *fd, void *buf, PRInt32 len)
2117 {
2118 sslSocket *ss;
2119 int rv;
2121 ss = ssl_GetPrivate(fd);
2122 if (!ss) {
2123 SSL_DBG(("%d: SSL[%d]: bad socket in read", SSL_GETPID(), fd));
2124 return SECFailure;
2125 }
2126 SSL_LOCK_READER(ss);
2127 ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
2128 if (!ss->opt.fdx)
2129 ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
2130 rv = (*ss->ops->read)(ss, (unsigned char*)buf, len);
2131 SSL_UNLOCK_READER(ss);
2132 return rv;
2133 }
2135 static int PR_CALLBACK
2136 ssl_Write(PRFileDesc *fd, const void *buf, PRInt32 len)
2137 {
2138 sslSocket *ss;
2139 int rv;
2141 ss = ssl_GetPrivate(fd);
2142 if (!ss) {
2143 SSL_DBG(("%d: SSL[%d]: bad socket in write", SSL_GETPID(), fd));
2144 return SECFailure;
2145 }
2146 SSL_LOCK_WRITER(ss);
2147 ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
2148 if (!ss->opt.fdx)
2149 ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
2150 rv = (*ss->ops->write)(ss, (const unsigned char*)buf, len);
2151 SSL_UNLOCK_WRITER(ss);
2152 return rv;
2153 }
2155 static PRStatus PR_CALLBACK
2156 ssl_GetPeerName(PRFileDesc *fd, PRNetAddr *addr)
2157 {
2158 sslSocket *ss;
2160 ss = ssl_GetPrivate(fd);
2161 if (!ss) {
2162 SSL_DBG(("%d: SSL[%d]: bad socket in getpeername", SSL_GETPID(), fd));
2163 return PR_FAILURE;
2164 }
2165 return (PRStatus)(*ss->ops->getpeername)(ss, addr);
2166 }
2168 /*
2169 */
2170 SECStatus
2171 ssl_GetPeerInfo(sslSocket *ss)
2172 {
2173 PRFileDesc * osfd;
2174 int rv;
2175 PRNetAddr sin;
2177 osfd = ss->fd->lower;
2179 PORT_Memset(&sin, 0, sizeof(sin));
2180 rv = osfd->methods->getpeername(osfd, &sin);
2181 if (rv < 0) {
2182 return SECFailure;
2183 }
2184 ss->TCPconnected = 1;
2185 if (sin.inet.family == PR_AF_INET) {
2186 PR_ConvertIPv4AddrToIPv6(sin.inet.ip, &ss->sec.ci.peer);
2187 ss->sec.ci.port = sin.inet.port;
2188 } else if (sin.ipv6.family == PR_AF_INET6) {
2189 ss->sec.ci.peer = sin.ipv6.ip;
2190 ss->sec.ci.port = sin.ipv6.port;
2191 } else {
2192 PORT_SetError(PR_ADDRESS_NOT_SUPPORTED_ERROR);
2193 return SECFailure;
2194 }
2195 return SECSuccess;
2196 }
2198 static PRStatus PR_CALLBACK
2199 ssl_GetSockName(PRFileDesc *fd, PRNetAddr *name)
2200 {
2201 sslSocket *ss;
2203 ss = ssl_GetPrivate(fd);
2204 if (!ss) {
2205 SSL_DBG(("%d: SSL[%d]: bad socket in getsockname", SSL_GETPID(), fd));
2206 return PR_FAILURE;
2207 }
2208 return (PRStatus)(*ss->ops->getsockname)(ss, name);
2209 }
2211 SECStatus
2212 SSL_SetStapledOCSPResponses(PRFileDesc *fd, const SECItemArray *responses,
2213 SSLKEAType kea)
2214 {
2215 sslSocket *ss;
2217 ss = ssl_FindSocket(fd);
2218 if (!ss) {
2219 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetStapledOCSPResponses",
2220 SSL_GETPID(), fd));
2221 return SECFailure;
2222 }
2224 if ( kea <= 0 || kea >= kt_kea_size) {
2225 SSL_DBG(("%d: SSL[%d]: invalid key in SSL_SetStapledOCSPResponses",
2226 SSL_GETPID(), fd));
2227 return SECFailure;
2228 }
2230 if (ss->certStatusArray[kea]) {
2231 SECITEM_FreeArray(ss->certStatusArray[kea], PR_TRUE);
2232 ss->certStatusArray[kea] = NULL;
2233 }
2234 if (responses) {
2235 ss->certStatusArray[kea] = SECITEM_DupArray(NULL, responses);
2236 }
2237 return (ss->certStatusArray[kea] || !responses) ? SECSuccess : SECFailure;
2238 }
2240 SECStatus
2241 SSL_SetSockPeerID(PRFileDesc *fd, const char *peerID)
2242 {
2243 sslSocket *ss;
