• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * This file is PRIVATE to SSL and should be the first thing included by
3  * any SSL implementation file.
4  *
5  * ***** BEGIN LICENSE BLOCK *****
6  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
7  *
8  * The contents of this file are subject to the Mozilla Public License Version
9  * 1.1 (the "License"); you may not use this file except in compliance with
10  * the License. You may obtain a copy of the License at
11  * http://www.mozilla.org/MPL/
12  *
13  * Software distributed under the License is distributed on an "AS IS" basis,
14  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
15  * for the specific language governing rights and limitations under the
16  * License.
17  *
18  * The Original Code is the Netscape security libraries.
19  *
20  * The Initial Developer of the Original Code is
21  * Netscape Communications Corporation.
22  * Portions created by the Initial Developer are Copyright (C) 1994-2000
23  * the Initial Developer. All Rights Reserved.
24  *
25  * Contributor(s):
26  *   Dr Stephen Henson <stephen.henson@gemplus.com>
27  *   Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
28  *
29  * Alternatively, the contents of this file may be used under the terms of
30  * either the GNU General Public License Version 2 or later (the "GPL"), or
31  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
32  * in which case the provisions of the GPL or the LGPL are applicable instead
33  * of those above. If you wish to allow use of your version of this file only
34  * under the terms of either the GPL or the LGPL, and not to allow others to
35  * use your version of this file under the terms of the MPL, indicate your
36  * decision by deleting the provisions above and replace them with the notice
37  * and other provisions required by the GPL or the LGPL. If you do not delete
38  * the provisions above, a recipient may use your version of this file under
39  * the terms of any one of the MPL, the GPL or the LGPL.
40  *
41  * ***** END LICENSE BLOCK ***** */
42 /* $Id: sslimpl.h,v 1.70 2009/11/21 03:40:49 wtc%google.com Exp $ */
43 
44 #ifndef __sslimpl_h_
45 #define __sslimpl_h_
46 
47 #ifdef DEBUG
48 #undef NDEBUG
49 #else
50 #undef NDEBUG
51 #define NDEBUG
52 #endif
53 #include "secport.h"
54 #include "secerr.h"
55 #include "sslerr.h"
56 #include "ssl3prot.h"
57 #include "hasht.h"
58 #include "nssilock.h"
59 #include "pkcs11t.h"
60 #if defined(XP_UNIX) || defined(XP_BEOS)
61 #include "unistd.h"
62 #endif
63 #include "nssrwlk.h"
64 #include "prthread.h"
65 
66 #include "sslt.h" /* for some formerly private types, now public */
67 
68 /* to make some of these old enums public without namespace pollution,
69 ** it was necessary to prepend ssl_ to the names.
70 ** These #defines preserve compatibility with the old code here in libssl.
71 */
72 typedef SSLKEAType      SSL3KEAType;
73 typedef SSLMACAlgorithm SSL3MACAlgorithm;
74 typedef SSLSignType     SSL3SignType;
75 
76 #define sign_null	ssl_sign_null
77 #define sign_rsa	ssl_sign_rsa
78 #define sign_dsa	ssl_sign_dsa
79 #define sign_ecdsa	ssl_sign_ecdsa
80 
81 #define calg_null	ssl_calg_null
82 #define calg_rc4	ssl_calg_rc4
83 #define calg_rc2	ssl_calg_rc2
84 #define calg_des	ssl_calg_des
85 #define calg_3des	ssl_calg_3des
86 #define calg_idea	ssl_calg_idea
87 #define calg_fortezza	ssl_calg_fortezza /* deprecated, must preserve */
88 #define calg_aes	ssl_calg_aes
89 #define calg_camellia	ssl_calg_camellia
90 #define calg_seed	ssl_calg_seed
91 
92 #define mac_null	ssl_mac_null
93 #define mac_md5 	ssl_mac_md5
94 #define mac_sha 	ssl_mac_sha
95 #define hmac_md5	ssl_hmac_md5
96 #define hmac_sha	ssl_hmac_sha
97 
98 #define SET_ERROR_CODE		/* reminder */
99 #define SEND_ALERT		/* reminder */
100 #define TEST_FOR_FAILURE	/* reminder */
101 #define DEAL_WITH_FAILURE	/* reminder */
102 
103 #if defined(DEBUG) || defined(TRACE)
104 #ifdef __cplusplus
105 #define Debug 1
106 #else
107 extern int Debug;
108 #endif
109 #else
110 #undef Debug
111 #endif
112 
113 #if defined(DEBUG) && !defined(TRACE) && !defined(NISCC_TEST)
114 #define TRACE
115 #endif
116 
117 #ifdef TRACE
118 #define SSL_TRC(a,b) if (ssl_trace >= (a)) ssl_Trace b
119 #define PRINT_BUF(a,b) if (ssl_trace >= (a)) ssl_PrintBuf b
120 #define DUMP_MSG(a,b) if (ssl_trace >= (a)) ssl_DumpMsg b
121 #else
122 #define SSL_TRC(a,b)
123 #define PRINT_BUF(a,b)
124 #define DUMP_MSG(a,b)
125 #endif
126 
127 #ifdef DEBUG
128 #define SSL_DBG(b) if (ssl_debug) ssl_Trace b
129 #else
130 #define SSL_DBG(b)
131 #endif
132 
133 #ifdef macintosh
134 #include "pprthred.h"
135 #else
136 #include "private/pprthred.h"	/* for PR_InMonitor() */
137 #endif
138 #define ssl_InMonitor(m) PZ_InMonitor(m)
139 
140 #define LSB(x) ((unsigned char) (x & 0xff))
141 #define MSB(x) ((unsigned char) (((unsigned)(x)) >> 8))
142 
143 /************************************************************************/
144 
145 typedef enum { SSLAppOpRead = 0,
146 	       SSLAppOpWrite,
147 	       SSLAppOpRDWR,
148 	       SSLAppOpPost,
149 	       SSLAppOpHeader
150 } SSLAppOperation;
151 
152 #define SSL_MIN_MASTER_KEY_BYTES	5
153 #define SSL_MAX_MASTER_KEY_BYTES	64
154 
155 #define SSL2_SESSIONID_BYTES		16
156 #define SSL3_SESSIONID_BYTES		32
157 
158 #define SSL_MIN_CHALLENGE_BYTES		16
159 #define SSL_MAX_CHALLENGE_BYTES		32
160 #define SSL_CHALLENGE_BYTES		16
161 
162 #define SSL_CONNECTIONID_BYTES		16
163 
164 #define SSL_MIN_CYPHER_ARG_BYTES	0
165 #define SSL_MAX_CYPHER_ARG_BYTES	32
166 
167 #define SSL_MAX_MAC_BYTES		16
168 
169 #define SSL3_RSA_PMS_LENGTH 48
170 #define SSL3_MASTER_SECRET_LENGTH 48
171 
172 /* number of wrap mechanisms potentially used to wrap master secrets. */
173 #define SSL_NUM_WRAP_MECHS              16
174 
175 /* This makes the cert cache entry exactly 4k. */
176 #define SSL_MAX_CACHED_CERT_LEN		4060
177 
178 #define NUM_MIXERS                      9
179 
180 /* Mask of the 25 named curves we support. */
181 #ifndef NSS_ECC_MORE_THAN_SUITE_B
182 #define SSL3_SUPPORTED_CURVES_MASK 0x3800000	/* only 3 curves, suite B*/
183 #else
184 #define SSL3_SUPPORTED_CURVES_MASK 0x3fffffe
185 #endif
186 
187 #ifndef BPB
188 #define BPB 8 /* Bits Per Byte */
189 #endif
190 
191 #define EXPORT_RSA_KEY_LENGTH 64	/* bytes */
192 
193 typedef struct sslBufferStr             sslBuffer;
194 typedef struct sslConnectInfoStr        sslConnectInfo;
195 typedef struct sslGatherStr             sslGather;
196 typedef struct sslSecurityInfoStr       sslSecurityInfo;
197 typedef struct sslSessionIDStr          sslSessionID;
198 typedef struct sslSocketStr             sslSocket;
199 typedef struct sslSocketOpsStr          sslSocketOps;
200 
201 typedef struct ssl3StateStr             ssl3State;
202 typedef struct ssl3CertNodeStr          ssl3CertNode;
203 typedef struct ssl3BulkCipherDefStr     ssl3BulkCipherDef;
204 typedef struct ssl3MACDefStr            ssl3MACDef;
205 typedef struct ssl3KeyPairStr		ssl3KeyPair;
206 
207 struct ssl3CertNodeStr {
208     struct ssl3CertNodeStr *next;
209     CERTCertificate *       cert;
210 };
211 
212 typedef SECStatus (*sslHandshakeFunc)(sslSocket *ss);
213 
214 /* This type points to the low layer send func,
215 ** e.g. ssl2_SendStream or ssl3_SendPlainText.
216 ** These functions return the same values as PR_Send,
217 ** i.e.  >= 0 means number of bytes sent, < 0 means error.
218 */
219 typedef PRInt32       (*sslSendFunc)(sslSocket *ss, const unsigned char *buf,
220 			             PRInt32 n, PRInt32 flags);
221 
222 typedef void          (*sslSessionIDCacheFunc)  (sslSessionID *sid);
223 typedef void          (*sslSessionIDUncacheFunc)(sslSessionID *sid);
224 typedef sslSessionID *(*sslSessionIDLookupFunc)(const PRIPv6Addr    *addr,
225 						unsigned char* sid,
226 						unsigned int   sidLen,
227                                                 CERTCertDBHandle * dbHandle);
228 
229 /* registerable callback function that either appends extension to buffer
230  * or returns length of data that it would have appended.
