1 /* 2 * This file is PRIVATE to SSL and should be the first thing included by 3 * any SSL implementation file. 4 * 5 * ***** BEGIN LICENSE BLOCK ***** 6 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 7 * 8 * The contents of this file are subject to the Mozilla Public License Version 9 * 1.1 (the "License"); you may not use this file except in compliance with 10 * the License. You may obtain a copy of the License at 11 * http://www.mozilla.org/MPL/ 12 * 13 * Software distributed under the License is distributed on an "AS IS" basis, 14 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License 15 * for the specific language governing rights and limitations under the 16 * License. 17 * 18 * The Original Code is the Netscape security libraries. 19 * 20 * The Initial Developer of the Original Code is 21 * Netscape Communications Corporation. 22 * Portions created by the Initial Developer are Copyright (C) 1994-2000 23 * the Initial Developer. All Rights Reserved. 24 * 25 * Contributor(s): 26 * Dr Stephen Henson <stephen.henson@gemplus.com> 27 * Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories 28 * 29 * Alternatively, the contents of this file may be used under the terms of 30 * either the GNU General Public License Version 2 or later (the "GPL"), or 31 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), 32 * in which case the provisions of the GPL or the LGPL are applicable instead 33 * of those above. If you wish to allow use of your version of this file only 34 * under the terms of either the GPL or the LGPL, and not to allow others to 35 * use your version of this file under the terms of the MPL, indicate your 36 * decision by deleting the provisions above and replace them with the notice 37 * and other provisions required by the GPL or the LGPL. If you do not delete 38 * the provisions above, a recipient may use your version of this file under 39 * the terms of any one of the MPL, the GPL or the LGPL. 40 * 41 * ***** END LICENSE BLOCK ***** */ 42 /* $Id: sslimpl.h,v 1.70 2009/11/21 03:40:49 wtc%google.com Exp $ */ 43 44 #ifndef __sslimpl_h_ 45 #define __sslimpl_h_ 46 47 #ifdef DEBUG 48 #undef NDEBUG 49 #else 50 #undef NDEBUG 51 #define NDEBUG 52 #endif 53 #include "secport.h" 54 #include "secerr.h" 55 #include "sslerr.h" 56 #include "ssl3prot.h" 57 #include "hasht.h" 58 #include "nssilock.h" 59 #include "pkcs11t.h" 60 #if defined(XP_UNIX) || defined(XP_BEOS) 61 #include "unistd.h" 62 #endif 63 #include "nssrwlk.h" 64 #include "prthread.h" 65 66 #include "sslt.h" /* for some formerly private types, now public */ 67 68 /* to make some of these old enums public without namespace pollution, 69 ** it was necessary to prepend ssl_ to the names. 70 ** These #defines preserve compatibility with the old code here in libssl. 71 */ 72 typedef SSLKEAType SSL3KEAType; 73 typedef SSLMACAlgorithm SSL3MACAlgorithm; 74 typedef SSLSignType SSL3SignType; 75 76 #define sign_null ssl_sign_null 77 #define sign_rsa ssl_sign_rsa 78 #define sign_dsa ssl_sign_dsa 79 #define sign_ecdsa ssl_sign_ecdsa 80 81 #define calg_null ssl_calg_null 82 #define calg_rc4 ssl_calg_rc4 83 #define calg_rc2 ssl_calg_rc2 84 #define calg_des ssl_calg_des 85 #define calg_3des ssl_calg_3des 86 #define calg_idea ssl_calg_idea 87 #define calg_fortezza ssl_calg_fortezza /* deprecated, must preserve */ 88 #define calg_aes ssl_calg_aes 89 #define calg_camellia ssl_calg_camellia 90 #define calg_seed ssl_calg_seed 91 92 #define mac_null ssl_mac_null 93 #define mac_md5 ssl_mac_md5 94 #define mac_sha ssl_mac_sha 95 #define hmac_md5 ssl_hmac_md5 96 #define hmac_sha ssl_hmac_sha 97 98 #define SET_ERROR_CODE /* reminder */ 99 #define SEND_ALERT /* reminder */ 100 #define TEST_FOR_FAILURE /* reminder */ 101 #define DEAL_WITH_FAILURE /* reminder */ 102 103 #if defined(DEBUG) || defined(TRACE) 104 #ifdef __cplusplus 105 #define Debug 1 106 #else 107 extern int Debug; 108 #endif 109 #else 110 #undef Debug 111 #endif 112 113 #if defined(DEBUG) && !defined(TRACE) && !defined(NISCC_TEST) 114 #define TRACE 115 #endif 116 117 #ifdef TRACE 118 #define SSL_TRC(a,b) if (ssl_trace >= (a)) ssl_Trace b 119 #define PRINT_BUF(a,b) if (ssl_trace >= (a)) ssl_PrintBuf b 120 #define DUMP_MSG(a,b) if (ssl_trace >= (a)) ssl_DumpMsg b 121 #else 122 #define SSL_TRC(a,b) 123 #define PRINT_BUF(a,b) 124 #define DUMP_MSG(a,b) 125 #endif 126 127 #ifdef DEBUG 128 #define SSL_DBG(b) if (ssl_debug) ssl_Trace b 129 #else 130 #define SSL_DBG(b) 131 #endif 132 133 #ifdef macintosh 134 #include "pprthred.h" 135 #else 136 #include "private/pprthred.h" /* for PR_InMonitor() */ 137 #endif 138 #define ssl_InMonitor(m) PZ_InMonitor(m) 139 140 #define LSB(x) ((unsigned char) (x & 0xff)) 141 #define MSB(x) ((unsigned char) (((unsigned)(x)) >> 8)) 142 143 /************************************************************************/ 144 145 typedef enum { SSLAppOpRead = 0, 146 SSLAppOpWrite, 147 SSLAppOpRDWR, 148 SSLAppOpPost, 149 SSLAppOpHeader 150 } SSLAppOperation; 151 152 #define SSL_MIN_MASTER_KEY_BYTES 5 153 #define SSL_MAX_MASTER_KEY_BYTES 64 154 155 #define SSL2_SESSIONID_BYTES 16 156 #define SSL3_SESSIONID_BYTES 32 157 158 #define SSL_MIN_CHALLENGE_BYTES 16 159 #define SSL_MAX_CHALLENGE_BYTES 32 160 #define SSL_CHALLENGE_BYTES 16 161 162 #define SSL_CONNECTIONID_BYTES 16 163 164 #define SSL_MIN_CYPHER_ARG_BYTES 0 165 #define SSL_MAX_CYPHER_ARG_BYTES 32 166 167 #define SSL_MAX_MAC_BYTES 16 168 169 #define SSL3_RSA_PMS_LENGTH 48 170 #define SSL3_MASTER_SECRET_LENGTH 48 171 172 /* number of wrap mechanisms potentially used to wrap master secrets. */ 173 #define SSL_NUM_WRAP_MECHS 16 174 175 /* This makes the cert cache entry exactly 4k. */ 176 #define SSL_MAX_CACHED_CERT_LEN 4060 177 178 #define NUM_MIXERS 9 179 180 /* Mask of the 25 named curves we support. */ 181 #ifndef NSS_ECC_MORE_THAN_SUITE_B 182 #define SSL3_SUPPORTED_CURVES_MASK 0x3800000 /* only 3 curves, suite B*/ 183 #else 184 #define SSL3_SUPPORTED_CURVES_MASK 0x3fffffe 185 #endif 186 187 #ifndef BPB 188 #define BPB 8 /* Bits Per Byte */ 189 #endif 190 191 #define EXPORT_RSA_KEY_LENGTH 64 /* bytes */ 192 193 typedef struct sslBufferStr sslBuffer; 194 typedef struct sslConnectInfoStr sslConnectInfo; 195 typedef struct sslGatherStr sslGather; 196 typedef struct sslSecurityInfoStr sslSecurityInfo; 197 typedef struct sslSessionIDStr sslSessionID; 198 typedef struct sslSocketStr sslSocket; 199 typedef struct sslSocketOpsStr sslSocketOps; 200 201 typedef struct ssl3StateStr ssl3State; 202 typedef struct ssl3CertNodeStr ssl3CertNode; 203 typedef struct ssl3BulkCipherDefStr ssl3BulkCipherDef; 204 typedef struct ssl3MACDefStr ssl3MACDef; 205 typedef struct ssl3KeyPairStr ssl3KeyPair; 206 207 struct ssl3CertNodeStr { 208 struct ssl3CertNodeStr *next; 209 CERTCertificate * cert; 210 }; 211 212 typedef SECStatus (*sslHandshakeFunc)(sslSocket *ss); 213 214 /* This type points to the low layer send func, 215 ** e.g. ssl2_SendStream or ssl3_SendPlainText. 