2245 ss = ssl_FindSocket(fd);
2246 if (!ss) {
2247 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSockPeerID",
2248 SSL_GETPID(), fd));
2249 return SECFailure;
2250 }
2252 if (ss->peerID) {
2253 PORT_Free(ss->peerID);
2254 ss->peerID = NULL;
2255 }
2256 if (peerID)
2257 ss->peerID = PORT_Strdup(peerID);
2258 return (ss->peerID || !peerID) ? SECSuccess : SECFailure;
2259 }
2261 #define PR_POLL_RW (PR_POLL_WRITE | PR_POLL_READ)
2263 static PRInt16 PR_CALLBACK
2264 ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags)
2265 {
2266 sslSocket *ss;
2267 PRInt16 new_flags = how_flags; /* should select on these flags. */
2268 PRNetAddr addr;
2270 *p_out_flags = 0;
2271 ss = ssl_GetPrivate(fd);
2272 if (!ss) {
2273 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_Poll",
2274 SSL_GETPID(), fd));
2275 return 0; /* don't poll on this socket */
2276 }
2278 if (ss->opt.useSecurity &&
2279 ss->handshaking != sslHandshakingUndetermined &&
2280 !ss->firstHsDone &&
2281 (how_flags & PR_POLL_RW)) {
2282 if (!ss->TCPconnected) {
2283 ss->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ss, &addr));
2284 }
2285 /* If it's not connected, then presumably the application is polling
2286 ** on read or write appropriately, so don't change it.
2287 */
2288 if (ss->TCPconnected) {
2289 if (!ss->handshakeBegun) {
2290 /* If the handshake has not begun, poll on read or write
2291 ** based on the local application's role in the handshake,
2292 ** not based on what the application requested.
2293 */
2294 new_flags &= ~PR_POLL_RW;
2295 if (ss->handshaking == sslHandshakingAsClient) {
2296 new_flags |= PR_POLL_WRITE;
2297 } else { /* handshaking as server */
2298 new_flags |= PR_POLL_READ;
2299 }
2300 } else
2301 /* First handshake is in progress */
2302 if (ss->lastWriteBlocked) {
2303 if (new_flags & PR_POLL_READ) {
2304 /* The caller is waiting for data to be received,
2305 ** but the initial handshake is blocked on write, or the
2306 ** client's first handshake record has not been written.
2307 ** The code should select on write, not read.
2308 */
2309 new_flags ^= PR_POLL_READ; /* don't select on read. */
2310 new_flags |= PR_POLL_WRITE; /* do select on write. */
2311 }
2312 } else if (new_flags & PR_POLL_WRITE) {
2313 /* The caller is trying to write, but the handshake is
2314 ** blocked waiting for data to read, and the first
2315 ** handshake has been sent. So do NOT to poll on write
2316 ** unless we did false start.
2317 */
2318 if (!(ss->version >= SSL_LIBRARY_VERSION_3_0 &&
2319 ss->ssl3.hs.canFalseStart)) {
2320 new_flags ^= PR_POLL_WRITE; /* don't select on write. */
2321 }
2322 new_flags |= PR_POLL_READ; /* do select on read. */
2323 }
2324 }
2325 } else if ((new_flags & PR_POLL_READ) && (SSL_DataPending(fd) > 0)) {
2326 *p_out_flags = PR_POLL_READ; /* it's ready already. */
2327 return new_flags;
2328 } else if ((ss->lastWriteBlocked) && (how_flags & PR_POLL_READ) &&
2329 (ss->pendingBuf.len != 0)) { /* write data waiting to be sent */
2330 new_flags |= PR_POLL_WRITE; /* also select on write. */
2331 }
2333 if (ss->version >= SSL_LIBRARY_VERSION_3_0 &&
2334 ss->ssl3.hs.restartTarget != NULL) {
2335 /* Read and write will block until the asynchronous callback completes
2336 * (e.g. until SSL_AuthCertificateComplete is called), so don't tell
2337 * the caller to poll the socket unless there is pending write data.