231  */
232 typedef PRInt32 (*ssl3HelloExtensionSenderFunc)(sslSocket *ss, PRBool append,
233 						PRUint32 maxBytes);
234 
235 /* registerable callback function that handles a received extension,
236  * of the given type.
237  */
238 typedef SECStatus (* ssl3HelloExtensionHandlerFunc)(sslSocket *ss,
239 						    PRUint16   ex_type,
240                                                     SECItem *  data);
241 
242 /* row in a table of hello extension senders */
243 typedef struct {
244     PRInt32                      ex_type;
245     ssl3HelloExtensionSenderFunc ex_sender;
246 } ssl3HelloExtensionSender;
247 
248 /* row in a table of hello extension handlers */
249 typedef struct {
250     PRInt32                       ex_type;
251     ssl3HelloExtensionHandlerFunc ex_handler;
252 } ssl3HelloExtensionHandler;
253 
254 extern SECStatus
255 ssl3_RegisterServerHelloExtensionSender(sslSocket *ss, PRUint16 ex_type,
256 				        ssl3HelloExtensionSenderFunc cb);
257 
258 extern PRInt32
259 ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes,
260                                const ssl3HelloExtensionSender *sender);
261 
262 /* Socket ops */
263 struct sslSocketOpsStr {
264     int         (*connect) (sslSocket *, const PRNetAddr *);
265     PRFileDesc *(*accept)  (sslSocket *, PRNetAddr *);
266     int         (*bind)    (sslSocket *, const PRNetAddr *);
267     int         (*listen)  (sslSocket *, int);
268     int         (*shutdown)(sslSocket *, int);
269     int         (*close)   (sslSocket *);
270 
271     int         (*recv)    (sslSocket *, unsigned char *, int, int);
272 
273     /* points to the higher-layer send func, e.g. ssl_SecureSend. */
274     int         (*send)    (sslSocket *, const unsigned char *, int, int);
275     int         (*read)    (sslSocket *, unsigned char *, int);
276     int         (*write)   (sslSocket *, const unsigned char *, int);
277 
278     int         (*getpeername)(sslSocket *, PRNetAddr *);
279     int         (*getsockname)(sslSocket *, PRNetAddr *);
280 };
281 
282 /* Flags interpreted by ssl send functions. */
283 #define ssl_SEND_FLAG_FORCE_INTO_BUFFER	0x40000000
284 #define ssl_SEND_FLAG_NO_BUFFER		0x20000000
285 #define ssl_SEND_FLAG_MASK		0x7f000000
286 
287 /*
288 ** A buffer object.
289 */
290 struct sslBufferStr {
291     unsigned char *	buf;
292     unsigned int 	len;
293     unsigned int 	space;
294 };
295 
296 /*
297 ** SSL3 cipher suite policy and preference struct.
298 */
299 typedef struct {
300 #if !defined(_WIN32)
301     unsigned int    cipher_suite : 16;
302     unsigned int    policy       :  8;
303     unsigned int    enabled      :  1;
304     unsigned int    isPresent    :  1;
305 #else
306     ssl3CipherSuite cipher_suite;
307     PRUint8         policy;
308     unsigned char   enabled   : 1;
309     unsigned char   isPresent : 1;
310 #endif
311 } ssl3CipherSuiteCfg;
312 
313 #ifdef NSS_ENABLE_ECC
314 #define ssl_V3_SUITES_IMPLEMENTED 50
315 #else
316 #define ssl_V3_SUITES_IMPLEMENTED 30
317 #endif /* NSS_ENABLE_ECC */
318 
319 typedef struct sslOptionsStr {
320     /* For clients, this is a validated list of protocols in preference order
321      * and wire format. For servers, this is the list of support protocols,
322      * also in wire format. */
323     SECItem      nextProtoNego;
324 
325     unsigned int useSecurity		: 1;  /*  1 */
326     unsigned int useSocks		: 1;  /*  2 */
327     unsigned int requestCertificate	: 1;  /*  3 */
328     unsigned int requireCertificate	: 2;  /*  4-5 */
329     unsigned int handshakeAsClient	: 1;  /*  6 */
330     unsigned int handshakeAsServer	: 1;  /*  7 */
331     unsigned int enableSSL2		: 1;  /*  8 */
332     unsigned int enableSSL3		: 1;  /*  9 */
333     unsigned int enableTLS		: 1;  /* 10 */
334     unsigned int noCache		: 1;  /* 11 */
335     unsigned int fdx			: 1;  /* 12 */
336     unsigned int v2CompatibleHello	: 1;  /* 13 */
337     unsigned int detectRollBack  	: 1;  /* 14 */
338     unsigned int noStepDown             : 1;  /* 15 */
339     unsigned int bypassPKCS11           : 1;  /* 16 */
340     unsigned int noLocks                : 1;  /* 17 */
341     unsigned int enableSessionTickets   : 1;  /* 18 */
342     unsigned int enableDeflate          : 1;  /* 19 */
343     unsigned int enableRenegotiation    : 2;  /* 20-21 */
344     unsigned int requireSafeNegotiation : 1;  /* 22 */
345 } sslOptions;
346 
347 typedef enum { sslHandshakingUndetermined = 0,
348 	       sslHandshakingAsClient,
349 	       sslHandshakingAsServer
350 } sslHandshakingType;
351 
352 typedef struct sslServerCertsStr {
353     /* Configuration state for server sockets */
354     CERTCertificate *     serverCert;
355     CERTCertificateList * serverCertChain;
356     ssl3KeyPair *         serverKeyPair;
357     unsigned int          serverKeyBits;
358 } sslServerCerts;
359 
360 #define SERVERKEY serverKeyPair->privKey
361 
362 #define SSL_LOCK_RANK_SPEC 	255
363 #define SSL_LOCK_RANK_GLOBAL 	NSS_RWLOCK_RANK_NONE
364 
365 /* These are the valid values for shutdownHow.
366 ** These values are each 1 greater than the NSPR values, and the code
367 ** depends on that relation to efficiently convert PR_SHUTDOWN values
368 ** into ssl_SHUTDOWN values.  These values use one bit for read, and
369 ** another bit for write, and can be used as bitmasks.
370 */
371 #define ssl_SHUTDOWN_NONE	0	/* NOT shutdown at all */
372 #define ssl_SHUTDOWN_RCV	1	/* PR_SHUTDOWN_RCV  +1 */
373 #define ssl_SHUTDOWN_SEND	2	/* PR_SHUTDOWN_SEND +1 */
374 #define ssl_SHUTDOWN_BOTH	3	/* PR_SHUTDOWN_BOTH +1 */
375 
376 /*
377 ** A gather object. Used to read some data until a count has been
378 ** satisfied. Primarily for support of async sockets.
379 ** Everything in here is protected by the recvBufLock.
380 */
381 struct sslGatherStr {
382     int           state;	/* see GS_ values below. */     /* ssl 2 & 3 */
383 
384     /* "buf" holds received plaintext SSL records, after decrypt and MAC check.
385      * SSL2: recv'd ciphertext records are put here, then decrypted in place.
386      * SSL3: recv'd ciphertext records are put in inbuf (see below), then
387      *       decrypted into buf.
388      */
389     sslBuffer     buf;				/*recvBufLock*/	/* ssl 2 & 3 */
390 
391     /* number of bytes previously read into hdr or buf(ssl2) or inbuf (ssl3).
392     ** (offset - writeOffset) is the number of ciphertext bytes read in but
393     **     not yet deciphered.
394     */
395     unsigned int  offset;                                       /* ssl 2 & 3 */
396 
397     /* number of bytes to read in next call to ssl_DefRecv (recv) */
398     unsigned int  remainder;                                    /* ssl 2 & 3 */
399 
400     /* Number of ciphertext bytes to read in after 2-byte SSL record header. */
401     unsigned int  count;					/* ssl2 only */
402 
403     /* size of the final plaintext record.
404     ** == count - (recordPadding + MAC size)
405     */
406     unsigned int  recordLen;					/* ssl2 only */
407 
408     /* number of bytes of padding to be removed after decrypting. */
409     /* This value is taken from the record's hdr[2], which means a too large
410      * value could crash us.
411      */
412     unsigned int  recordPadding;				/* ssl2 only */
413 
414     /* plaintext DATA begins this many bytes into "buf".  */
415     unsigned int  recordOffset;					/* ssl2 only */
416 
417     int           encrypted;    /* SSL2 session is now encrypted.  ssl2 only */
418 
419     /* These next two values are used by SSL2 and SSL3.
420     ** DoRecv uses them to extract application data.
421     ** The difference between writeOffset and readOffset is the amount of
422     ** data available to the application.   Note that the actual offset of
423     ** the data in "buf" is recordOffset (above), not readOffset.
424     ** In the current implementation, this is made available before the
425     ** MAC is checked!!
426     */
427     unsigned int  readOffset;  /* Spot where DATA reader (e.g. application
428                                ** or handshake code) will read next.
429                                ** Always zero for SSl3 application data.
430 			       */
431     /* offset in buf/inbuf/hdr into which new data will be read from socket. */
432     unsigned int  writeOffset;
433 
434     /* Buffer for ssl3 to read (encrypted) data from the socket */
435     sslBuffer     inbuf;			/*recvBufLock*/	/* ssl3 only */
436 
437     /* The ssl[23]_GatherData functions read data into this buffer, rather
438     ** than into buf or inbuf, while in the GS_HEADER state.