216 ** These functions return the same values as PR_Send, 217 ** i.e. >= 0 means number of bytes sent, < 0 means error. 218 */ 219 typedef PRInt32 (*sslSendFunc)(sslSocket *ss, const unsigned char *buf, 220 PRInt32 n, PRInt32 flags); 221 222 typedef void (*sslSessionIDCacheFunc) (sslSessionID *sid); 223 typedef void (*sslSessionIDUncacheFunc)(sslSessionID *sid); 224 typedef sslSessionID *(*sslSessionIDLookupFunc)(const PRIPv6Addr *addr, 225 unsigned char* sid, 226 unsigned int sidLen, 227 CERTCertDBHandle * dbHandle); 228 229 /* registerable callback function that either appends extension to buffer 230 * or returns length of data that it would have appended. 231 */ 232 typedef PRInt32 (*ssl3HelloExtensionSenderFunc)(sslSocket *ss, PRBool append, 233 PRUint32 maxBytes); 234 235 /* registerable callback function that handles a received extension, 236 * of the given type. 237 */ 238 typedef SECStatus (* ssl3HelloExtensionHandlerFunc)(sslSocket *ss, 239 PRUint16 ex_type, 240 SECItem * data); 241 242 /* row in a table of hello extension senders */ 243 typedef struct { 244 PRInt32 ex_type; 245 ssl3HelloExtensionSenderFunc ex_sender; 246 } ssl3HelloExtensionSender; 247 248 /* row in a table of hello extension handlers */ 249 typedef struct { 250 PRInt32 ex_type; 251 ssl3HelloExtensionHandlerFunc ex_handler; 252 } ssl3HelloExtensionHandler; 253 254 extern SECStatus 255 ssl3_RegisterServerHelloExtensionSender(sslSocket *ss, PRUint16 ex_type, 256 ssl3HelloExtensionSenderFunc cb); 257 258 extern PRInt32 259 ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes, 260 const ssl3HelloExtensionSender *sender); 261 262 /* Socket ops */ 263 struct sslSocketOpsStr { 264 int (*connect) (sslSocket *, const PRNetAddr *); 265 PRFileDesc *(*accept) (sslSocket *, PRNetAddr *); 266 int (*bind) (sslSocket *, const PRNetAddr *); 267 int (*listen) (sslSocket *, int); 268 int (*shutdown)(sslSocket *, int); 269 int (*close) (sslSocket *); 270 271 int (*recv) (sslSocket *, unsigned char *, int, int); 272 273 /* points to the higher-layer send func, e.g. ssl_SecureSend. */ 274 int (*send) (sslSocket *, const unsigned char *, int, int); 275 int (*read) (sslSocket *, unsigned char *, int); 276 int (*write) (sslSocket *, const unsigned char *, int); 277 278 int (*getpeername)(sslSocket *, PRNetAddr *); 279 int (*getsockname)(sslSocket *, PRNetAddr *); 280 }; 281 282 /* Flags interpreted by ssl send functions. */ 283 #define ssl_SEND_FLAG_FORCE_INTO_BUFFER 0x40000000 284 #define ssl_SEND_FLAG_NO_BUFFER 0x20000000 285 #define ssl_SEND_FLAG_MASK 0x7f000000 286 287 /* 288 ** A buffer object. 289 */ 290 struct sslBufferStr { 291 unsigned char * buf; 292 unsigned int len; 293 unsigned int space; 294 }; 295 296 /* 297 ** SSL3 cipher suite policy and preference struct. 298 */ 299 typedef struct { 300 #if !defined(_WIN32) 301 unsigned int cipher_suite : 16; 302 unsigned int policy : 8; 303 unsigned int enabled : 1; 304 unsigned int isPresent : 1; 305 #else 306 ssl3CipherSuite cipher_suite; 307 PRUint8 policy; 308 unsigned char enabled : 1; 309 unsigned char isPresent : 1; 310 #endif 311 } ssl3CipherSuiteCfg; 312 313 #ifdef NSS_ENABLE_ECC 314 #define ssl_V3_SUITES_IMPLEMENTED 50 315 #else 316 #define ssl_V3_SUITES_IMPLEMENTED 30 317 #endif /* NSS_ENABLE_ECC */ 318 319 typedef struct sslOptionsStr { 320 /* For clients, this is a validated list of protocols in preference order 321 * and wire format. For servers, this is the list of support protocols, 322 * also in wire format. */ 323 SECItem nextProtoNego; 324 325 unsigned int useSecurity : 1; /* 1 */ 326 unsigned int useSocks : 1; /* 2 */ 327 unsigned int requestCertificate : 1; /* 3 */ 328 unsigned int requireCertificate : 2; /* 4-5 */ 329 unsigned int handshakeAsClient : 1; /* 6 */ 330 unsigned int handshakeAsServer : 1; /* 7 */ 331 unsigned int enableSSL2 : 1; /* 8 */ 332 unsigned int enableSSL3 : 1; /* 9 */ 333 unsigned int enableTLS : 1; /* 10 */ 334 unsigned int noCache : 1; /* 11 */ 335 unsigned int fdx : 1; /* 12 */ 336 unsigned int v2CompatibleHello : 1; /* 13 */ 337 unsigned int detectRollBack : 1; /* 14 */ 338 unsigned int noStepDown : 1; /* 15 */ 339 unsigned int bypassPKCS11 : 1; /* 16 */ 340 unsigned int noLocks : 1; /* 17 */ 341 unsigned int enableSessionTickets : 1; /* 18 */ 342 unsigned int enableDeflate : 1; /* 19 */ 343 unsigned int enableRenegotiation : 2; /* 20-21 */ 344 unsigned int requireSafeNegotiation : 1; /* 22 */ 345 } sslOptions; 346 347 typedef enum { sslHandshakingUndetermined = 0, 348 sslHandshakingAsClient, 349 sslHandshakingAsServer 350 } sslHandshakingType; 351 352 typedef struct sslServerCertsStr { 353 /* Configuration state for server sockets */ 354 CERTCertificate * serverCert; 355 CERTCertificateList * serverCertChain; 356 ssl3KeyPair * serverKeyPair; 357 unsigned int serverKeyBits; 358 } sslServerCerts; 359 360 #define SERVERKEY serverKeyPair->privKey 361 362 #define SSL_LOCK_RANK_SPEC 255 363 #define SSL_LOCK_RANK_GLOBAL NSS_RWLOCK_RANK_NONE 364 365 /* These are the valid values for shutdownHow. 366 ** These values are each 1 greater than the NSPR values, and the code 367 ** depends on that relation to efficiently convert PR_SHUTDOWN values 368 ** into ssl_SHUTDOWN values. These values use one bit for read, and 369 ** another bit for write, and can be used as bitmasks. 370 */ 371 #define ssl_SHUTDOWN_NONE 0 /* NOT shutdown at all */ 372 #define ssl_SHUTDOWN_RCV 1 /* PR_SHUTDOWN_RCV +1 */ 373 #define ssl_SHUTDOWN_SEND 2 /* PR_SHUTDOWN_SEND +1 */ 374 #define ssl_SHUTDOWN_BOTH 3 /* PR_SHUTDOWN_BOTH +1 */ 375 376 /* 377 ** A gather object. Used to read some data until a count has been 378 ** satisfied. Primarily for support of async sockets. 379 ** Everything in here is protected by the recvBufLock. 380 */ 381 struct sslGatherStr { 382 int state; /* see GS_ values below. */ /* ssl 2 & 3 */ 383 384 /* "buf" holds received plaintext SSL records, after decrypt and MAC check. 385 * SSL2: recv'd ciphertext records are put here, then decrypted in place. 386 * SSL3: recv'd ciphertext records are put in inbuf (see below), then 387 * decrypted into buf. 388 */ 389 sslBuffer buf; /*recvBufLock*/ /* ssl 2 & 3 */ 390 391 /* number of bytes previously read into hdr or buf(ssl2) or inbuf (ssl3). 392 ** (offset - writeOffset) is the number of ciphertext bytes read in but 393 ** not yet deciphered. 394 */ 395 unsigned int offset; /* ssl 2 & 3 */ 396 397 /* number of bytes to read in next call to ssl_DefRecv (recv) */ 398 unsigned int remainder; /* ssl 2 & 3 */ 399 400 /* Number of ciphertext bytes to read in after 2-byte SSL record header. */ 401 unsigned int count; /* ssl2 only */ 402 403 /* size of the final plaintext record. 