2338 */
2339 if (ss->lastWriteBlocked && ss->pendingBuf.len != 0) {
2340 /* Ignore any newly-received data on the socket, but do wait for
2341 * the socket to become writable again. Here, it is OK for an error
2342 * to be detected, because our logic for sending pending write data
2343 * will allow us to report the error to the caller without the risk
2344 * of the application spinning.
2345 */
2346 new_flags &= (PR_POLL_WRITE | PR_POLL_EXCEPT);
2347 } else {
2348 /* Unfortunately, clearing new_flags will make it impossible for
2349 * the application to detect errors that it would otherwise be
2350 * able to detect with PR_POLL_EXCEPT, until the asynchronous
2351 * callback completes. However, we must clear all the flags to
2352 * prevent the application from spinning (alternating between
2353 * calling PR_Poll that would return PR_POLL_EXCEPT, and send/recv
2354 * which won't actually report the I/O error while we are waiting
2355 * for the asynchronous callback to complete).
2356 */
2357 new_flags = 0;
2358 }
2359 }
2361 if (new_flags && (fd->lower->methods->poll != NULL)) {
2362 PRInt16 lower_out_flags = 0;
2363 PRInt16 lower_new_flags;
2364 lower_new_flags = fd->lower->methods->poll(fd->lower, new_flags,
2365 &lower_out_flags);
2366 if ((lower_new_flags & lower_out_flags) && (how_flags != new_flags)) {
2367 PRInt16 out_flags = lower_out_flags & ~PR_POLL_RW;
2368 if (lower_out_flags & PR_POLL_READ)
2369 out_flags |= PR_POLL_WRITE;
2370 if (lower_out_flags & PR_POLL_WRITE)
2371 out_flags |= PR_POLL_READ;
2372 *p_out_flags = out_flags;
2373 new_flags = how_flags;
2374 } else {
2375 *p_out_flags = lower_out_flags;
2376 new_flags = lower_new_flags;
2377 }
2378 }
2380 return new_flags;
2381 }
2383 static PRInt32 PR_CALLBACK
2384 ssl_TransmitFile(PRFileDesc *sd, PRFileDesc *fd,
2385 const void *headers, PRInt32 hlen,
2386 PRTransmitFileFlags flags, PRIntervalTime timeout)
2387 {
2388 PRSendFileData sfd;
2390 sfd.fd = fd;
2391 sfd.file_offset = 0;
2392 sfd.file_nbytes = 0;
2393 sfd.header = headers;
2394 sfd.hlen = hlen;
2395 sfd.trailer = NULL;
2396 sfd.tlen = 0;
2398 return sd->methods->sendfile(sd, &sfd, flags, timeout);
2399 }
2402 PRBool
2403 ssl_FdIsBlocking(PRFileDesc *fd)
2404 {
2405 PRSocketOptionData opt;
2406 PRStatus status;
2408 opt.option = PR_SockOpt_Nonblocking;
2409 opt.value.non_blocking = PR_FALSE;
2410 status = PR_GetSocketOption(fd, &opt);
2411 if (status != PR_SUCCESS)
2412 return PR_FALSE;
2413 return (PRBool)!opt.value.non_blocking;
2414 }
2416 PRBool
2417 ssl_SocketIsBlocking(sslSocket *ss)
2418 {
2419 return ssl_FdIsBlocking(ss->fd);
2420 }
2422 PRInt32 sslFirstBufSize = 8 * 1024;
2423 PRInt32 sslCopyLimit = 1024;
2425 static PRInt32 PR_CALLBACK
2426 ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors,
2427 PRIntervalTime timeout)
2428 {
2429 PRInt32 i;
2430 PRInt32 bufLen;
2431 PRInt32 left;
2432 PRInt32 rv;
2433 PRInt32 sent = 0;
2434 const PRInt32 first_len = sslFirstBufSize;
2435 const PRInt32 limit = sslCopyLimit;
2436 PRBool blocking;
2437 PRIOVec myIov = { 0, 0 };
2438 char buf[MAX_FRAGMENT_LENGTH];
2440 if (vectors < 0) {
2441 PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
2442 return -1;
2443 }
2444 if (vectors > PR_MAX_IOVECTOR_SIZE) {