439     ** The portion of the SSL record header put here always comes off the wire
440     ** as plaintext, never ciphertext.
441     ** For SSL2, the plaintext portion is two bytes long.  For SSl3 it is 5.
442     */
443     unsigned char hdr[5];					/* ssl 2 & 3 */
444 };
445 
446 /* sslGather.state */
447 #define GS_INIT		0
448 #define GS_HEADER	1
449 #define GS_MAC		2
450 #define GS_DATA		3
451 #define GS_PAD		4
452 
453 typedef SECStatus (*SSLCipher)(void *               context,
454                                unsigned char *      out,
455 			       int *                outlen,
456 			       int                  maxout,
457 			       const unsigned char *in,
458 			       int                  inlen);
459 typedef SECStatus (*SSLCompressor)(void *               context,
460                                    unsigned char *      out,
461                                    int *                outlen,
462                                    int                  maxout,
463                                    const unsigned char *in,
464                                    int                  inlen);
465 typedef SECStatus (*SSLDestroy)(void *context, PRBool freeit);
466 
467 
468 
469 /*
470 ** ssl3State and CipherSpec structs
471 */
472 
473 /* The SSL bulk cipher definition */
474 typedef enum {
475     cipher_null,
476     cipher_rc4,
477     cipher_rc4_40,
478     cipher_rc4_56,
479     cipher_rc2,
480     cipher_rc2_40,
481     cipher_des,
482     cipher_3des,
483     cipher_des40,
484     cipher_idea,
485     cipher_aes_128,
486     cipher_aes_256,
487     cipher_camellia_128,
488     cipher_camellia_256,
489     cipher_seed,
490     cipher_missing              /* reserved for no such supported cipher */
491     /* This enum must match ssl3_cipherName[] in ssl3con.c.  */
492 } SSL3BulkCipher;
493 
494 typedef enum { type_stream, type_block } CipherType;
495 
496 #define MAX_IV_LENGTH 64
497 
498 /*
499  * Do not depend upon 64 bit arithmetic in the underlying machine.
500  */
501 typedef struct {
502     PRUint32         high;
503     PRUint32         low;
504 } SSL3SequenceNumber;
505 
506 #define MAX_MAC_CONTEXT_BYTES 400
507 #define MAX_MAC_CONTEXT_LLONGS (MAX_MAC_CONTEXT_BYTES / 8)
508 
509 #define MAX_CIPHER_CONTEXT_BYTES 2080
510 #define MAX_CIPHER_CONTEXT_LLONGS (MAX_CIPHER_CONTEXT_BYTES / 8)
511 
512 typedef struct {
513     SSL3Opaque        client_write_iv         [24];
514     SSL3Opaque        server_write_iv         [24];
515     SSL3Opaque        wrapped_master_secret   [48];
516     PRUint16          wrapped_master_secret_len;
517     PRUint8           msIsWrapped;
518     PRUint8           resumable;
519 } ssl3SidKeys; /* 100 bytes */
520 
521 typedef struct {
522     PK11SymKey  *write_key;
523     PK11SymKey  *write_mac_key;
524     PK11Context *write_mac_context;
525     SECItem     write_key_item;
526     SECItem     write_iv_item;
527     SECItem     write_mac_key_item;
528     SSL3Opaque  write_iv[MAX_IV_LENGTH];
529     PRUint64    cipher_context[MAX_CIPHER_CONTEXT_LLONGS];
530 } ssl3KeyMaterial;
531 
532 /*
533 ** These are the "specs" in the "ssl3" struct.
534 ** Access to the pointers to these specs, and all the specs' contents
535 ** (direct and indirect) is protected by the reader/writer lock ss->specLock.
536 */
537 typedef struct {
538     const ssl3BulkCipherDef *cipher_def;
539     const ssl3MACDef * mac_def;
540     SSLCompressionMethod compression_method;
541     int                mac_size;
542     SSLCipher          encode;
543     SSLCipher          decode;
544     SSLDestroy         destroy;
545     void *             encodeContext;
546     void *             decodeContext;
547     SSLCompressor      compressor;    /* Don't name these fields compress */
548     SSLCompressor      decompressor;  /* and uncompress because zconf.h   */
549                                       /* may define them as macros.       */
550     SSLDestroy         destroyCompressContext;
551     void *             compressContext;
552     SSLDestroy         destroyDecompressContext;
553     void *             decompressContext;
554     PRBool             bypassCiphers;	/* did double bypass (at least) */
555     PK11SymKey *       master_secret;
556     SSL3SequenceNumber write_seq_num;
557     SSL3SequenceNumber read_seq_num;
558     SSL3ProtocolVersion version;
559     ssl3KeyMaterial    client;
560     ssl3KeyMaterial    server;
561     SECItem            msItem;
562     unsigned char      key_block[NUM_MIXERS * MD5_LENGTH];
563     unsigned char      raw_master_secret[56];
564 } ssl3CipherSpec;
565 
566 typedef enum {	never_cached,
567 		in_client_cache,
568 		in_server_cache,
569 		invalid_cache		/* no longer in any cache. */
570 } Cached;
571 
572 struct sslSessionIDStr {
573     sslSessionID *        next;   /* chain used for client sockets, only */
574 
575     CERTCertificate *     peerCert;
576     const char *          peerID;     /* client only */
577     const char *          urlSvrName; /* client only */
578     CERTCertificate *     localCert;
579 
580     PRIPv6Addr            addr;
581     PRUint16              port;
582 
583     SSL3ProtocolVersion   version;
584 
585     PRUint32              creationTime;		/* seconds since Jan 1, 1970 */
586     PRUint32              lastAccessTime;	/* seconds since Jan 1, 1970 */
587     PRUint32              expirationTime;	/* seconds since Jan 1, 1970 */
588     Cached                cached;
589     int                   references;
590 
591     SSLSignType           authAlgorithm;
592     PRUint32              authKeyBits;
593     SSLKEAType            keaType;
594     PRUint32              keaKeyBits;
595 
596     union {
597 	struct {
598 	    /* the V2 code depends upon the size of sessionID.  */
599 	    unsigned char         sessionID[SSL2_SESSIONID_BYTES];
600 
601 	    /* Stuff used to recreate key and read/write cipher objects */
602 	    SECItem               masterKey;        /* never wrapped */
603 	    int                   cipherType;
604 	    SECItem               cipherArg;
605 	    int                   keyBits;
606 	    int                   secretKeyBits;
607 	} ssl2;
608 	struct {
609 	    /* values that are copied into the server's on-disk SID cache. */
610 	    uint8                 sessionIDLength;
611 	    SSL3Opaque            sessionID[SSL3_SESSIONID_BYTES];
612 
613 	    ssl3CipherSuite       cipherSuite;
614 	    SSLCompressionMethod  compression;
615 	    int                   policy;
616 	    ssl3SidKeys           keys;
617 	    CK_MECHANISM_TYPE     masterWrapMech;
618 				  /* mechanism used to wrap master secret */
619             SSL3KEAType           exchKeyType;
620 				  /* key type used in exchange algorithm,
621 				   * and to wrap the sym wrapping key. */
622 #ifdef NSS_ENABLE_ECC
623 	    PRUint32              negotiatedECCurves;
624 #endif /* NSS_ENABLE_ECC */
625 
626 	    /* The following values are NOT restored from the server's on-disk
627 	     * session cache, but are restored from the client's cache.
628 	     */
629  	    PK11SymKey *      clientWriteKey;
630 	    PK11SymKey *      serverWriteKey;
631 
632 	    /* The following values pertain to the slot that wrapped the
633 	    ** master secret. (used only in client)
634 	    */
635 	    SECMODModuleID    masterModuleID;
636 				    /* what module wrapped the master secret */
637 	    CK_SLOT_ID        masterSlotID;
638 	    PRUint16	      masterWrapIndex;
639 				/* what's the key index for the wrapping key */
640 	    PRUint16          masterWrapSeries;
641 	                        /* keep track of the slot series, so we don't
642 				 * accidently try to use new keys after the
643 				 * card gets removed and replaced.*/
644 
645 	    /* The following values pertain to the slot that did the signature
646 	    ** for client auth.   (used only in client)
647 	    */
648 	    SECMODModuleID    clAuthModuleID;
649 	    CK_SLOT_ID        clAuthSlotID;
650 	    PRUint16          clAuthSeries;
651 
652             char              masterValid;
653 	    char              clAuthValid;
654 
655 	    /* Session ticket if we have one, is sent as an extension in the
656 	     * ClientHello message.  This field is used by clients.
657 	     */
658 	    NewSessionTicket  sessionTicket;
659 	} ssl3;
660     } u;
661 };
662 
663 
664 typedef struct ssl3CipherSuiteDefStr {
665     ssl3CipherSuite          cipher_suite;
666     SSL3BulkCipher           bulk_cipher_alg;
667     SSL3MACAlgorithm         mac_alg;
668     SSL3KeyExchangeAlgorithm key_exchange_alg;
669 } ssl3CipherSuiteDef;
670 
671 /*
672 ** There are tables of these, all const.
673 */
674 typedef struct {
675     SSL3KeyExchangeAlgorithm kea;
676     SSL3KEAType              exchKeyType;
677     SSL3SignType             signKeyType;
678     PRBool                   is_limited;
679     int                      key_size_limit;
680     PRBool                   tls_keygen;
681 } ssl3KEADef;
682 
683 typedef enum { kg_null, kg_strong, kg_export } SSL3KeyGenMode;
684 
685 /*
686 ** There are tables of these, all const.