404 ** == count - (recordPadding + MAC size) 405 */ 406 unsigned int recordLen; /* ssl2 only */ 407 408 /* number of bytes of padding to be removed after decrypting. */ 409 /* This value is taken from the record's hdr[2], which means a too large 410 * value could crash us. 411 */ 412 unsigned int recordPadding; /* ssl2 only */ 413 414 /* plaintext DATA begins this many bytes into "buf". */ 415 unsigned int recordOffset; /* ssl2 only */ 416 417 int encrypted; /* SSL2 session is now encrypted. ssl2 only */ 418 419 /* These next two values are used by SSL2 and SSL3. 420 ** DoRecv uses them to extract application data. 421 ** The difference between writeOffset and readOffset is the amount of 422 ** data available to the application. Note that the actual offset of 423 ** the data in "buf" is recordOffset (above), not readOffset. 424 ** In the current implementation, this is made available before the 425 ** MAC is checked!! 426 */ 427 unsigned int readOffset; /* Spot where DATA reader (e.g. application 428 ** or handshake code) will read next. 429 ** Always zero for SSl3 application data. 430 */ 431 /* offset in buf/inbuf/hdr into which new data will be read from socket. */ 432 unsigned int writeOffset; 433 434 /* Buffer for ssl3 to read (encrypted) data from the socket */ 435 sslBuffer inbuf; /*recvBufLock*/ /* ssl3 only */ 436 437 /* The ssl[23]_GatherData functions read data into this buffer, rather 438 ** than into buf or inbuf, while in the GS_HEADER state. 439 ** The portion of the SSL record header put here always comes off the wire 440 ** as plaintext, never ciphertext. 441 ** For SSL2, the plaintext portion is two bytes long. For SSl3 it is 5. 442 */ 443 unsigned char hdr[5]; /* ssl 2 & 3 */ 444 }; 445 446 /* sslGather.state */ 447 #define GS_INIT 0 448 #define GS_HEADER 1 449 #define GS_MAC 2 450 #define GS_DATA 3 451 #define GS_PAD 4 452 453 typedef SECStatus (*SSLCipher)(void * context, 454 unsigned char * out, 455 int * outlen, 456 int maxout, 457 const unsigned char *in, 458 int inlen); 459 typedef SECStatus (*SSLCompressor)(void * context, 460 unsigned char * out, 461 int * outlen, 462 int maxout, 463 const unsigned char *in, 464 int inlen); 465 typedef SECStatus (*SSLDestroy)(void *context, PRBool freeit); 466 467 468 469 /* 470 ** ssl3State and CipherSpec structs 471 */ 472 473 /* The SSL bulk cipher definition */ 474 typedef enum { 475 cipher_null, 476 cipher_rc4, 477 cipher_rc4_40, 478 cipher_rc4_56, 479 cipher_rc2, 480 cipher_rc2_40, 481 cipher_des, 482 cipher_3des, 483 cipher_des40, 484 cipher_idea, 485 cipher_aes_128, 486 cipher_aes_256, 487 cipher_camellia_128, 488 cipher_camellia_256, 489 cipher_seed, 490 cipher_missing /* reserved for no such supported cipher */ 491 /* This enum must match ssl3_cipherName[] in ssl3con.c. */ 492 } SSL3BulkCipher; 493 494 typedef enum { type_stream, type_block } CipherType; 495 496 #define MAX_IV_LENGTH 64 497 498 /* 499 * Do not depend upon 64 bit arithmetic in the underlying machine. 500 */ 501 typedef struct { 502 PRUint32 high; 503 PRUint32 low; 504 } SSL3SequenceNumber; 505 506 #define MAX_MAC_CONTEXT_BYTES 400 507 #define MAX_MAC_CONTEXT_LLONGS (MAX_MAC_CONTEXT_BYTES / 8) 508 509 #define MAX_CIPHER_CONTEXT_BYTES 2080 510 #define MAX_CIPHER_CONTEXT_LLONGS (MAX_CIPHER_CONTEXT_BYTES / 8) 511 512 typedef struct { 513 SSL3Opaque client_write_iv [24]; 514 SSL3Opaque server_write_iv [24]; 515 SSL3Opaque wrapped_master_secret [48]; 516 PRUint16 wrapped_master_secret_len; 517 PRUint8 msIsWrapped; 518 PRUint8 resumable; 519 } ssl3SidKeys; /* 100 bytes */ 520 521 typedef struct { 522 PK11SymKey *write_key; 523 PK11SymKey *write_mac_key; 524 PK11Context *write_mac_context; 525 SECItem write_key_item; 526 SECItem write_iv_item; 527 SECItem write_mac_key_item; 528 SSL3Opaque write_iv[MAX_IV_LENGTH]; 529 PRUint64 cipher_context[MAX_CIPHER_CONTEXT_LLONGS]; 530 } ssl3KeyMaterial; 531 532 /* 533 ** These are the "specs" in the "ssl3" struct. 534 ** Access to the pointers to these specs, and all the specs' contents 535 ** (direct and indirect) is protected by the reader/writer lock ss->specLock. 536 */ 537 typedef struct { 538 const ssl3BulkCipherDef *cipher_def; 539 const ssl3MACDef * mac_def; 540 SSLCompressionMethod compression_method; 541 int mac_size; 542 SSLCipher encode; 543 SSLCipher decode; 544 SSLDestroy destroy; 545 void * encodeContext; 546 void * decodeContext; 547 SSLCompressor compressor; /* Don't name these fields compress */ 548 SSLCompressor decompressor; /* and uncompress because zconf.h */ 549 /* may define them as macros. */ 550 SSLDestroy destroyCompressContext; 551 void * compressContext; 552 SSLDestroy destroyDecompressContext; 553 void * decompressContext; 554 PRBool bypassCiphers; /* did double bypass (at least) */ 555 PK11SymKey * master_secret; 556 SSL3SequenceNumber write_seq_num; 557 SSL3SequenceNumber read_seq_num; 558 SSL3ProtocolVersion version; 559 ssl3KeyMaterial client; 560 ssl3KeyMaterial server; 561 SECItem msItem; 562 unsigned char key_block[NUM_MIXERS * MD5_LENGTH]; 563 unsigned char raw_master_secret[56]; 564 } ssl3CipherSpec; 565 566 typedef enum { never_cached, 567 in_client_cache, 568 in_server_cache, 569 invalid_cache /* no longer in any cache. */ 570 } Cached; 571 572 struct sslSessionIDStr { 573 sslSessionID * next; /* chain used for client sockets, only */ 574 575 CERTCertificate * peerCert; 576 const char * peerID; /* client only */ 577 const char * urlSvrName; /* client only */ 578 CERTCertificate * localCert; 579 580 PRIPv6Addr addr; 581 PRUint16 port; 582 583 SSL3ProtocolVersion version; 584 585 PRUint32 creationTime; /* seconds since Jan 1, 1970 */ 586 PRUint32 lastAccessTime; /* seconds since Jan 1, 1970 */ 587 PRUint32 expirationTime; /* seconds since Jan 1, 1970 */ 588 Cached cached; 589 int references; 590 591 SSLSignType authAlgorithm; 592 PRUint32 authKeyBits; 593 SSLKEAType keaType; 594 PRUint32 keaKeyBits; 595 596 union { 597 struct { 598 /* the V2 code depends upon the size of sessionID. */ 599 unsigned char sessionID[SSL2_SESSIONID_BYTES]; 600 601 /* Stuff used to recreate key and read/write cipher objects */ 602 SECItem masterKey; /* never wrapped */ 603 int cipherType; 604 SECItem cipherArg; 605 int keyBits; 606 int secretKeyBits; 607 } ssl2; 608 struct { 609 /* values that are copied into the server's on-disk SID cache. */ 610 uint8 sessionIDLength; 611 SSL3Opaque sessionID[SSL3_SESSIONID_BYTES]; 612 613 ssl3CipherSuite cipherSuite; 614 SSLCompressionMethod compression; 615 int policy; 616 ssl3SidKeys keys; 617 CK_MECHANISM_TYPE masterWrapMech; 618 /* mechanism used to wrap master secret */ 619 SSL3KEAType exchKeyType; 620 /* key type used in exchange algorithm, 621 * and to wrap the sym wrapping key. */ 622 #ifdef NSS_ENABLE_ECC 623 PRUint32 negotiatedECCurves; 624 #endif /* NSS_ENABLE_ECC */ 625 626 /* The following values are NOT restored from the server's on-disk 627 * session cache, but are restored from the client's cache. 