2445 PORT_SetError(PR_BUFFER_OVERFLOW_ERROR);
2446 return -1;
2447 }
2448 for (i = 0; i < vectors; i++) {
2449 if (iov[i].iov_len < 0) {
2450 PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
2451 return -1;
2452 }
2453 }
2454 blocking = ssl_FdIsBlocking(fd);
2456 #define K16 sizeof(buf)
2457 #define KILL_VECTORS while (vectors && !iov->iov_len) { ++iov; --vectors; }
2458 #define GET_VECTOR do { myIov = *iov++; --vectors; KILL_VECTORS } while (0)
2459 #define HANDLE_ERR(rv, len) \
2460 if (rv != len) { \
2461 if (rv < 0) { \
2462 if (!blocking \
2463 && (PR_GetError() == PR_WOULD_BLOCK_ERROR) \
2464 && (sent > 0)) { \
2465 return sent; \
2466 } else { \
2467 return -1; \
2468 } \
2469 } \
2470 /* Only a nonblocking socket can have partial sends */ \
2471 PR_ASSERT(!blocking); \
2472 return sent + rv; \
2473 }
2474 #define SEND(bfr, len) \
2475 do { \
2476 rv = ssl_Send(fd, bfr, len, 0, timeout); \
2477 HANDLE_ERR(rv, len) \
2478 sent += len; \
2479 } while (0)
2481 /* Make sure the first write is at least 8 KB, if possible. */
2482 KILL_VECTORS
2483 if (!vectors)
2484 return ssl_Send(fd, 0, 0, 0, timeout);
2485 GET_VECTOR;
2486 if (!vectors) {
2487 return ssl_Send(fd, myIov.iov_base, myIov.iov_len, 0, timeout);
2488 }
2489 if (myIov.iov_len < first_len) {
2490 PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len);
2491 bufLen = myIov.iov_len;
2492 left = first_len - bufLen;
2493 while (vectors && left) {
2494 int toCopy;
2495 GET_VECTOR;
2496 toCopy = PR_MIN(left, myIov.iov_len);
2497 PORT_Memcpy(buf + bufLen, myIov.iov_base, toCopy);
2498 bufLen += toCopy;
2499 left -= toCopy;
2500 myIov.iov_base += toCopy;
2501 myIov.iov_len -= toCopy;
2502 }
2503 SEND( buf, bufLen );
2504 }
2506 while (vectors || myIov.iov_len) {
2507 PRInt32 addLen;
2508 if (!myIov.iov_len) {
2509 GET_VECTOR;
2510 }
2511 while (myIov.iov_len >= K16) {
2512 SEND(myIov.iov_base, K16);
2513 myIov.iov_base += K16;
2514 myIov.iov_len -= K16;
2515 }
2516 if (!myIov.iov_len)
2517 continue;
2519 if (!vectors || myIov.iov_len > limit) {
2520 addLen = 0;
2521 } else if ((addLen = iov->iov_len % K16) + myIov.iov_len <= limit) {
2522 /* Addlen is already computed. */;
2523 } else if (vectors > 1 &&
2524 iov[1].iov_len % K16 + addLen + myIov.iov_len <= 2 * limit) {
2525 addLen = limit - myIov.iov_len;
2526 } else
2527 addLen = 0;
2529 if (!addLen) {
2530 SEND( myIov.iov_base, myIov.iov_len );
2531 myIov.iov_len = 0;
2532 continue;
2533 }
2534 PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len);
2535 bufLen = myIov.iov_len;
2536 do {
2537 GET_VECTOR;
2538 PORT_Memcpy(buf + bufLen, myIov.iov_base, addLen);
2539 myIov.iov_base += addLen;
2540 myIov.iov_len -= addLen;
2541 bufLen += addLen;
2543 left = PR_MIN( limit, K16 - bufLen);
2544 if (!vectors /* no more left */
2545 || myIov.iov_len > 0 /* we didn't use that one all up */
2546 || bufLen >= K16 /* it's full. */
2547 ) {
2548 addLen = 0;
2549 } else if ((addLen = iov->iov_len % K16) <= left) {
2550 /* Addlen is already computed. */;
2551 } else if (vectors > 1 &&
2552 iov[1].iov_len % K16 + addLen <= left + limit) {
2553 addLen = left;
2554 } else
2555 addLen = 0;
2557 } while (addLen);
2558 SEND( buf, bufLen );
2559 }
2560 return sent;
2561 }
2563 /*
2564 * These functions aren't implemented.