687 */
688 struct ssl3BulkCipherDefStr {
689     SSL3BulkCipher  cipher;
690     SSLCipherAlgorithm calg;
691     int             key_size;
692     int             secret_key_size;
693     CipherType      type;
694     int             iv_size;
695     int             block_size;
696     SSL3KeyGenMode  keygen_mode;
697 };
698 
699 /*
700 ** There are tables of these, all const.
701 */
702 struct ssl3MACDefStr {
703     SSL3MACAlgorithm mac;
704     CK_MECHANISM_TYPE mmech;
705     int              pad_size;
706     int              mac_size;
707 };
708 
709 typedef enum {
710     wait_client_hello,
711     wait_client_cert,
712     wait_client_key,
713     wait_cert_verify,
714     wait_change_cipher,
715     wait_finished,
716     wait_server_hello,
717     wait_server_cert,
718     wait_server_key,
719     wait_cert_request,
720     wait_hello_done,
721     wait_new_session_ticket,
722     idle_handshake
723 } SSL3WaitState;
724 
725 /*
726  * TLS extension related constants and data structures.
727  */
728 typedef struct TLSExtensionDataStr       TLSExtensionData;
729 typedef struct SessionTicketDataStr      SessionTicketData;
730 
731 struct TLSExtensionDataStr {
732     /* registered callbacks that send server hello extensions */
733     ssl3HelloExtensionSender serverSenders[MAX_EXTENSIONS];
734     /* Keep track of the extensions that are negotiated. */
735     PRUint16 numAdvertised;
736     PRUint16 numNegotiated;
737     PRUint16 advertised[MAX_EXTENSIONS];
738     PRUint16 negotiated[MAX_EXTENSIONS];
739 
740     /* SessionTicket Extension related data. */
741     PRBool ticketTimestampVerified;
742     PRBool emptySessionTicket;
743 };
744 
745 /*
746 ** This is the "hs" member of the "ssl3" struct.
747 ** This entire struct is protected by ssl3HandshakeLock
748 */
749 typedef struct SSL3HandshakeStateStr {
750     SSL3Random            server_random;
751     SSL3Random            client_random;
752     SSL3WaitState         ws;
753     PRUint64              md5_cx[MAX_MAC_CONTEXT_LLONGS];
754     PRUint64              sha_cx[MAX_MAC_CONTEXT_LLONGS];
755     PK11Context *         md5;            /* handshake running hashes */
756     PK11Context *         sha;
757 const ssl3KEADef *        kea_def;
758     ssl3CipherSuite       cipher_suite;
759 const ssl3CipherSuiteDef *suite_def;
760     SSLCompressionMethod  compression;
761     sslBuffer             msg_body;    /* protected by recvBufLock */
762                                /* partial handshake message from record layer */
763     unsigned int          header_bytes;
764                                /* number of bytes consumed from handshake */
765                                /* message for message type and header length */
766     SSL3HandshakeType     msg_type;
767     unsigned long         msg_len;
768     SECItem               ca_list;     /* used only by client */
769     PRBool                isResuming;  /* are we resuming a session */
770     PRBool                rehandshake; /* immediately start another handshake
771                                         * when this one finishes */
772     PRBool                usedStepDownKey;  /* we did a server key exchange. */
773     sslBuffer             msgState;    /* current state for handshake messages*/
774                                        /* protected by recvBufLock */
775     sslBuffer             messages;    /* Accumulated handshake messages */
776 #ifdef NSS_ENABLE_ECC
777     PRUint32              negotiatedECCurves; /* bit mask */
778 #endif /* NSS_ENABLE_ECC */
779     PRBool                nextProtoNego;/* Our peer has sent this extension */
780 } SSL3HandshakeState;
781 
782 
783 
784 /*
785 ** This is the "ssl3" struct, as in "ss->ssl3".
786 ** note:
787 ** usually,   crSpec == cwSpec and prSpec == pwSpec.
788 ** Sometimes, crSpec == pwSpec and prSpec == cwSpec.
789 ** But there are never more than 2 actual specs.
790 ** No spec must ever be modified if either "current" pointer points to it.
791 */
792 struct ssl3StateStr {
793 
794     /*
795     ** The following Specs and Spec pointers must be protected using the
796     ** Spec Lock.
797     */
798     ssl3CipherSpec *     crSpec; 	/* current read spec. */
799     ssl3CipherSpec *     prSpec; 	/* pending read spec. */
800     ssl3CipherSpec *     cwSpec; 	/* current write spec. */
801     ssl3CipherSpec *     pwSpec; 	/* pending write spec. */
802 
803     CERTCertificate *    clientCertificate;  /* used by client */
804     SECKEYPrivateKey *   clientPrivateKey;   /* used by client */
805     CERTCertificateList *clientCertChain;    /* used by client */
806     PRBool               sendEmptyCert;      /* used by client */
807 
808     int                  policy;
809 			/* This says what cipher suites we can do, and should
810 			 * be either SSL_ALLOWED or SSL_RESTRICTED
811 			 */
812     PRArenaPool *        peerCertArena;
813 			    /* These are used to keep track of the peer CA */
814     void *               peerCertChain;
815 			    /* chain while we are trying to validate it.   */
816     CERTDistNames *      ca_list;
817 			    /* used by server.  trusted CAs for this socket. */
818     PRBool               initialized;
819     SSL3HandshakeState   hs;
820     ssl3CipherSpec       specs[2];	/* one is current, one is pending. */
821 
822     /* In a client: if the server supports Next Protocol Negotiation, then
823      * this is the protocol that was requested.
824      * In a server: this is the protocol that the client requested via Next
825      * Protocol Negotiation.
826      *
827      * In either case, if the data pointer is non-NULL, then it is malloced
828      * data.  */
829     SECItem		nextProto;
830     int			nextProtoState;	/* See SSL_NEXT_PROTO_* defines */
831 };
832 
833 typedef struct {
834     SSL3ContentType      type;
835     SSL3ProtocolVersion  version;
836     sslBuffer *          buf;
837 } SSL3Ciphertext;
838 
839 struct ssl3KeyPairStr {
840     SECKEYPrivateKey *    privKey;
841     SECKEYPublicKey *     pubKey;
842     PRInt32               refCount;	/* use PR_Atomic calls for this. */
843 };
844 
845 typedef struct SSLWrappedSymWrappingKeyStr {
846     SSL3Opaque        wrappedSymmetricWrappingkey[512];
847     SSL3Opaque        wrapIV[24];
848     CK_MECHANISM_TYPE symWrapMechanism;
849 		    /* unwrapped symmetric wrapping key uses this mechanism */
850     CK_MECHANISM_TYPE asymWrapMechanism;
851 		    /* mechanism used to wrap the SymmetricWrappingKey using
852 		     * server's public and/or private keys. */
853     SSL3KEAType       exchKeyType;   /* type of keys used to wrap SymWrapKey*/
854     PRInt32           symWrapMechIndex;
855     PRUint16          wrappedSymKeyLen;
856     PRUint16          wrapIVLen;
857 } SSLWrappedSymWrappingKey;
858 
859 typedef struct SessionTicketStr {
860     uint16                ticket_version;
861     SSL3ProtocolVersion   ssl_version;
862     ssl3CipherSuite       cipher_suite;
863     SSLCompressionMethod  compression_method;
864     SSLSignType           authAlgorithm;
865     uint32                authKeyBits;
866     SSLKEAType            keaType;
867     uint32                keaKeyBits;
868     /*
869      * exchKeyType and msWrapMech contain meaningful values only if
870      * ms_is_wrapped is true.
871      */
872     uint8                 ms_is_wrapped;
873     SSLKEAType            exchKeyType; /* XXX(wtc): same as keaType above? */
874     CK_MECHANISM_TYPE     msWrapMech;
875     uint16                ms_length;
876     SSL3Opaque            master_secret[48];
877     ClientIdentity        client_identity;
878     SECItem               peer_cert;
879     uint32                timestamp;
880 }  SessionTicket;
881 
882 /*
883  * SSL2 buffers used in SSL3.
884  *     writeBuf in the SecurityInfo maintained by sslsecur.c is used
885  *              to hold the data just about to be passed to the kernel
886  *     sendBuf in the ConnectInfo maintained by sslcon.c is used
887  *              to hold handshake messages as they are accumulated
888  */
889 
890 /*
891 ** This is "ci", as in "ss->sec.ci".