628 */ 629 PK11SymKey * clientWriteKey; 630 PK11SymKey * serverWriteKey; 631 632 /* The following values pertain to the slot that wrapped the 633 ** master secret. (used only in client) 634 */ 635 SECMODModuleID masterModuleID; 636 /* what module wrapped the master secret */ 637 CK_SLOT_ID masterSlotID; 638 PRUint16 masterWrapIndex; 639 /* what's the key index for the wrapping key */ 640 PRUint16 masterWrapSeries; 641 /* keep track of the slot series, so we don't 642 * accidently try to use new keys after the 643 * card gets removed and replaced.*/ 644 645 /* The following values pertain to the slot that did the signature 646 ** for client auth. (used only in client) 647 */ 648 SECMODModuleID clAuthModuleID; 649 CK_SLOT_ID clAuthSlotID; 650 PRUint16 clAuthSeries; 651 652 char masterValid; 653 char clAuthValid; 654 655 /* Session ticket if we have one, is sent as an extension in the 656 * ClientHello message. This field is used by clients. 657 */ 658 NewSessionTicket sessionTicket; 659 } ssl3; 660 } u; 661 }; 662 663 664 typedef struct ssl3CipherSuiteDefStr { 665 ssl3CipherSuite cipher_suite; 666 SSL3BulkCipher bulk_cipher_alg; 667 SSL3MACAlgorithm mac_alg; 668 SSL3KeyExchangeAlgorithm key_exchange_alg; 669 } ssl3CipherSuiteDef; 670 671 /* 672 ** There are tables of these, all const. 673 */ 674 typedef struct { 675 SSL3KeyExchangeAlgorithm kea; 676 SSL3KEAType exchKeyType; 677 SSL3SignType signKeyType; 678 PRBool is_limited; 679 int key_size_limit; 680 PRBool tls_keygen; 681 } ssl3KEADef; 682 683 typedef enum { kg_null, kg_strong, kg_export } SSL3KeyGenMode; 684 685 /* 686 ** There are tables of these, all const. 687 */ 688 struct ssl3BulkCipherDefStr { 689 SSL3BulkCipher cipher; 690 SSLCipherAlgorithm calg; 691 int key_size; 692 int secret_key_size; 693 CipherType type; 694 int iv_size; 695 int block_size; 696 SSL3KeyGenMode keygen_mode; 697 }; 698 699 /* 700 ** There are tables of these, all const. 701 */ 702 struct ssl3MACDefStr { 703 SSL3MACAlgorithm mac; 704 CK_MECHANISM_TYPE mmech; 705 int pad_size; 706 int mac_size; 707 }; 708 709 typedef enum { 710 wait_client_hello, 711 wait_client_cert, 712 wait_client_key, 713 wait_cert_verify, 714 wait_change_cipher, 715 wait_finished, 716 wait_server_hello, 717 wait_server_cert, 718 wait_server_key, 719 wait_cert_request, 720 wait_hello_done, 721 wait_new_session_ticket, 722 idle_handshake 723 } SSL3WaitState; 724 725 /* 726 * TLS extension related constants and data structures. 727 */ 728 typedef struct TLSExtensionDataStr TLSExtensionData; 729 typedef struct SessionTicketDataStr SessionTicketData; 730 731 struct TLSExtensionDataStr { 732 /* registered callbacks that send server hello extensions */ 733 ssl3HelloExtensionSender serverSenders[MAX_EXTENSIONS]; 734 /* Keep track of the extensions that are negotiated. */ 735 PRUint16 numAdvertised; 736 PRUint16 numNegotiated; 737 PRUint16 advertised[MAX_EXTENSIONS]; 738 PRUint16 negotiated[MAX_EXTENSIONS]; 739 740 /* SessionTicket Extension related data. */ 741 PRBool ticketTimestampVerified; 742 PRBool emptySessionTicket; 743 }; 744 745 /* 746 ** This is the "hs" member of the "ssl3" struct. 747 ** This entire struct is protected by ssl3HandshakeLock 748 */ 749 typedef struct SSL3HandshakeStateStr { 750 SSL3Random server_random; 751 SSL3Random client_random; 752 SSL3WaitState ws; 753 PRUint64 md5_cx[MAX_MAC_CONTEXT_LLONGS]; 754 PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS]; 755 PK11Context * md5; /* handshake running hashes */ 756 PK11Context * sha; 757 const ssl3KEADef * kea_def; 758 ssl3CipherSuite cipher_suite; 759 const ssl3CipherSuiteDef *suite_def; 760 SSLCompressionMethod compression; 761 sslBuffer msg_body; /* protected by recvBufLock */ 762 /* partial handshake message from record layer */ 763 unsigned int header_bytes; 764 /* number of bytes consumed from handshake */ 765 /* message for message type and header length */ 766 SSL3HandshakeType msg_type; 767 unsigned long msg_len; 768 SECItem ca_list; /* used only by client */ 769 PRBool isResuming; /* are we resuming a session */ 770 PRBool rehandshake; /* immediately start another handshake 771 * when this one finishes */ 772 PRBool usedStepDownKey; /* we did a server key exchange. */ 773 sslBuffer msgState; /* current state for handshake messages*/ 774 /* protected by recvBufLock */ 775 sslBuffer messages; /* Accumulated handshake messages */ 776 #ifdef NSS_ENABLE_ECC 777 PRUint32 negotiatedECCurves; /* bit mask */ 778 #endif /* NSS_ENABLE_ECC */ 779 PRBool nextProtoNego;/* Our peer has sent this extension */ 780 } SSL3HandshakeState; 781 782 783 784 /* 785 ** This is the "ssl3" struct, as in "ss->ssl3". 786 ** note: 787 ** usually, crSpec == cwSpec and prSpec == pwSpec. 788 ** Sometimes, crSpec == pwSpec and prSpec == cwSpec. 789 ** But there are never more than 2 actual specs. 790 ** No spec must ever be modified if either "current" pointer points to it. 791 */ 792 struct ssl3StateStr { 793 794 /* 795 ** The following Specs and Spec pointers must be protected using the 796 ** Spec Lock. 797 */ 798 ssl3CipherSpec * crSpec; /* current read spec. */ 799 ssl3CipherSpec * prSpec; /* pending read spec. */ 800 ssl3CipherSpec * cwSpec; /* current write spec. */ 801 ssl3CipherSpec * pwSpec; /* pending write spec. */ 802 803 CERTCertificate * clientCertificate; /* used by client */ 804 SECKEYPrivateKey * clientPrivateKey; /* used by client */ 805 CERTCertificateList *clientCertChain; /* used by client */ 806 PRBool sendEmptyCert; /* used by client */ 807 808 int policy; 809 /* This says what cipher suites we can do, and should 810 * be either SSL_ALLOWED or SSL_RESTRICTED 811 */ 812 PRArenaPool * peerCertArena; 813 /* These are used to keep track of the peer CA */ 814 void * peerCertChain; 815 /* chain while we are trying to validate it. */ 816 CERTDistNames * ca_list; 817 /* used by server. trusted CAs for this socket. */ 818 PRBool initialized; 819 SSL3HandshakeState hs; 820 ssl3CipherSpec specs[2]; /* one is current, one is pending. */ 821 822 /* In a client: if the server supports Next Protocol Negotiation, then 823 * this is the protocol that was requested. 824 * In a server: this is the protocol that the client requested via Next 825 * Protocol Negotiation. 826 * 827 * In either case, if the data pointer is non-NULL, then it is malloced 828 * data. */ 829 SECItem nextProto; 830 int nextProtoState; /* See SSL_NEXT_PROTO_* defines */ 831 }; 832 833 typedef struct { 834 SSL3ContentType type; 835 SSL3ProtocolVersion version; 836 sslBuffer * buf; 837 } SSL3Ciphertext; 838 839 struct ssl3KeyPairStr { 840 SECKEYPrivateKey * privKey; 841 SECKEYPublicKey * pubKey; 842 PRInt32 refCount; /* use PR_Atomic calls for this. */ 843 }; 844 845 typedef struct SSLWrappedSymWrappingKeyStr { 846 SSL3Opaque wrappedSymmetricWrappingkey[512]; 847 SSL3Opaque wrapIV[24]; 848 CK_MECHANISM_TYPE symWrapMechanism; 849 /* unwrapped symmetric wrapping key uses this mechanism */ 850 CK_MECHANISM_TYPE asymWrapMechanism; 851 /* mechanism used to wrap the SymmetricWrappingKey using 852 * server's public and/or private keys. */ 853 SSL3KEAType exchKeyType; /* type of keys used to wrap SymWrapKey*/ 854 PRInt32 symWrapMechIndex; 855 PRUint16 wrappedSymKeyLen; 856 PRUint16 wrapIVLen; 857 } SSLWrappedSymWrappingKey; 858 859 typedef struct SessionTicketStr { 860 uint16 ticket_version; 861 SSL3ProtocolVersion ssl_version; 862 ssl3CipherSuite cipher_suite; 863 SSLCompressionMethod compression_method; 864 SSLSignType authAlgorithm; 865 uint32 authKeyBits; 866 SSLKEAType keaType; 867 uint32 keaKeyBits; 868 /* 869 * exchKeyType and msWrapMech contain meaningful values only if 870 * ms_is_wrapped is true. 871 */ 872 uint8 ms_is_wrapped; 873 SSLKEAType exchKeyType; /* XXX(wtc): same as keaType above? */ 874 CK_MECHANISM_TYPE msWrapMech; 875 uint16 ms_length; 876 SSL3Opaque master_secret[48]; 877 ClientIdentity client_identity; 878 SECItem peer_cert; 879 uint32 timestamp; 880 } SessionTicket; 881 882 /* 883 * SSL2 buffers used in SSL3. 