2565 */
2567 static PRInt32 PR_CALLBACK
2568 ssl_Available(PRFileDesc *fd)
2569 {
2570 PORT_Assert(0);
2571 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2572 return SECFailure;
2573 }
2575 static PRInt64 PR_CALLBACK
2576 ssl_Available64(PRFileDesc *fd)
2577 {
2578 PRInt64 res;
2580 PORT_Assert(0);
2581 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2582 LL_I2L(res, -1L);
2583 return res;
2584 }
2586 static PRStatus PR_CALLBACK
2587 ssl_FSync(PRFileDesc *fd)
2588 {
2589 PORT_Assert(0);
2590 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2591 return PR_FAILURE;
2592 }
2594 static PRInt32 PR_CALLBACK
2595 ssl_Seek(PRFileDesc *fd, PRInt32 offset, PRSeekWhence how) {
2596 PORT_Assert(0);
2597 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2598 return SECFailure;
2599 }
2601 static PRInt64 PR_CALLBACK
2602 ssl_Seek64(PRFileDesc *fd, PRInt64 offset, PRSeekWhence how) {
2603 PRInt64 res;
2605 PORT_Assert(0);
2606 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2607 LL_I2L(res, -1L);
2608 return res;
2609 }
2611 static PRStatus PR_CALLBACK
2612 ssl_FileInfo(PRFileDesc *fd, PRFileInfo *info)
2613 {
2614 PORT_Assert(0);
2615 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2616 return PR_FAILURE;
2617 }
2619 static PRStatus PR_CALLBACK
2620 ssl_FileInfo64(PRFileDesc *fd, PRFileInfo64 *info)
2621 {
2622 PORT_Assert(0);
2623 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2624 return PR_FAILURE;
2625 }
2627 static PRInt32 PR_CALLBACK
2628 ssl_RecvFrom(PRFileDesc *fd, void *buf, PRInt32 amount, PRIntn flags,
2629 PRNetAddr *addr, PRIntervalTime timeout)
2630 {
2631 PORT_Assert(0);
2632 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2633 return SECFailure;
2634 }
2636 static PRInt32 PR_CALLBACK
2637 ssl_SendTo(PRFileDesc *fd, const void *buf, PRInt32 amount, PRIntn flags,
2638 const PRNetAddr *addr, PRIntervalTime timeout)
2639 {
2640 PORT_Assert(0);
2641 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2642 return SECFailure;
2643 }
2645 static const PRIOMethods ssl_methods = {
2646 PR_DESC_LAYERED,
2647 ssl_Close, /* close */
2648 ssl_Read, /* read */
2649 ssl_Write, /* write */
2650 ssl_Available, /* available */
2651 ssl_Available64, /* available64 */
2652 ssl_FSync, /* fsync */
2653 ssl_Seek, /* seek */
2654 ssl_Seek64, /* seek64 */
2655 ssl_FileInfo, /* fileInfo */
2656 ssl_FileInfo64, /* fileInfo64 */
2657 ssl_WriteV, /* writev */
2658 ssl_Connect, /* connect */
2659 ssl_Accept, /* accept */
2660 ssl_Bind, /* bind */
2661 ssl_Listen, /* listen */
2662 ssl_Shutdown, /* shutdown */
2663 ssl_Recv, /* recv */
2664 ssl_Send, /* send */
2665 ssl_RecvFrom, /* recvfrom */
2666 ssl_SendTo, /* sendto */
2667 ssl_Poll, /* poll */
2668 PR_EmulateAcceptRead, /* acceptread */
2669 ssl_TransmitFile, /* transmitfile */
2670 ssl_GetSockName, /* getsockname */
2671 ssl_GetPeerName, /* getpeername */
2672 NULL, /* getsockopt OBSOLETE */
2673 NULL, /* setsockopt OBSOLETE */
2674 NULL, /* getsocketoption */
2675 NULL, /* setsocketoption */
2676 PR_EmulateSendFile, /* Send a (partial) file with header/trailer*/
2677 NULL, /* reserved for future use */
2678 NULL, /* reserved for future use */
2679 NULL, /* reserved for future use */