892 **
893 ** Protection:  All the variables in here are protected by
894 ** firstHandshakeLock AND (in ssl3) ssl3HandshakeLock
895 */
896 struct sslConnectInfoStr {
897     /* outgoing handshakes appended to this. */
898     sslBuffer       sendBuf;	                /*xmitBufLock*/ /* ssl 2 & 3 */
899 
900     PRIPv6Addr      peer;                                       /* ssl 2 & 3 */
901     unsigned short  port;                                       /* ssl 2 & 3 */
902 
903     sslSessionID   *sid;                                        /* ssl 2 & 3 */
904 
905     /* see CIS_HAVE defines below for the bit values in *elements. */
906     char            elements;					/* ssl2 only */
907     char            requiredElements;				/* ssl2 only */
908     char            sentElements;                               /* ssl2 only */
909 
910     char            sentFinished;                               /* ssl2 only */
911 
912     /* Length of server challenge.  Used by client when saving challenge */
913     int             serverChallengeLen;                         /* ssl2 only */
914     /* type of authentication requested by server */
915     unsigned char   authType;                                   /* ssl2 only */
916 
917     /* Challenge sent by client to server in client-hello message */
918     /* SSL3 gets a copy of this.  See ssl3_StartHandshakeHash().  */
919     unsigned char   clientChallenge[SSL_MAX_CHALLENGE_BYTES];   /* ssl 2 & 3 */
920 
921     /* Connection-id sent by server to client in server-hello message */
922     unsigned char   connectionID[SSL_CONNECTIONID_BYTES];	/* ssl2 only */
923 
924     /* Challenge sent by server to client in request-certificate message */
925     unsigned char   serverChallenge[SSL_MAX_CHALLENGE_BYTES];	/* ssl2 only */
926 
927     /* Information kept to handle a request-certificate message */
928     unsigned char   readKey[SSL_MAX_MASTER_KEY_BYTES];		/* ssl2 only */
929     unsigned char   writeKey[SSL_MAX_MASTER_KEY_BYTES];		/* ssl2 only */
930     unsigned        keySize;					/* ssl2 only */
931 };
932 
933 /* bit values for ci->elements, ci->requiredElements, sentElements. */
934 #define CIS_HAVE_MASTER_KEY		0x01
935 #define CIS_HAVE_CERTIFICATE		0x02
936 #define CIS_HAVE_FINISHED		0x04
937 #define CIS_HAVE_VERIFY			0x08
938 
939 /* Note: The entire content of this struct and whatever it points to gets
940  * blown away by SSL_ResetHandshake().  This is "sec" as in "ss->sec".
941  *
942  * Unless otherwise specified below, the contents of this struct are
943  * protected by firstHandshakeLock AND (in ssl3) ssl3HandshakeLock.
944  */
945 struct sslSecurityInfoStr {
946     sslSendFunc      send;			/*xmitBufLock*/	/* ssl 2 & 3 */
947     int              isServer;			/* Spec Lock?*/	/* ssl 2 & 3 */
948     sslBuffer        writeBuf;			/*xmitBufLock*/	/* ssl 2 & 3 */
949 
950     int              cipherType;				/* ssl 2 & 3 */
951     int              keyBits;					/* ssl 2 & 3 */
952     int              secretKeyBits;				/* ssl 2 & 3 */
953     CERTCertificate *localCert;					/* ssl 2 & 3 */
954     CERTCertificate *peerCert;					/* ssl 2 & 3 */
955     SECKEYPublicKey *peerKey;					/* ssl3 only */
956 
957     SSLSignType      authAlgorithm;
958     PRUint32         authKeyBits;
959     SSLKEAType       keaType;
960     PRUint32         keaKeyBits;
961 
962     /*
963     ** Procs used for SID cache (nonce) management.
964     ** Different implementations exist for clients/servers
965     ** The lookup proc is only used for servers.  Baloney!
966     */
967     sslSessionIDCacheFunc     cache;				/* ssl 2 & 3 */
968     sslSessionIDUncacheFunc   uncache;				/* ssl 2 & 3 */
969 
970     /*
971     ** everything below here is for ssl2 only.
972     ** This stuff is equivalent to SSL3's "spec", and is protected by the
973     ** same "Spec Lock" as used for SSL3's specs.
974     */
975     PRUint32           sendSequence;		/*xmitBufLock*/	/* ssl2 only */
976     PRUint32           rcvSequence;		/*recvBufLock*/	/* ssl2 only */
977 
978     /* Hash information; used for one-way-hash functions (MD2, MD5, etc.) */
979     const SECHashObject   *hash;		/* Spec Lock */ /* ssl2 only */
980     void            *hashcx;			/* Spec Lock */	/* ssl2 only */
981 
982     SECItem          sendSecret;		/* Spec Lock */	/* ssl2 only */
983     SECItem          rcvSecret;			/* Spec Lock */	/* ssl2 only */
984 
985     /* Session cypher contexts; one for each direction */
986     void            *readcx;			/* Spec Lock */	/* ssl2 only */
987     void            *writecx;			/* Spec Lock */	/* ssl2 only */
988     SSLCipher        enc;			/* Spec Lock */	/* ssl2 only */
989     SSLCipher        dec;			/* Spec Lock */	/* ssl2 only */
990     void           (*destroy)(void *, PRBool);	/* Spec Lock */	/* ssl2 only */
991 
992     /* Blocking information for the session cypher */
993     int              blockShift;		/* Spec Lock */	/* ssl2 only */
994     int              blockSize;			/* Spec Lock */	/* ssl2 only */
995 
996     /* These are used during a connection handshake */
997     sslConnectInfo   ci;					/* ssl 2 & 3 */
998 
999 };
1000 
1001 
1002 /*
1003 ** SSL Socket struct
1004 **
1005 ** Protection:  XXX
1006 */
1007 struct sslSocketStr {
1008     PRFileDesc *	fd;
1009 
1010     /* Pointer to operations vector for this socket */
1011     const sslSocketOps * ops;
1012 
1013     /* SSL socket options */
1014     sslOptions       opt;
1015 
1016     /* State flags */
1017     unsigned long    clientAuthRequested;
1018     unsigned long    delayDisabled;       /* Nagle delay disabled */
1019     unsigned long    firstHsDone;         /* first handshake is complete. */
1020     unsigned long    handshakeBegun;
1021     unsigned long    lastWriteBlocked;
1022     unsigned long    recvdCloseNotify;    /* received SSL EOF. */
1023     unsigned long    TCPconnected;
1024     unsigned long    appDataBuffered;
1025 
1026     /* version of the protocol to use */
1027     SSL3ProtocolVersion version;
1028     SSL3ProtocolVersion clientHelloVersion; /* version sent in client hello. */
1029 
1030     sslSecurityInfo  sec;		/* not a pointer any more */
1031 
1032     /* protected by firstHandshakeLock AND (in ssl3) ssl3HandshakeLock. */
1033     const char      *url;				/* ssl 2 & 3 */
1034 
1035     sslHandshakeFunc handshake;				/*firstHandshakeLock*/
1036     sslHandshakeFunc nextHandshake;			/*firstHandshakeLock*/
1037     sslHandshakeFunc securityHandshake;			/*firstHandshakeLock*/
1038 
1039     /* the following variable is only used with socks or other proxies. */
1040     char *           peerID;	/* String uniquely identifies target server. */
1041 
1042     unsigned char *  cipherSpecs;
1043     unsigned int     sizeCipherSpecs;
1044 const unsigned char *  preferredCipher;
1045 
1046     ssl3KeyPair *         stepDownKeyPair;	/* RSA step down keys */
1047 
1048     /* Callbacks */
1049     SSLAuthCertificate        authCertificate;
1050     void                     *authCertificateArg;
1051     SSLGetClientAuthData      getClientAuthData;
1052     void                     *getClientAuthDataArg;
1053     SSLBadCertHandler         handleBadCert;
1054     void                     *badCertArg;
1055     SSLHandshakeCallback      handshakeCallback;
1056     void                     *handshakeCallbackData;
1057     void                     *pkcs11PinArg;
1058 
1059     PRIntervalTime            rTimeout; /* timeout for NSPR I/O */
1060     PRIntervalTime            wTimeout; /* timeout for NSPR I/O */
1061     PRIntervalTime            cTimeout; /* timeout for NSPR I/O */
1062 
1063     PZLock *      recvLock;	/* lock against multiple reader threads. */
1064     PZLock *      sendLock;	/* lock against multiple sender threads. */
1065 
1066     PZMonitor *   recvBufLock;	/* locks low level recv buffers. */
1067     PZMonitor *   xmitBufLock;	/* locks low level xmit buffers. */
1068 
1069     /* Only one thread may operate on the socket until the initial handshake
1070     ** is complete.  This Monitor ensures that.  Since SSL2 handshake is
1071     ** only done once, this is also effectively the SSL2 handshake lock.
1072     */
1073     PZMonitor *   firstHandshakeLock;
1074 
1075     /* This monitor protects the ssl3 handshake state machine data.
1076     ** Only one thread (reader or writer) may be in the ssl3 handshake state
1077     ** machine at any time.  */
1078     PZMonitor *   ssl3HandshakeLock;
1079 
1080     /* reader/writer lock, protects the secret data needed to encrypt and MAC
1081     ** outgoing records, and to decrypt and MAC check incoming ciphertext
1082     ** records.  */
1083     NSSRWLock *   specLock;
1084 
1085     /* handle to perm cert db (and implicitly to the temp cert db) used
1086     ** with this socket.
1087     */
1088     CERTCertDBHandle * dbHandle;
1089 
1090     PRThread *  writerThread;   /* thread holds SSL_LOCK_WRITER lock */
1091 
1092     PRUint16	shutdownHow; 	/* See ssl_SHUTDOWN defines below. */
1093 
1094     PRUint16	allowedByPolicy;          /* copy of global policy bits. */
1095     PRUint16	maybeAllowedByPolicy;     /* copy of global policy bits. */
1096     PRUint16	chosenPreference;         /* SSL2 cipher preferences. */
1097 
1098     sslHandshakingType handshaking;
1099 
1100     /* Gather object used for gathering data */
1101     sslGather        gs;				/*recvBufLock*/
1102 
1103     sslBuffer        saveBuf;				/*xmitBufLock*/
1104     sslBuffer        pendingBuf;			/*xmitBufLock*/
1105 
1106     /* Configuration state for server sockets */
1107     /* server cert and key for each KEA type */
1108     sslServerCerts        serverCerts[kt_kea_size];
1109 
1110     ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED];
1111     ssl3KeyPair *         ephemeralECDHKeyPair; /* for ECDHE-* handshake */
1112 
1113     /* SSL3 state info.  Formerly was a pointer */
1114     ssl3State        ssl3;
1115 
1116     /*
1117      * TLS extension related data.