884 * writeBuf in the SecurityInfo maintained by sslsecur.c is used 885 * to hold the data just about to be passed to the kernel 886 * sendBuf in the ConnectInfo maintained by sslcon.c is used 887 * to hold handshake messages as they are accumulated 888 */ 889 890 /* 891 ** This is "ci", as in "ss->sec.ci". 892 ** 893 ** Protection: All the variables in here are protected by 894 ** firstHandshakeLock AND (in ssl3) ssl3HandshakeLock 895 */ 896 struct sslConnectInfoStr { 897 /* outgoing handshakes appended to this. */ 898 sslBuffer sendBuf; /*xmitBufLock*/ /* ssl 2 & 3 */ 899 900 PRIPv6Addr peer; /* ssl 2 & 3 */ 901 unsigned short port; /* ssl 2 & 3 */ 902 903 sslSessionID *sid; /* ssl 2 & 3 */ 904 905 /* see CIS_HAVE defines below for the bit values in *elements. */ 906 char elements; /* ssl2 only */ 907 char requiredElements; /* ssl2 only */ 908 char sentElements; /* ssl2 only */ 909 910 char sentFinished; /* ssl2 only */ 911 912 /* Length of server challenge. Used by client when saving challenge */ 913 int serverChallengeLen; /* ssl2 only */ 914 /* type of authentication requested by server */ 915 unsigned char authType; /* ssl2 only */ 916 917 /* Challenge sent by client to server in client-hello message */ 918 /* SSL3 gets a copy of this. See ssl3_StartHandshakeHash(). */ 919 unsigned char clientChallenge[SSL_MAX_CHALLENGE_BYTES]; /* ssl 2 & 3 */ 920 921 /* Connection-id sent by server to client in server-hello message */ 922 unsigned char connectionID[SSL_CONNECTIONID_BYTES]; /* ssl2 only */ 923 924 /* Challenge sent by server to client in request-certificate message */ 925 unsigned char serverChallenge[SSL_MAX_CHALLENGE_BYTES]; /* ssl2 only */ 926 927 /* Information kept to handle a request-certificate message */ 928 unsigned char readKey[SSL_MAX_MASTER_KEY_BYTES]; /* ssl2 only */ 929 unsigned char writeKey[SSL_MAX_MASTER_KEY_BYTES]; /* ssl2 only */ 930 unsigned keySize; /* ssl2 only */ 931 }; 932 933 /* bit values for ci->elements, ci->requiredElements, sentElements. */ 934 #define CIS_HAVE_MASTER_KEY 0x01 935 #define CIS_HAVE_CERTIFICATE 0x02 936 #define CIS_HAVE_FINISHED 0x04 937 #define CIS_HAVE_VERIFY 0x08 938 939 /* Note: The entire content of this struct and whatever it points to gets 940 * blown away by SSL_ResetHandshake(). This is "sec" as in "ss->sec". 941 * 942 * Unless otherwise specified below, the contents of this struct are 943 * protected by firstHandshakeLock AND (in ssl3) ssl3HandshakeLock. 944 */ 945 struct sslSecurityInfoStr { 946 sslSendFunc send; /*xmitBufLock*/ /* ssl 2 & 3 */ 947 int isServer; /* Spec Lock?*/ /* ssl 2 & 3 */ 948 sslBuffer writeBuf; /*xmitBufLock*/ /* ssl 2 & 3 */ 949 950 int cipherType; /* ssl 2 & 3 */ 951 int keyBits; /* ssl 2 & 3 */ 952 int secretKeyBits; /* ssl 2 & 3 */ 953 CERTCertificate *localCert; /* ssl 2 & 3 */ 954 CERTCertificate *peerCert; /* ssl 2 & 3 */ 955 SECKEYPublicKey *peerKey; /* ssl3 only */ 956 957 SSLSignType authAlgorithm; 958 PRUint32 authKeyBits; 959 SSLKEAType keaType; 960 PRUint32 keaKeyBits; 961 962 /* 963 ** Procs used for SID cache (nonce) management. 964 ** Different implementations exist for clients/servers 965 ** The lookup proc is only used for servers. Baloney! 966 */ 967 sslSessionIDCacheFunc cache; /* ssl 2 & 3 */ 968 sslSessionIDUncacheFunc uncache; /* ssl 2 & 3 */ 969 970 /* 971 ** everything below here is for ssl2 only. 972 ** This stuff is equivalent to SSL3's "spec", and is protected by the 973 ** same "Spec Lock" as used for SSL3's specs. 974 */ 975 PRUint32 sendSequence; /*xmitBufLock*/ /* ssl2 only */ 976 PRUint32 rcvSequence; /*recvBufLock*/ /* ssl2 only */ 977 978 /* Hash information; used for one-way-hash functions (MD2, MD5, etc.) */ 979 const SECHashObject *hash; /* Spec Lock */ /* ssl2 only */ 980 void *hashcx; /* Spec Lock */ /* ssl2 only */ 981 982 SECItem sendSecret; /* Spec Lock */ /* ssl2 only */ 983 SECItem rcvSecret; /* Spec Lock */ /* ssl2 only */ 984 985 /* Session cypher contexts; one for each direction */ 986 void *readcx; /* Spec Lock */ /* ssl2 only */ 987 void *writecx; /* Spec Lock */ /* ssl2 only */ 988 SSLCipher enc; /* Spec Lock */ /* ssl2 only */ 989 SSLCipher dec; /* Spec Lock */ /* ssl2 only */ 990 void (*destroy)(void *, PRBool); /* Spec Lock */ /* ssl2 only */ 991 992 /* Blocking information for the session cypher */ 993 int blockShift; /* Spec Lock */ /* ssl2 only */ 994 int blockSize; /* Spec Lock */ /* ssl2 only */ 995 996 /* These are used during a connection handshake */ 997 sslConnectInfo ci; /* ssl 2 & 3 */ 998 999 }; 1000 1001 1002 /* 1003 ** SSL Socket struct 1004 ** 1005 ** Protection: XXX 1006 */ 1007 struct sslSocketStr { 1008 PRFileDesc * fd; 1009 1010 /* Pointer to operations vector for this socket */ 1011 const sslSocketOps * ops; 1012 1013 /* SSL socket options */ 1014 sslOptions opt; 1015 1016 /* State flags */ 1017 unsigned long clientAuthRequested; 1018 unsigned long delayDisabled; /* Nagle delay disabled */ 1019 unsigned long firstHsDone; /* first handshake is complete. */ 1020 unsigned long handshakeBegun; 1021 unsigned long lastWriteBlocked; 1022 unsigned long recvdCloseNotify; /* received SSL EOF. */ 1023 unsigned long TCPconnected; 1024 unsigned long appDataBuffered; 1025 1026 /* version of the protocol to use */ 1027 SSL3ProtocolVersion version; 1028 SSL3ProtocolVersion clientHelloVersion; /* version sent in client hello. */ 1029 1030 sslSecurityInfo sec; /* not a pointer any more */ 1031 1032 /* protected by firstHandshakeLock AND (in ssl3) ssl3HandshakeLock. */ 1033 const char *url; /* ssl 2 & 3 */ 1034 1035 sslHandshakeFunc handshake; /*firstHandshakeLock*/ 1036 sslHandshakeFunc nextHandshake; /*firstHandshakeLock*/ 1037 sslHandshakeFunc securityHandshake; /*firstHandshakeLock*/ 1038 1039 /* the following variable is only used with socks or other proxies. */ 1040 char * peerID; /* String uniquely identifies target server. */ 1041 1042 unsigned char * cipherSpecs; 1043 unsigned int sizeCipherSpecs; 1044 const unsigned char * preferredCipher; 1045 1046 ssl3KeyPair * stepDownKeyPair; /* RSA