2680 NULL, /* reserved for future use */
2681 NULL /* reserved for future use */
2682 };
2685 static PRIOMethods combined_methods;
2687 static void
2688 ssl_SetupIOMethods(void)
2689 {
2690 PRIOMethods *new_methods = &combined_methods;
2691 const PRIOMethods *nspr_methods = PR_GetDefaultIOMethods();
2692 const PRIOMethods *my_methods = &ssl_methods;
2694 *new_methods = *nspr_methods;
2696 new_methods->file_type = my_methods->file_type;
2697 new_methods->close = my_methods->close;
2698 new_methods->read = my_methods->read;
2699 new_methods->write = my_methods->write;
2700 new_methods->available = my_methods->available;
2701 new_methods->available64 = my_methods->available64;
2702 new_methods->fsync = my_methods->fsync;
2703 new_methods->seek = my_methods->seek;
2704 new_methods->seek64 = my_methods->seek64;
2705 new_methods->fileInfo = my_methods->fileInfo;
2706 new_methods->fileInfo64 = my_methods->fileInfo64;
2707 new_methods->writev = my_methods->writev;
2708 new_methods->connect = my_methods->connect;
2709 new_methods->accept = my_methods->accept;
2710 new_methods->bind = my_methods->bind;
2711 new_methods->listen = my_methods->listen;
2712 new_methods->shutdown = my_methods->shutdown;
2713 new_methods->recv = my_methods->recv;
2714 new_methods->send = my_methods->send;
2715 new_methods->recvfrom = my_methods->recvfrom;
2716 new_methods->sendto = my_methods->sendto;
2717 new_methods->poll = my_methods->poll;
2718 new_methods->acceptread = my_methods->acceptread;
2719 new_methods->transmitfile = my_methods->transmitfile;
2720 new_methods->getsockname = my_methods->getsockname;
2721 new_methods->getpeername = my_methods->getpeername;
2722 /* new_methods->getsocketoption = my_methods->getsocketoption; */
2723 /* new_methods->setsocketoption = my_methods->setsocketoption; */
2724 new_methods->sendfile = my_methods->sendfile;
2726 }
2728 static PRCallOnceType initIoLayerOnce;
2730 static PRStatus
2731 ssl_InitIOLayer(void)
2732 {
2733 ssl_layer_id = PR_GetUniqueIdentity("SSL");
2734 ssl_SetupIOMethods();
2735 ssl_inited = PR_TRUE;
2736 return PR_SUCCESS;
2737 }
2739 static PRStatus
2740 ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack, PRDescIdentity id)
2741 {
2742 PRFileDesc *layer = NULL;
2743 PRStatus status;
2745 if (!ssl_inited) {
2746 status = PR_CallOnce(&initIoLayerOnce, &ssl_InitIOLayer);
2747 if (status != PR_SUCCESS)
2748 goto loser;
2749 }
2751 if (ns == NULL)
2752 goto loser;
2754 layer = PR_CreateIOLayerStub(ssl_layer_id, &combined_methods);
2755 if (layer == NULL)
2756 goto loser;
2757 layer->secret = (PRFilePrivate *)ns;
2759 /* Here, "stack" points to the PRFileDesc on the top of the stack.
2760 ** "layer" points to a new FD that is to be inserted into the stack.
2761 ** If layer is being pushed onto the top of the stack, then
2762 ** PR_PushIOLayer switches the contents of stack and layer, and then
2763 ** puts stack on top of layer, so that after it is done, the top of
2764 ** stack is the same "stack" as it was before, and layer is now the
2765 ** FD for the former top of stack.
2766 ** After this call, stack always points to the top PRFD on the stack.
2767 ** If this function fails, the contents of stack and layer are as
2768 ** they were before the call.