1118      */
1119     /* True when the current session is a stateless resume. */
1120     PRBool               statelessResume;
1121     TLSExtensionData     xtnData;
1122 };
1123 
1124 
1125 
1126 /* All the global data items declared here should be protected using the
1127 ** ssl_global_data_lock, which is a reader/writer lock.
1128 */
1129 extern NSSRWLock *             ssl_global_data_lock;
1130 extern char                    ssl_debug;
1131 extern char                    ssl_trace;
1132 extern FILE *                  ssl_trace_iob;
1133 extern CERTDistNames *         ssl3_server_ca_list;
1134 extern PRUint32                ssl_sid_timeout;
1135 extern PRUint32                ssl3_sid_timeout;
1136 extern PRBool                  ssl3_global_policy_some_restricted;
1137 
1138 extern const char * const      ssl_cipherName[];
1139 extern const char * const      ssl3_cipherName[];
1140 
1141 extern sslSessionIDLookupFunc  ssl_sid_lookup;
1142 extern sslSessionIDCacheFunc   ssl_sid_cache;
1143 extern sslSessionIDUncacheFunc ssl_sid_uncache;
1144 
1145 /************************************************************************/
1146 
1147 SEC_BEGIN_PROTOS
1148 
1149 /* Implementation of ops for default (non socks, non secure) case */
1150 extern int ssl_DefConnect(sslSocket *ss, const PRNetAddr *addr);
1151 extern PRFileDesc *ssl_DefAccept(sslSocket *ss, PRNetAddr *addr);
1152 extern int ssl_DefBind(sslSocket *ss, const PRNetAddr *addr);
1153 extern int ssl_DefListen(sslSocket *ss, int backlog);
1154 extern int ssl_DefShutdown(sslSocket *ss, int how);
1155 extern int ssl_DefClose(sslSocket *ss);
1156 extern int ssl_DefRecv(sslSocket *ss, unsigned char *buf, int len, int flags);
1157 extern int ssl_DefSend(sslSocket *ss, const unsigned char *buf,
1158 		       int len, int flags);
1159 extern int ssl_DefRead(sslSocket *ss, unsigned char *buf, int len);
1160 extern int ssl_DefWrite(sslSocket *ss, const unsigned char *buf, int len);
1161 extern int ssl_DefGetpeername(sslSocket *ss, PRNetAddr *name);
1162 extern int ssl_DefGetsockname(sslSocket *ss, PRNetAddr *name);
1163 extern int ssl_DefGetsockopt(sslSocket *ss, PRSockOption optname,
1164 			     void *optval, PRInt32 *optlen);
1165 extern int ssl_DefSetsockopt(sslSocket *ss, PRSockOption optname,
1166 			     const void *optval, PRInt32 optlen);
1167 
1168 /* Implementation of ops for socks only case */
1169 extern int ssl_SocksConnect(sslSocket *ss, const PRNetAddr *addr);
1170 extern PRFileDesc *ssl_SocksAccept(sslSocket *ss, PRNetAddr *addr);
1171 extern int ssl_SocksBind(sslSocket *ss, const PRNetAddr *addr);
1172 extern int ssl_SocksListen(sslSocket *ss, int backlog);
1173 extern int ssl_SocksGetsockname(sslSocket *ss, PRNetAddr *name);
1174 extern int ssl_SocksRecv(sslSocket *ss, unsigned char *buf, int len, int flags);
1175 extern int ssl_SocksSend(sslSocket *ss, const unsigned char *buf,
1176 			 int len, int flags);
1177 extern int ssl_SocksRead(sslSocket *ss, unsigned char *buf, int len);
1178 extern int ssl_SocksWrite(sslSocket *ss, const unsigned char *buf, int len);
1179 
1180 /* Implementation of ops for secure only case */
1181 extern int ssl_SecureConnect(sslSocket *ss, const PRNetAddr *addr);
1182 extern PRFileDesc *ssl_SecureAccept(sslSocket *ss, PRNetAddr *addr);
1183 extern int ssl_SecureRecv(sslSocket *ss, unsigned char *buf,
1184 			  int len, int flags);
1185 extern int ssl_SecureSend(sslSocket *ss, const unsigned char *buf,
1186 			  int len, int flags);
1187 extern int ssl_SecureRead(sslSocket *ss, unsigned char *buf, int len);
1188 extern int ssl_SecureWrite(sslSocket *ss, const unsigned char *buf, int len);
1189 extern int ssl_SecureShutdown(sslSocket *ss, int how);
1190 extern int ssl_SecureClose(sslSocket *ss);
1191 
1192 /* Implementation of ops for secure socks case */
1193 extern int ssl_SecureSocksConnect(sslSocket *ss, const PRNetAddr *addr);
1194 extern PRFileDesc *ssl_SecureSocksAccept(sslSocket *ss, PRNetAddr *addr);
1195 extern PRFileDesc *ssl_FindTop(sslSocket *ss);
1196 
1197 /* Gather funcs. */
1198 extern sslGather * ssl_NewGather(void);
1199 extern SECStatus   ssl_InitGather(sslGather *gs);
1200 extern void        ssl_DestroyGather(sslGather *gs);
1201 extern int         ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags);
1202 extern int         ssl2_GatherRecord(sslSocket *ss, int flags);
1203 extern SECStatus   ssl_GatherRecord1stHandshake(sslSocket *ss);
1204 
1205 extern SECStatus   ssl2_HandleClientHelloMessage(sslSocket *ss);
1206 extern SECStatus   ssl2_HandleServerHelloMessage(sslSocket *ss);
1207 extern int         ssl2_StartGatherBytes(sslSocket *ss, sslGather *gs,
1208                                          unsigned int count);
1209 
1210 extern SECStatus   ssl_CreateSecurityInfo(sslSocket *ss);
1211 extern SECStatus   ssl_CopySecurityInfo(sslSocket *ss, sslSocket *os);
1212 extern void        ssl_ResetSecurityInfo(sslSecurityInfo *sec, PRBool doMemset);
1213 extern void        ssl_DestroySecurityInfo(sslSecurityInfo *sec);
1214 
1215 extern sslSocket * ssl_DupSocket(sslSocket *old);
1216 
1217 extern void        ssl_PrintBuf(sslSocket *ss, const char *msg, const void *cp, int len);
1218 extern void        ssl_DumpMsg(sslSocket *ss, unsigned char *bp, unsigned len);
1219 
1220 extern int         ssl_SendSavedWriteData(sslSocket *ss);
1221 extern SECStatus ssl_SaveWriteData(sslSocket *ss,
1222                                    const void* p, unsigned int l);
1223 extern SECStatus ssl2_BeginClientHandshake(sslSocket *ss);
1224 extern SECStatus ssl2_BeginServerHandshake(sslSocket *ss);
1225 extern int       ssl_Do1stHandshake(sslSocket *ss);
1226 
1227 extern SECStatus sslBuffer_Grow(sslBuffer *b, unsigned int newLen);
1228 extern SECStatus sslBuffer_Append(sslBuffer *b, const void * data,
1229 		                  unsigned int len);
1230 
1231 extern void      ssl2_UseClearSendFunc(sslSocket *ss);
1232 extern void      ssl_ChooseSessionIDProcs(sslSecurityInfo *sec);
1233 
1234 extern sslSessionID *ssl3_NewSessionID(sslSocket *ss, PRBool is_server);
1235 extern sslSessionID *ssl_LookupSID(const PRIPv6Addr *addr, PRUint16 port,
1236                                    const char *peerID, const char *urlSvrName);
1237 extern void      ssl_FreeSID(sslSessionID *sid);
1238 
1239 extern int       ssl3_SendApplicationData(sslSocket *ss, const PRUint8 *in,
1240 				          int len, int flags);
1241 
1242 extern PRBool    ssl_FdIsBlocking(PRFileDesc *fd);
1243 
1244 extern PRBool    ssl_SocketIsBlocking(sslSocket *ss);
1245 
1246 extern void      ssl_SetAlwaysBlock(sslSocket *ss);
1247 
1248 extern SECStatus ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled);
1249 
1250 #define SSL_LOCK_READER(ss)		if (ss->recvLock) PZ_Lock(ss->recvLock)
1251 #define SSL_UNLOCK_READER(ss)		if (ss->recvLock) PZ_Unlock(ss->recvLock)
1252 #define SSL_LOCK_WRITER(ss)		if (ss->sendLock) PZ_Lock(ss->sendLock)
1253 #define SSL_UNLOCK_WRITER(ss)		if (ss->sendLock) PZ_Unlock(ss->sendLock)
1254 
1255 #define ssl_Get1stHandshakeLock(ss)     \
1256     { if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->firstHandshakeLock); }
1257 #define ssl_Release1stHandshakeLock(ss) \
1258     { if (!ss->opt.noLocks) PZ_ExitMonitor((ss)->firstHandshakeLock); }
1259 #define ssl_Have1stHandshakeLock(ss)    \
1260     (PZ_InMonitor((ss)->firstHandshakeLock))
1261 
1262 #define ssl_GetSSL3HandshakeLock(ss)	\
1263     { if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->ssl3HandshakeLock); }
1264 #define ssl_ReleaseSSL3HandshakeLock(ss) \
1265     { if (!ss->opt.noLocks) PZ_ExitMonitor((ss)->ssl3HandshakeLock); }