step down keys */ 1047 1048 /* Callbacks */ 1049 SSLAuthCertificate authCertificate; 1050 void *authCertificateArg; 1051 SSLGetClientAuthData getClientAuthData; 1052 void *getClientAuthDataArg; 1053 SSLBadCertHandler handleBadCert; 1054 void *badCertArg; 1055 SSLHandshakeCallback handshakeCallback; 1056 void *handshakeCallbackData; 1057 void *pkcs11PinArg; 1058 1059 PRIntervalTime rTimeout; /* timeout for NSPR I/O */ 1060 PRIntervalTime wTimeout; /* timeout for NSPR I/O */ 1061 PRIntervalTime cTimeout; /* timeout for NSPR I/O */ 1062 1063 PZLock * recvLock; /* lock against multiple reader threads. */ 1064 PZLock * sendLock; /* lock against multiple sender threads. */ 1065 1066 PZMonitor * recvBufLock; /* locks low level recv buffers. */ 1067 PZMonitor * xmitBufLock; /* locks low level xmit buffers. */ 1068 1069 /* Only one thread may operate on the socket until the initial handshake 1070 ** is complete. This Monitor ensures that. Since SSL2 handshake is 1071 ** only done once, this is also effectively the SSL2 handshake lock. 1072 */ 1073 PZMonitor * firstHandshakeLock; 1074 1075 /* This monitor protects the ssl3 handshake state machine data. 1076 ** Only one thread (reader or writer) may be in the ssl3 handshake state 1077 ** machine at any time. */ 1078 PZMonitor * ssl3HandshakeLock; 1079 1080 /* reader/writer lock, protects the secret data needed to encrypt and MAC 1081 ** outgoing records, and to decrypt and MAC check incoming ciphertext 1082 ** records. */ 1083 NSSRWLock * specLock; 1084 1085 /* handle to perm cert db (and implicitly to the temp cert db) used 1086 ** with this socket. 1087 */ 1088 CERTCertDBHandle * dbHandle; 1089 1090 PRThread * writerThread; /* thread holds SSL_LOCK_WRITER lock */ 1091 1092 PRUint16 shutdownHow; /* See ssl_SHUTDOWN defines below. */ 1093 1094 PRUint16 allowedByPolicy; /* copy of global policy bits. */ 1095 PRUint16 maybeAllowedByPolicy; /* copy of global policy bits. */ 1096 PRUint16 chosenPreference; /* SSL2 cipher preferences. */ 1097 1098 sslHandshakingType handshaking; 1099 1100 /* Gather object used for gathering data */ 1101 sslGather gs; /*recvBufLock*/ 1102 1103 sslBuffer saveBuf; /*xmitBufLock*/ 1104 sslBuffer pendingBuf; /*xmitBufLock*/ 1105 1106 /* Configuration state for server sockets */ 1107 /* server cert and key for each KEA type */ 1108 sslServerCerts serverCerts[kt_kea_size]; 1109 1110 ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED]; 1111 ssl3KeyPair * ephemeralECDHKeyPair; /* for ECDHE-* handshake */ 1112 1113 /* SSL3 state info. Formerly was a pointer */ 1114 ssl3State ssl3; 1115 1116 /* 1117 * TLS extension related data. 1118 */ 1119 /* True when the current session is a stateless resume. */ 1120 PRBool statelessResume; 1121 TLSExtensionData xtnData; 1122 }; 1123 1124 1125 1126 /* All the global data items declared here should be protected using the 1127 ** ssl_global_data_lock, which is a reader/writer lock. 1128 */ 1129 extern NSSRWLock * ssl_global_data_lock; 1130 extern char ssl_debug; 1131 extern char ssl_trace; 1132 extern FILE * ssl_trace_iob; 1133 extern CERTDistNames * ssl3_server_ca_list; 1134 extern PRUint32 ssl_sid_timeout; 1135 extern PRUint32 ssl3_sid_timeout; 1136 extern PRBool ssl3_global_policy_some_restricted; 1137 1138 extern const char * const ssl_cipherName[]; 1139 extern const char * const ssl3_cipherName[]; 1140 1141 extern sslSessionIDLookupFunc ssl_sid_lookup; 1142 extern sslSessionIDCacheFunc ssl_sid_cache; 1143 extern sslSessionIDUncacheFunc ssl_sid_uncache; 1144 1145 /************************************************************************/ 1146 1147 SEC_BEGIN_PROTOS 1148 1149 /* Implementation of ops for default (non socks, non secure) case */ 1150 extern int ssl_DefConnect(sslSocket *ss, const PRNetAddr *addr); 1151 extern PRFileDesc *ssl_DefAccept(sslSocket *ss, PRNetAddr *addr); 1152 extern int ssl_DefBind(sslSocket *ss, const PRNetAddr *addr); 1153 extern int ssl_DefListen(sslSocket *ss, int backlog); 1154 extern int ssl_DefShutdown(sslSocket *ss, int how); 1155 extern int ssl_DefClose(sslSocket *ss); 1156 extern int ssl_DefRecv(sslSocket *ss, unsigned char *buf, int len, int flags); 1157 extern int ssl_DefSend(sslSocket *ss, const unsigned char *buf, 1158 int len, int flags); 1159 extern int ssl_DefRead(sslSocket *ss, unsigned char *buf, int len); 1160 extern int ssl_DefWrite(sslSocket *ss, const unsigned char *buf, int len); 1161 extern int ssl_DefGetpeername(sslSocket *ss, PRNetAddr *name); 1162 extern int ssl_DefGetsockname(sslSocket *ss, PRNetAddr *name); 1163 extern int ssl_DefGetsockopt(sslSocket *ss, PRSockOption optname, 1164 void *optval, PRInt32 *optlen); 1165 extern int ssl_DefSetsockopt(sslSocket *ss, PRSockOption optname, 1166 const void *optval, PRInt32 optlen); 1167 1168 /* Implementation of ops for socks only case */ 1169 extern int ssl_SocksConnect(sslSocket *ss, const PRNetAddr *addr); 1170 extern PRFileDesc *ssl_SocksAccept(sslSocket *ss, PRNetAddr *addr); 1171 extern int ssl_SocksBind(sslSocket *ss, const PRNetAddr *addr); 1172 extern int ssl_SocksListen(sslSocket *ss, int backlog); 1173 extern int ssl_SocksGetsockname(sslSocket *ss, PRNetAddr *name); 1174 extern int ssl_SocksRecv(sslSocket *ss, unsigned char *buf, int len, int flags); 1175 extern int ssl_SocksSend(sslSocket *ss, const unsigned char *buf, 1176 int len, int flags); 1177 extern int ssl_SocksRead(sslSocket *ss, unsigned char *buf, int len); 1178 extern int ssl_SocksWrite(sslSocket *ss, const unsigned char *buf, int len); 1179 1180 /* Implementation of ops for secure only case */ 1181 extern int ssl_SecureConnect(sslSocket *ss, const PRNetAddr *addr); 1182 extern PRFileDesc *ssl_SecureAccept(sslSocket *ss, PRNetAddr *addr); 1183 extern int ssl_SecureRecv(sslSocket *ss, unsigned char *buf, 1184 int len, int flags); 1185 extern int ssl_SecureSend(sslSocket *ss, const unsigned char *buf, 1186 int len, int flags); 1187 extern int ssl_SecureRead(sslSocket *ss, unsigned char *buf, int len); 1188 extern int ssl_SecureWrite(sslSocket *ss, const unsigned char *buf, int len); 1189 extern int ssl_SecureShutdown(sslSocket *ss, int how); 1190 extern int ssl_SecureClose(sslSocket *ss); 1191 1192 /* Implementation of ops for secure socks case */ 1193 extern int ssl_SecureSocksConnect(sslSocket *ss, const PRNetAddr *addr); 1194 extern PRFileDesc *ssl_SecureSocksAccept(sslSocket *ss, PRNetAddr *addr); 1195 extern PRFileDesc *ssl_FindTop(sslSocket *ss); 1196 1197 /* Gather funcs. */ 1198 extern sslGather * ssl_NewGather(void); 1199 extern SECStatus ssl_InitGather(sslGather *gs); 1200 extern void ssl_DestroyGather(sslGather *gs); 1201 extern int ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags); 1202 extern int ssl2_GatherRecord(sslSocket *ss, int flags); 1203 extern SECStatus ssl_GatherRecord1stHandshake(sslSocket *ss); 1204 1205 extern SECStatus ssl2_HandleClientHelloMessage(sslSocket *ss); 1206 extern SECStatus