2769 */
2770 status = PR_PushIOLayer(stack, id, layer);
2771 if (status != PR_SUCCESS)
2772 goto loser;
2774 ns->fd = (id == PR_TOP_IO_LAYER) ? stack : layer;
2775 return PR_SUCCESS;
2777 loser:
2778 if (layer) {
2779 layer->dtor(layer); /* free layer */
2780 }
2781 return PR_FAILURE;
2782 }
2784 /* if this fails, caller must destroy socket. */
2785 static SECStatus
2786 ssl_MakeLocks(sslSocket *ss)
2787 {
2788 ss->firstHandshakeLock = PZ_NewMonitor(nssILockSSL);
2789 if (!ss->firstHandshakeLock)
2790 goto loser;
2791 ss->ssl3HandshakeLock = PZ_NewMonitor(nssILockSSL);
2792 if (!ss->ssl3HandshakeLock)
2793 goto loser;
2794 ss->specLock = NSSRWLock_New(SSL_LOCK_RANK_SPEC, NULL);
2795 if (!ss->specLock)
2796 goto loser;
2797 ss->recvBufLock = PZ_NewMonitor(nssILockSSL);
2798 if (!ss->recvBufLock)
2799 goto loser;
2800 ss->xmitBufLock = PZ_NewMonitor(nssILockSSL);
2801 if (!ss->xmitBufLock)
2802 goto loser;
2803 ss->writerThread = NULL;
2804 if (ssl_lock_readers) {
2805 ss->recvLock = PZ_NewLock(nssILockSSL);
2806 if (!ss->recvLock)
2807 goto loser;
2808 ss->sendLock = PZ_NewLock(nssILockSSL);
2809 if (!ss->sendLock)
2810 goto loser;
2811 }
2812 return SECSuccess;
2813 loser:
2814 ssl_DestroyLocks(ss);
2815 return SECFailure;
2816 }
2818 #if defined(XP_UNIX) || defined(XP_WIN32) || defined(XP_BEOS)
2819 #define NSS_HAVE_GETENV 1
2820 #endif
2822 #define LOWER(x) (x | 0x20) /* cheap ToLower function ignores LOCALE */
2824 static void
2825 ssl_SetDefaultsFromEnvironment(void)
2826 {
2827 #if defined( NSS_HAVE_GETENV )
2828 static int firsttime = 1;
2830 if (firsttime) {
2831 char * ev;
2832 firsttime = 0;
2833 #ifdef DEBUG
2834 ev = getenv("SSLDEBUGFILE");
2835 if (ev && ev[0]) {
2836 ssl_trace_iob = fopen(ev, "w");
2837 }
2838 if (!ssl_trace_iob) {
2839 ssl_trace_iob = stderr;
2840 }
2841 #ifdef TRACE
2842 ev = getenv("SSLTRACE");
2843 if (ev && ev[0]) {
2844 ssl_trace = atoi(ev);
2845 SSL_TRACE(("SSL: tracing set to %d", ssl_trace));
2846 }
2847 #endif /* TRACE */
2848 ev = getenv("SSLDEBUG");
2849 if (ev && ev[0]) {
2850 ssl_debug = atoi(ev);
2851 SSL_TRACE(("SSL: debugging set to %d", ssl_debug));
2852 }
2853 #endif /* DEBUG */
2854 ev = getenv("SSLKEYLOGFILE");
2855 if (ev && ev[0]) {
2856 ssl_keylog_iob = fopen(ev, "a");
2857 if (!ssl_keylog_iob) {
2858 SSL_TRACE(("SSL: failed to open key log file"));
2859 } else {
2860 if (ftell(ssl_keylog_iob) == 0) {
2861 fputs("# SSL/TLS secrets log file, generated by NSS\n",
2862 ssl_keylog_iob);
2863 }
2864 SSL_TRACE(("SSL: logging SSL/TLS secrets to %s", ev));
2865 }
2866 }
2867 #ifndef NO_PKCS11_BYPASS
2868 ev = getenv("SSLBYPASS");
2869 if (ev && ev[0]) {
2870 ssl_defaults.bypassPKCS11 = (ev[0] == '1');
2871 SSL_TRACE(("SSL: bypass default set to %d", \
2872 ssl_defaults.bypassPKCS11));
2873 }
2874 #endif /* NO_PKCS11_BYPASS */
2875 ev = getenv("SSLFORCELOCKS");
2876 if (ev && ev[0] == '1') {
2877 ssl_force_locks = PR_TRUE;
2878 ssl_defaults.noLocks = 0;
2879 strcpy(lockStatus + LOCKSTATUS_OFFSET, "FORCED. ");
2880 SSL_TRACE(("SSL: force_locks set to %d", ssl_force_locks));
2881 }
2882 ev = getenv("NSS_SSL_ENABLE_RENEGOTIATION");
2883 if (ev) {
2884 if (ev[0] == '1' || LOWER(ev[0]) == 'u')
2885 ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_UNRESTRICTED;