1266 #define ssl_HaveSSL3HandshakeLock(ss)	\
1267     (PZ_InMonitor((ss)->ssl3HandshakeLock))
1268 
1269 #define ssl_GetSpecReadLock(ss)		\
1270     { if (!ss->opt.noLocks) NSSRWLock_LockRead((ss)->specLock); }
1271 #define ssl_ReleaseSpecReadLock(ss)	\
1272     { if (!ss->opt.noLocks) NSSRWLock_UnlockRead((ss)->specLock); }
1273 
1274 #define ssl_GetSpecWriteLock(ss)	\
1275     { if (!ss->opt.noLocks) NSSRWLock_LockWrite((ss)->specLock); }
1276 #define ssl_ReleaseSpecWriteLock(ss)	\
1277     { if (!ss->opt.noLocks) NSSRWLock_UnlockWrite((ss)->specLock); }
1278 #define ssl_HaveSpecWriteLock(ss)	\
1279     (NSSRWLock_HaveWriteLock((ss)->specLock))
1280 
1281 #define ssl_GetRecvBufLock(ss)		\
1282     { if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->recvBufLock); }
1283 #define ssl_ReleaseRecvBufLock(ss)	\
1284     { if (!ss->opt.noLocks) PZ_ExitMonitor( (ss)->recvBufLock); }
1285 #define ssl_HaveRecvBufLock(ss)		\
1286     (PZ_InMonitor((ss)->recvBufLock))
1287 
1288 #define ssl_GetXmitBufLock(ss)		\
1289     { if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->xmitBufLock); }
1290 #define ssl_ReleaseXmitBufLock(ss)	\
1291     { if (!ss->opt.noLocks) PZ_ExitMonitor( (ss)->xmitBufLock); }
1292 #define ssl_HaveXmitBufLock(ss)		\
1293     (PZ_InMonitor((ss)->xmitBufLock))
1294 
1295 
1296 extern SECStatus ssl3_KeyAndMacDeriveBypass(ssl3CipherSpec * pwSpec,
1297 		    const unsigned char * cr, const unsigned char * sr,
1298 		    PRBool isTLS, PRBool isExport);
1299 extern  SECStatus ssl3_MasterKeyDeriveBypass( ssl3CipherSpec * pwSpec,
1300 		    const unsigned char * cr, const unsigned char * sr,
1301 		    const SECItem * pms, PRBool isTLS, PRBool isRSA);
1302 
1303 /* These functions are called from secnav, even though they're "private". */
1304 
1305 extern int ssl2_SendErrorMessage(struct sslSocketStr *ss, int error);
1306 extern int SSL_RestartHandshakeAfterServerCert(struct sslSocketStr *ss);
1307 extern int SSL_RestartHandshakeAfterCertReq(struct sslSocketStr *ss,
1308 					    CERTCertificate *cert,
1309 					    SECKEYPrivateKey *key,
1310 					    CERTCertificateList *certChain);
1311 extern sslSocket *ssl_FindSocket(PRFileDesc *fd);
1312 extern void ssl_FreeSocket(struct sslSocketStr *ssl);
1313 extern SECStatus SSL3_SendAlert(sslSocket *ss, SSL3AlertLevel level,
1314 				SSL3AlertDescription desc);
1315 
1316 extern int ssl2_RestartHandshakeAfterCertReq(sslSocket *          ss,
1317 					     CERTCertificate *    cert,
1318 					     SECKEYPrivateKey *   key);
1319 
1320 extern SECStatus ssl3_RestartHandshakeAfterCertReq(sslSocket *    ss,
1321 					     CERTCertificate *    cert,
1322 					     SECKEYPrivateKey *   key,
1323 					     CERTCertificateList *certChain);
1324 
1325 extern int ssl2_RestartHandshakeAfterServerCert(sslSocket *ss);
1326 extern int ssl3_RestartHandshakeAfterServerCert(sslSocket *ss);
1327 
1328 /*
1329  * for dealing with SSL 3.0 clients sending SSL 2.0 format hellos
1330  */
1331 extern SECStatus ssl3_HandleV2ClientHello(
1332     sslSocket *ss, unsigned char *buffer, int length);
1333 extern SECStatus ssl3_StartHandshakeHash(
1334     sslSocket *ss, unsigned char *buf, int length);
1335 
1336 /*
1337  * SSL3 specific routines
1338  */
1339 SECStatus ssl3_SendClientHello(sslSocket *ss);
1340 
1341 /*
1342  * input into the SSL3 machinery from the actualy network reading code
1343  */
1344 SECStatus ssl3_HandleRecord(
1345     sslSocket *ss, SSL3Ciphertext *cipher, sslBuffer *out);
1346 
1347 int ssl3_GatherAppDataRecord(sslSocket *ss, int flags);
1348 int ssl3_GatherCompleteHandshake(sslSocket *ss, int flags);
1349 /*
1350  * When talking to export clients or using export cipher suites, servers
1351  * with public RSA keys larger than 512 bits need to use a 512-bit public
1352  * key, signed by the larger key.  The smaller key is a "step down" key.
1353  * Generate that key pair and keep it around.
1354  */
1355 extern SECStatus ssl3_CreateRSAStepDownKeys(sslSocket *ss);
1356 
1357 #ifdef NSS_ENABLE_ECC
1358 extern void      ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss);
1359 extern PRBool    ssl3_IsECCEnabled(sslSocket *ss);
1360 extern SECStatus ssl3_DisableECCSuites(sslSocket * ss,
1361                                        const ssl3CipherSuite * suite);
1362 
1363 /* Macro for finding a curve equivalent in strength to RSA key's */
1364 #define SSL_RSASTRENGTH_TO_ECSTRENGTH(s) \
1365         ((s <= 1024) ? 160 \
1366 	  : ((s <= 2048) ? 224 \
1367 	    : ((s <= 3072) ? 256 \
1368 	      : ((s <= 7168) ? 384 : 521 ) ) ) )
1369 
1370 /* Types and names of elliptic curves used in TLS */
1371 typedef enum { ec_type_explicitPrime      = 1,
1372 	       ec_type_explicitChar2Curve = 2,
1373 	       ec_type_named
1374 } ECType;
1375 
1376 typedef enum { ec_noName     = 0,
1377 	       ec_sect163k1  = 1,
1378 	       ec_sect163r1  = 2,
1379 	       ec_sect163r2  = 3,
1380 	       ec_sect193r1  = 4,
1381 	       ec_sect193r2  = 5,
1382 	       ec_sect233k1  = 6,
1383 	       ec_sect233r1  = 7,
1384 	       ec_sect239k1  = 8,
1385 	       ec_sect283k1  = 9,
1386 	       ec_sect283r1  = 10,
1387 	       ec_sect409k1  = 11,
1388 	       ec_sect409r1  = 12,
1389 	       ec_sect571k1  = 13,
1390 	       ec_sect571r1  = 14,
1391 	       ec_secp160k1  = 15,
1392 	       ec_secp160r1  = 16,
1393 	       ec_secp160r2  = 17,
1394 	       ec_secp192k1  = 18,
1395 	       ec_secp192r1  = 19,
1396 	       ec_secp224k1  = 20,
1397 	       ec_secp224r1  = 21,
1398 	       ec_secp256k1  = 22,
1399 	       ec_secp256r1  = 23,
1400 	       ec_secp384r1  = 24,
1401 	       ec_secp521r1  = 25,
1402 	       ec_pastLastName
1403 } ECName;
1404 
1405 extern SECStatus ssl3_ECName2Params(PRArenaPool *arena, ECName curve,
1406 				   SECKEYECParams *params);
1407 ECName	ssl3_GetCurveWithECKeyStrength(PRUint32 curvemsk, int requiredECCbits);
1408 
1409 
1410 #endif /* NSS_ENABLE_ECC */
1411 
1412 extern SECStatus ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool on);
1413 extern SECStatus ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *on);
1414 extern SECStatus ssl2_CipherPrefSetDefault(PRInt32 which, PRBool enabled);
1415 extern SECStatus ssl2_CipherPrefGetDefault(PRInt32 which, PRBool *enabled);
1416 
1417 extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool on);
1418 extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *on);
1419 extern SECStatus ssl2_CipherPrefSet(sslSocket *ss, PRInt32 which, PRBool enabled);
1420 extern SECStatus ssl2_CipherPrefGet(sslSocket *ss, PRInt32 which, PRBool *enabled);
1421 
1422 extern SECStatus ssl3_SetPolicy(ssl3CipherSuite which, PRInt32 policy);
1423 extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy);
1424 extern SECStatus ssl2_SetPolicy(PRInt32 which, PRInt32 policy);
1425 extern SECStatus ssl2_GetPolicy(PRInt32 which, PRInt32 *policy);
1426 
1427 extern void      ssl2_InitSocketPolicy(sslSocket *ss);
1428 extern void      ssl3_InitSocketPolicy(sslSocket *ss);
1429 
1430 extern SECStatus ssl3_ConstructV2CipherSpecsHack(sslSocket *ss,
1431 						 unsigned char *cs, int *size);
1432 
1433 extern SECStatus ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache);
1434 
1435 extern void ssl3_DestroySSL3Info(sslSocket *ss);
1436 
1437 extern SECStatus ssl3_NegotiateVersion(sslSocket *ss,
1438                                        SSL3ProtocolVersion peerVersion);
1439 
1440 extern SECStatus ssl_GetPeerInfo(sslSocket *ss);
1441 
1442 #ifdef NSS_ENABLE_ECC
1443 /* ECDH functions */
1444 extern SECStatus ssl3_SendECDHClientKeyExchange(sslSocket * ss,
1445 			     SECKEYPublicKey * svrPubKey);