ssl2_HandleServerHelloMessage(sslSocket *ss); 1207 extern int ssl2_StartGatherBytes(sslSocket *ss, sslGather *gs, 1208 unsigned int count); 1209 1210 extern SECStatus ssl_CreateSecurityInfo(sslSocket *ss); 1211 extern SECStatus ssl_CopySecurityInfo(sslSocket *ss, sslSocket *os); 1212 extern void ssl_ResetSecurityInfo(sslSecurityInfo *sec, PRBool doMemset); 1213 extern void ssl_DestroySecurityInfo(sslSecurityInfo *sec); 1214 1215 extern sslSocket * ssl_DupSocket(sslSocket *old); 1216 1217 extern void ssl_PrintBuf(sslSocket *ss, const char *msg, const void *cp, int len); 1218 extern void ssl_DumpMsg(sslSocket *ss, unsigned char *bp, unsigned len); 1219 1220 extern int ssl_SendSavedWriteData(sslSocket *ss); 1221 extern SECStatus ssl_SaveWriteData(sslSocket *ss, 1222 const void* p, unsigned int l); 1223 extern SECStatus ssl2_BeginClientHandshake(sslSocket *ss); 1224 extern SECStatus ssl2_BeginServerHandshake(sslSocket *ss); 1225 extern int ssl_Do1stHandshake(sslSocket *ss); 1226 1227 extern SECStatus sslBuffer_Grow(sslBuffer *b, unsigned int newLen); 1228 extern SECStatus sslBuffer_Append(sslBuffer *b, const void * data, 1229 unsigned int len); 1230 1231 extern void ssl2_UseClearSendFunc(sslSocket *ss); 1232 extern void ssl_ChooseSessionIDProcs(sslSecurityInfo *sec); 1233 1234 extern sslSessionID *ssl3_NewSessionID(sslSocket *ss, PRBool is_server); 1235 extern sslSessionID *ssl_LookupSID(const PRIPv6Addr *addr, PRUint16 port, 1236 const char *peerID, const char *urlSvrName); 1237 extern void ssl_FreeSID(sslSessionID *sid); 1238 1239 extern int ssl3_SendApplicationData(sslSocket *ss, const PRUint8 *in, 1240 int len, int flags); 1241 1242 extern PRBool ssl_FdIsBlocking(PRFileDesc *fd); 1243 1244 extern PRBool ssl_SocketIsBlocking(sslSocket *ss); 1245 1246 extern void ssl_SetAlwaysBlock(sslSocket *ss); 1247 1248 extern SECStatus ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled); 1249 1250 #define SSL_LOCK_READER(ss) if (ss->recvLock) PZ_Lock(ss->recvLock) 1251 #define SSL_UNLOCK_READER(ss) if (ss->recvLock) PZ_Unlock(ss->recvLock) 1252 #define SSL_LOCK_WRITER(ss) if (ss->sendLock) PZ_Lock(ss->sendLock) 1253 #define SSL_UNLOCK_WRITER(ss) if (ss->sendLock) PZ_Unlock(ss->sendLock) 1254 1255 #define ssl_Get1stHandshakeLock(ss) \ 1256 { if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->firstHandshakeLock); } 1257 #define ssl_Release1stHandshakeLock(ss) \ 1258 { if (!ss->opt.noLocks) PZ_ExitMonitor((ss)->firstHandshakeLock); } 1259 #define ssl_Have1stHandshakeLock(ss) \ 1260 (PZ_InMonitor((ss)->firstHandshakeLock)) 1261 1262 #define ssl_GetSSL3HandshakeLock(ss) \ 1263 { if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->ssl3HandshakeLock); } 1264 #define ssl_ReleaseSSL3HandshakeLock(ss) \ 1265 { if (!ss->opt.noLocks) PZ_ExitMonitor((ss)->ssl3HandshakeLock); } 1266 #define ssl_HaveSSL3HandshakeLock(ss) \ 1267 (PZ_InMonitor((ss)->ssl3HandshakeLock)) 1268 1269 #define ssl_GetSpecReadLock(ss) \ 1270 { if (!ss->opt.noLocks) NSSRWLock_LockRead((ss)->specLock); } 1271 #define ssl_ReleaseSpecReadLock(ss) \ 1272 { if (!ss->opt.noLocks) NSSRWLock_UnlockRead((ss)->specLock); } 1273 1274 #define ssl_GetSpecWriteLock(ss) \ 1275 { if (!ss->opt.noLocks) NSSRWLock_LockWrite((ss)->specLock); } 1276 #define ssl_ReleaseSpecWriteLock(ss) \ 1277 { if (!ss->opt.noLocks) NSSRWLock_UnlockWrite((ss)->specLock); } 1278 #define ssl_HaveSpecWriteLock(ss) \ 1279 (NSSRWLock_HaveWriteLock((ss)->specLock)) 1280 1281 #define ssl_GetRecvBufLock(ss) \ 1282 { if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->recvBufLock); } 1283 #define ssl_ReleaseRecvBufLock(ss) \ 1284 { if (!ss->opt.noLocks) PZ_ExitMonitor( (ss)->recvBufLock); } 1285 #define ssl_HaveRecvBufLock(ss) \ 1286 (PZ_InMonitor((ss)->recvBufLock)) 1287 1288 #define ssl_GetXmitBufLock(ss) \ 1289 { if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->xmitBufLock); } 1290 #define ssl_ReleaseXmitBufLock(ss) \ 1291 { if (!ss->opt.noLocks) PZ_ExitMonitor( (ss)->xmitBufLock); } 1292 #define ssl_HaveXmitBufLock(ss) \ 1293 (PZ_InMonitor((ss)->xmitBufLock)) 1294 1295 1296 extern SECStatus ssl3_KeyAndMacDeriveBypass(ssl3CipherSpec * pwSpec, 1297 const unsigned char * cr, const unsigned char * sr, 1298 PRBool isTLS, PRBool isExport); 1299 extern SECStatus ssl3_MasterKeyDeriveBypass( ssl3CipherSpec * pwSpec, 1300 const unsigned char * cr, const unsigned char * sr, 1301 const SECItem * pms, PRBool isTLS, PRBool isRSA); 1302 1303 /* These functions are called from secnav, even though they're "private". */ 1304 1305 extern int ssl2_SendErrorMessage(struct sslSocketStr *ss, int error); 1306 extern int SSL_RestartHandshakeAfterServerCert(struct sslSocketStr *ss); 1307 extern int SSL_RestartHandshakeAfterCertReq(struct sslSocketStr *ss, 1308 CERTCertificate *cert, 1309 SECKEYPrivateKey *key, 1310 CERTCertificateList *certChain); 1311 extern sslSocket *ssl_FindSocket(PRFileDesc *fd); 1312 extern void ssl_FreeSocket(struct sslSocketStr *ssl); 1313 extern SECStatus SSL3_SendAlert(sslSocket *ss, SSL3AlertLevel level, 1314 SSL3AlertDescription desc); 1315 1316 extern int ssl2_RestartHandshakeAfterCertReq(sslSocket * ss, 1317 CERTCertificate * cert, 1318 SECKEYPrivateKey * key); 1319 1320 extern SECStatus ssl3_RestartHandshakeAfterCertReq(sslSocket * ss, 1321 CERTCertificate * cert, 1322 SECKEYPrivateKey * key, 1323 CERTCertificateList *certChain); 1324 1325 extern int ssl2_RestartHandshakeAfterServerCert(sslSocket *ss); 1326 extern int ssl3_RestartHandshakeAfterServerCert(sslSocket *ss); 1327 1328 /* 1329 * for dealing with SSL 3.0 clients sending SSL 2.0 format hellos 1330 */ 1331 extern SECStatus ssl3_HandleV2ClientHello( 1332 sslSocket *ss, unsigned char *buffer, int length); 1333 extern SECStatus ssl3_StartHandshakeHash( 1334 sslSocket *ss, unsigned char *buf, int length); 1335 1336 /* 1337 * SSL3 specific routines 1338 */ 1339 SECStatus ssl3_SendClientHello(sslSocket *ss); 1340 1341 /* 1342 * input into the SSL3 machinery from the actualy network reading code 1343 */ 1344 SECStatus ssl3_HandleRecord( 1345 sslSocket *ss, SSL3Ciphertext *cipher, sslBuffer *out); 1346 1347 int ssl3_GatherAppDataRecord(sslSocket *ss, int flags); 1348 int ssl3_GatherCompleteHandshake(sslSocket *ss, int flags); 1349 /* 1350 * When talking to export clients or using export cipher suites, servers 1351 * with public RSA keys larger than 512 bits need to use a 512-bit public 1352 * key, signed by the larger key. The smaller key is a "step down" key. 1353 * Generate that key pair and keep it around. 1354 */ 1355 extern SECStatus ssl3_CreateRSAStepDownKeys(sslSocket *ss); 1356 1357 #ifdef NSS_ENABLE_ECC 1358 extern void ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss); 1359 extern PRBool ssl3_IsECCEnabled(sslSocket *ss); 1360 extern SECStatus ssl3_DisableECCSuites(sslSocket * ss, 1361 const ssl3CipherSuite * suite); 1362 1363 /* Macro for finding a curve equivalent in strength to RSA key's */ 1364 #define SSL_RSASTRENGTH_TO_ECSTRENGTH(s) \ 1365 ((s <= 1024) ? 