2886 else if (ev[0] == '0' || LOWER(ev[0]) == 'n')
2887 ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_NEVER;
2888 else if (ev[0] == '2' || LOWER(ev[0]) == 'r')
2889 ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN;
2890 else if (ev[0] == '3' || LOWER(ev[0]) == 't')
2891 ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_TRANSITIONAL;
2892 SSL_TRACE(("SSL: enableRenegotiation set to %d",
2893 ssl_defaults.enableRenegotiation));
2894 }
2895 ev = getenv("NSS_SSL_REQUIRE_SAFE_NEGOTIATION");
2896 if (ev && ev[0] == '1') {
2897 ssl_defaults.requireSafeNegotiation = PR_TRUE;
2898 SSL_TRACE(("SSL: requireSafeNegotiation set to %d",
2899 PR_TRUE));
2900 }
2901 ev = getenv("NSS_SSL_CBC_RANDOM_IV");
2902 if (ev && ev[0] == '0') {
2903 ssl_defaults.cbcRandomIV = PR_FALSE;
2904 SSL_TRACE(("SSL: cbcRandomIV set to 0"));
2905 }
2906 }
2907 #endif /* NSS_HAVE_GETENV */
2908 }
2910 /*
2911 ** Create a newsocket structure for a file descriptor.
2912 */
2913 static sslSocket *
2914 ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
2915 {
2916 sslSocket *ss;
2918 ssl_SetDefaultsFromEnvironment();
2920 if (ssl_force_locks)
2921 makeLocks = PR_TRUE;
2923 /* Make a new socket and get it ready */
2924 ss = (sslSocket*) PORT_ZAlloc(sizeof(sslSocket));
2925 if (ss) {
2926 /* This should be of type SSLKEAType, but CC on IRIX
2927 * complains during the for loop.
2928 */
2929 int i;
2930 SECStatus status;
2932 ss->opt = ssl_defaults;
2933 ss->opt.useSocks = PR_FALSE;
2934 ss->opt.noLocks = !makeLocks;
2935 ss->vrange = *VERSIONS_DEFAULTS(protocolVariant);
2936 ss->protocolVariant = protocolVariant;
2938 ss->peerID = NULL;
2939 ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
2940 ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
2941 ss->cTimeout = PR_INTERVAL_NO_TIMEOUT;
2942 ss->cipherSpecs = NULL;
2943 ss->sizeCipherSpecs = 0; /* produced lazily */
2944 ss->preferredCipher = NULL;
2945 ss->url = NULL;
2947 for (i=kt_null; i < kt_kea_size; i++) {
2948 sslServerCerts * sc = ss->serverCerts + i;
2949 sc->serverCert = NULL;
2950 sc->serverCertChain = NULL;
2951 sc->serverKeyPair = NULL;
2952 sc->serverKeyBits = 0;
2953 ss->certStatusArray[i] = NULL;
2954 }
2955 ss->stepDownKeyPair = NULL;
2956 ss->dbHandle = CERT_GetDefaultCertDB();
2958 /* Provide default implementation of hooks */
2959 ss->authCertificate = SSL_AuthCertificate;
2960 ss->authCertificateArg = (void *)ss->dbHandle;
2961 ss->sniSocketConfig = NULL;
2962 ss->sniSocketConfigArg = NULL;
2963 ss->getClientAuthData = NULL;
2964 ss->handleBadCert = NULL;
2965 ss->badCertArg = NULL;
2966 ss->pkcs11PinArg = NULL;
2967 ss->ephemeralECDHKeyPair = NULL;
2969 ssl_ChooseOps(ss);
2970 ssl2_InitSocketPolicy(ss);
2971 ssl3_InitSocketPolicy(ss);
2972 PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight);
2974 if (makeLocks) {
2975 status = ssl_MakeLocks(ss);
2976 if (status != SECSuccess)
2977 goto loser;
2978 }
2979 status = ssl_CreateSecurityInfo(ss);
2980 if (status != SECSuccess)
2981 goto loser;
2982 status = ssl_InitGather(&ss->gs);
2983 if (status != SECSuccess) {
2984 loser:
2985 ssl_DestroySocketContents(ss);
2986 ssl_DestroyLocks(ss);
2987 PORT_Free(ss);
2988 ss = NULL;
2989 }
2990 }
2991 return ss;
2992 }