1446 extern SECStatus ssl3_HandleECDHServerKeyExchange(sslSocket *ss,
1447 					SSL3Opaque *b, PRUint32 length);
1448 extern SECStatus ssl3_HandleECDHClientKeyExchange(sslSocket *ss,
1449 				     SSL3Opaque *b, PRUint32 length,
1450                                      SECKEYPublicKey *srvrPubKey,
1451                                      SECKEYPrivateKey *srvrPrivKey);
1452 extern SECStatus ssl3_SendECDHServerKeyExchange(sslSocket *ss);
1453 #endif
1454 
1455 extern SECStatus ssl3_ComputeCommonKeyHash(PRUint8 * hashBuf,
1456 				unsigned int bufLen, SSL3Hashes *hashes,
1457 				PRBool bypassPKCS11);
1458 extern SECStatus ssl3_InitPendingCipherSpec(sslSocket *ss, PK11SymKey *pms);
1459 extern SECStatus ssl3_AppendHandshake(sslSocket *ss, const void *void_src,
1460 			PRInt32 bytes);
1461 extern SECStatus ssl3_AppendHandshakeHeader(sslSocket *ss,
1462 			SSL3HandshakeType t, PRUint32 length);
1463 extern SECStatus ssl3_AppendHandshakeNumber(sslSocket *ss, PRInt32 num,
1464 			PRInt32 lenSize);
1465 extern SECStatus ssl3_AppendHandshakeVariable( sslSocket *ss,
1466 			const SSL3Opaque *src, PRInt32 bytes, PRInt32 lenSize);
1467 extern SECStatus ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRInt32 bytes,
1468 			SSL3Opaque **b, PRUint32 *length);
1469 extern PRInt32   ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRInt32 bytes,
1470 			SSL3Opaque **b, PRUint32 *length);
1471 extern SECStatus ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i,
1472 			PRInt32 bytes, SSL3Opaque **b, PRUint32 *length);
1473 extern SECStatus ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key,
1474 			SECItem *buf, PRBool isTLS);
1475 extern SECStatus ssl3_VerifySignedHashes(SSL3Hashes *hash,
1476 			CERTCertificate *cert, SECItem *buf, PRBool isTLS,
1477 			void *pwArg);
1478 extern SECStatus ssl3_CacheWrappedMasterSecret(sslSocket *ss,
1479 			sslSessionID *sid, ssl3CipherSpec *spec,
1480 			SSL3KEAType effectiveExchKeyType);
1481 
1482 /* Functions that handle ClientHello and ServerHello extensions. */
1483 extern SECStatus ssl3_HandleServerNameXtn(sslSocket * ss,
1484 			PRUint16 ex_type, SECItem *data);
1485 extern SECStatus ssl3_HandleSupportedCurvesXtn(sslSocket * ss,
1486 			PRUint16 ex_type, SECItem *data);
1487 extern SECStatus ssl3_HandleSupportedPointFormatsXtn(sslSocket * ss,
1488 			PRUint16 ex_type, SECItem *data);
1489 extern SECStatus ssl3_ClientHandleSessionTicketXtn(sslSocket *ss,
1490 			PRUint16 ex_type, SECItem *data);
1491 extern SECStatus ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss,
1492 			PRUint16 ex_type, SECItem *data);
1493 extern SECStatus ssl3_ServerHandleSessionTicketXtn(sslSocket *ss,
1494 			PRUint16 ex_type, SECItem *data);
1495 extern SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss,
1496 			PRUint16 ex_type, SECItem *data);
1497 
1498 /* ClientHello and ServerHello extension senders.
1499  * Note that not all extension senders are exposed here; only those that
1500  * that need exposure.
1501  */
1502 extern PRInt32 ssl3_SendSessionTicketXtn(sslSocket *ss, PRBool append,
1503 			PRUint32 maxBytes);
1504 #ifdef NSS_ENABLE_ECC
1505 extern PRInt32 ssl3_SendSupportedCurvesXtn(sslSocket *ss,
1506 			PRBool append, PRUint32 maxBytes);
1507 extern PRInt32 ssl3_SendSupportedPointFormatsXtn(sslSocket *ss,
1508 			PRBool append, PRUint32 maxBytes);
1509 #endif
1510 extern PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append,
1511 					       PRUint32 maxBytes);
1512 extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char* data,
1513 					    unsigned short length);
1514 
1515 /* call the registered extension handlers. */
1516 extern SECStatus ssl3_HandleHelloExtensions(sslSocket *ss,
1517 			SSL3Opaque **b, PRUint32 *length);
1518 
1519 /* Hello Extension related routines. */
1520 extern PRBool ssl3_ExtensionNegotiated(sslSocket *ss, PRUint16 ex_type);
1521 extern SECStatus ssl3_SetSIDSessionTicket(sslSessionID *sid,
1522 			NewSessionTicket *session_ticket);
1523 extern SECStatus ssl3_SendNewSessionTicket(sslSocket *ss);
1524 extern PRBool ssl_GetSessionTicketKeys(unsigned char *keyName,
1525 			unsigned char *encKey, unsigned char *macKey);
1526 extern PRBool ssl_GetSessionTicketKeysPKCS11(SECKEYPrivateKey *svrPrivKey,
1527 			SECKEYPublicKey *svrPubKey, void *pwArg,
1528 			unsigned char *keyName, PK11SymKey **aesKey,
1529 			PK11SymKey **macKey);
1530 
1531 /* Tell clients to consider tickets valid for this long. */
1532 #define TLS_EX_SESS_TICKET_LIFETIME_HINT    (2 * 24 * 60 * 60) /* 2 days */
1533 #define TLS_EX_SESS_TICKET_VERSION          (0x0100)
1534 
1535 /* Construct a new NSPR socket for the app to use */
1536 extern PRFileDesc *ssl_NewPRSocket(sslSocket *ss, PRFileDesc *fd);
1537 extern void ssl_FreePRSocket(PRFileDesc *fd);
1538 
1539 /* Internal config function so SSL2 can initialize the present state of
1540  * various ciphers */
1541 extern int ssl3_config_match_init(sslSocket *);
1542 
1543 
1544 /* Create a new ref counted key pair object from two keys. */
1545 extern ssl3KeyPair * ssl3_NewKeyPair( SECKEYPrivateKey * privKey,
1546                                       SECKEYPublicKey * pubKey);
1547 
1548 /* get a new reference (bump ref count) to an ssl3KeyPair. */
1549 extern ssl3KeyPair * ssl3_GetKeyPairRef(ssl3KeyPair * keyPair);
1550 
1551 /* Decrement keypair's ref count and free if zero. */
1552 extern void ssl3_FreeKeyPair(ssl3KeyPair * keyPair);
1553 
1554 /* calls for accessing wrapping keys across processes. */
1555 extern PRBool
1556 ssl_GetWrappingKey( PRInt32                   symWrapMechIndex,
1557                     SSL3KEAType               exchKeyType,
1558 		    SSLWrappedSymWrappingKey *wswk);
1559 
1560 /* The caller passes in the new value it wants
1561  * to set.  This code tests the wrapped sym key entry in the file on disk.
1562  * If it is uninitialized, this function writes the caller's value into
1563  * the disk entry, and returns false.
1564  * Otherwise, it overwrites the caller's wswk with the value obtained from
1565  * the disk, and returns PR_TRUE.
1566  * This is all done while holding the locks/semaphores necessary to make
1567  * the operation atomic.
1568  */
1569 extern PRBool
1570 ssl_SetWrappingKey(SSLWrappedSymWrappingKey *wswk);
1571 
1572 /* get rid of the symmetric wrapping key references. */
1573 extern SECStatus SSL3_ShutdownServerCache(void);
1574 
1575 extern SECStatus ssl_InitSymWrapKeysLock(void);
1576 
1577 extern SECStatus ssl_FreeSymWrapKeysLock(void);
1578 
1579 extern SECStatus ssl_InitSessionCacheLocks(PRBool lazyInit);
1580 
1581 extern SECStatus ssl_FreeSessionCacheLocks(void);
1582 
1583 
1584 /********************** misc calls *********************/
1585 
1586 extern int ssl_MapLowLevelError(int hiLevelError);
1587 
1588 extern PRUint32 ssl_Time(void);
1589 
1590 extern void SSL_AtomicIncrementLong(long * x);
1591 
1592 SECStatus SSL_DisableDefaultExportCipherSuites(void);
1593 SECStatus SSL_DisableExportCipherSuites(PRFileDesc * fd);
1594 PRBool    SSL_IsExportCipherSuite(PRUint16 cipherSuite);
1595 
1596 
1597 #ifdef TRACE
1598 #define SSL_TRACE(msg) ssl_Trace msg
1599 #else
1600 #define SSL_TRACE(msg)
1601 #endif
1602 
1603 void ssl_Trace(const char *format, ...);
1604 
1605 SEC_END_PROTOS
1606 
1607 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS)
1608 #define SSL_GETPID getpid
1609 #elif defined(_WIN32_WCE)
1610 #define SSL_GETPID GetCurrentProcessId
1611 #elif defined(WIN32)
1612 extern int __cdecl _getpid(void);
1613 #define SSL_GETPID _getpid
1614 #else
1615 #define SSL_GETPID() 0
1616 #endif
1617 
1618 #endif /* __sslimpl_h_ */
1619