160 \ 1366 : ((s <= 2048) ? 224 \ 1367 : ((s <= 3072) ? 256 \ 1368 : ((s <= 7168) ? 384 : 521 ) ) ) ) 1369 1370 /* Types and names of elliptic curves used in TLS */ 1371 typedef enum { ec_type_explicitPrime = 1, 1372 ec_type_explicitChar2Curve = 2, 1373 ec_type_named 1374 } ECType; 1375 1376 typedef enum { ec_noName = 0, 1377 ec_sect163k1 = 1, 1378 ec_sect163r1 = 2, 1379 ec_sect163r2 = 3, 1380 ec_sect193r1 = 4, 1381 ec_sect193r2 = 5, 1382 ec_sect233k1 = 6, 1383 ec_sect233r1 = 7, 1384 ec_sect239k1 = 8, 1385 ec_sect283k1 = 9, 1386 ec_sect283r1 = 10, 1387 ec_sect409k1 = 11, 1388 ec_sect409r1 = 12, 1389 ec_sect571k1 = 13, 1390 ec_sect571r1 = 14, 1391 ec_secp160k1 = 15, 1392 ec_secp160r1 = 16, 1393 ec_secp160r2 = 17, 1394 ec_secp192k1 = 18, 1395 ec_secp192r1 = 19, 1396 ec_secp224k1 = 20, 1397 ec_secp224r1 = 21, 1398 ec_secp256k1 = 22, 1399 ec_secp256r1 = 23, 1400 ec_secp384r1 = 24, 1401 ec_secp521r1 = 25, 1402 ec_pastLastName 1403 } ECName; 1404 1405 extern SECStatus ssl3_ECName2Params(PRArenaPool *arena, ECName curve, 1406 SECKEYECParams *params); 1407 ECName ssl3_GetCurveWithECKeyStrength(PRUint32 curvemsk, int requiredECCbits); 1408 1409 1410 #endif /* NSS_ENABLE_ECC */ 1411 1412 extern SECStatus ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool on); 1413 extern SECStatus ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *on); 1414 extern SECStatus ssl2_CipherPrefSetDefault(PRInt32 which, PRBool enabled); 1415 extern SECStatus ssl2_CipherPrefGetDefault(PRInt32 which, PRBool *enabled); 1416 1417 extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool on); 1418 extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *on); 1419 extern SECStatus ssl2_CipherPrefSet(sslSocket *ss, PRInt32 which, PRBool enabled); 1420 extern SECStatus ssl2_CipherPrefGet(sslSocket *ss, PRInt32 which, PRBool *enabled); 1421 1422 extern SECStatus ssl3_SetPolicy(ssl3CipherSuite which, PRInt32 policy); 1423 extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy); 1424 extern SECStatus ssl2_SetPolicy(PRInt32 which, PRInt32 policy); 1425 extern SECStatus ssl2_GetPolicy(PRInt32 which, PRInt32 *policy); 1426 1427 extern void ssl2_InitSocketPolicy(sslSocket *ss); 1428 extern void ssl3_InitSocketPolicy(sslSocket *ss); 1429 1430 extern SECStatus ssl3_ConstructV2CipherSpecsHack(sslSocket *ss, 1431 unsigned char *cs, int *size); 1432 1433 extern SECStatus ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache); 1434 1435 extern void ssl3_DestroySSL3Info(sslSocket *ss); 1436 1437 extern SECStatus ssl3_NegotiateVersion(sslSocket *ss, 1438 SSL3ProtocolVersion peerVersion); 1439 1440 extern SECStatus ssl_GetPeerInfo(sslSocket *ss); 1441 1442 #ifdef NSS_ENABLE_ECC 1443 /* ECDH functions */ 1444 extern SECStatus ssl3_SendECDHClientKeyExchange(sslSocket * ss, 1445 SECKEYPublicKey * svrPubKey); 1446 extern SECStatus ssl3_HandleECDHServerKeyExchange(sslSocket *ss, 1447 SSL3Opaque *b, PRUint32 length); 1448 extern SECStatus ssl3_HandleECDHClientKeyExchange(sslSocket *ss, 1449 SSL3Opaque *b, PRUint32 length, 1450 SECKEYPublicKey *srvrPubKey, 1451 SECKEYPrivateKey *srvrPrivKey); 1452 extern SECStatus ssl3_SendECDHServerKeyExchange(sslSocket *ss); 1453 #endif 1454 1455 extern SECStatus ssl3_ComputeCommonKeyHash(PRUint8 * hashBuf, 1456 unsigned int bufLen, SSL3Hashes *hashes, 1457 PRBool bypassPKCS11); 1458 extern SECStatus ssl3_InitPendingCipherSpec(sslSocket *ss, PK11SymKey *pms); 1459 extern SECStatus ssl3_AppendHandshake(sslSocket *ss, const void *void_src, 1460 PRInt32 bytes); 1461 extern SECStatus ssl3_AppendHandshakeHeader(sslSocket *ss, 1462 SSL3HandshakeType t, PRUint32 length); 1463 extern SECStatus ssl3_AppendHandshakeNumber(sslSocket *ss, PRInt32 num, 1464 PRInt32 lenSize); 1465 extern SECStatus ssl3_AppendHandshakeVariable( sslSocket *ss, 1466 const SSL3Opaque *src, PRInt32 bytes, PRInt32 lenSize); 1467 extern SECStatus ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRInt32 bytes, 1468 SSL3Opaque **b, PRUint32 *length); 1469 extern PRInt32 ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRInt32 bytes, 1470 SSL3Opaque **b, PRUint32 *length); 1471 extern SECStatus ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i, 1472 PRInt32 bytes, SSL3Opaque **b, PRUint32 *length); 1473 extern SECStatus ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, 1474 SECItem *buf, PRBool isTLS); 1475 extern SECStatus ssl3_VerifySignedHashes(SSL3Hashes *hash, 1476 CERTCertificate *cert, SECItem *buf, PRBool isTLS, 1477 void *pwArg); 1478 extern SECStatus ssl3_CacheWrappedMasterSecret(sslSocket *ss, 1479 sslSessionID *sid, ssl3CipherSpec *spec, 1480 SSL3KEAType effectiveExchKeyType); 1481 1482 /* Functions that handle ClientHello and ServerHello extensions. */ 1483 extern SECStatus ssl3_HandleServerNameXtn(sslSocket * ss, 1484 PRUint16 ex_type, SECItem *data); 1485 extern SECStatus ssl3_HandleSupportedCurvesXtn(sslSocket * ss, 1486 PRUint16 ex_type, SECItem *data); 1487 extern SECStatus ssl3_HandleSupportedPointFormatsXtn(sslSocket * ss, 1488 PRUint16 ex_type, SECItem *data); 1489 extern SECStatus ssl3_ClientHandleSessionTicketXtn(sslSocket *ss, 1490 PRUint16 ex_type, SECItem *data); 1491 extern SECStatus ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, 1492 PRUint16 ex_type, SECItem *data); 1493 extern SECStatus ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, 1494 PRUint16 ex_type, SECItem *data); 1495 extern SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss, 1496 PRUint16 ex_type, SECItem *data); 1497 1498 /* ClientHello and ServerHello extension senders. 1499 * Note that not all extension senders are exposed here; only those that 1500 * that need exposure. 1501 */ 1502 extern PRInt32 ssl3_SendSessionTicketXtn(sslSocket *ss, PRBool append, 1503 PRUint32 maxBytes); 1504 #ifdef NSS_ENABLE_ECC 1505 extern PRInt32 ssl3_SendSupportedCurvesXtn(sslSocket *ss, 1506 PRBool append, PRUint32 maxBytes); 1507 extern PRInt32 ssl3_SendSupportedPointFormatsXtn(sslSocket *ss, 1508 PRBool append, PRUint32 maxBytes); 1509 #endif 1510 extern PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append, 1511 PRUint32 maxBytes); 1512 extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char* data, 1513 unsigned short length); 1514 1515 /* call the registered extension handlers. */ 1516 extern SECStatus ssl3_HandleHelloExtensions(sslSocket *ss, 1517 SSL3Opaque **b, PRUint32 *length); 1518 1519 /* Hello Extension related routines. */ 1520 extern PRBool ssl3_ExtensionNegotiated(sslSocket *ss, PRUint16 ex_type); 1521 extern SECStatus ssl3_SetSIDSessionTicket(sslSessionID *sid, 1522 NewSessionTicket *session_ticket); 1523 extern SECStatus ssl3_SendNewSessionTicket(sslSocket *ss); 1524 extern PRBool ssl_GetSessionTicketKeys(unsigned char *keyName, 1525 unsigned char *encKey, unsigned char *macKey); 1526 extern PRBool ssl_GetSessionTicketKeysPKCS11(SECKEYPrivateKey *svrPrivKey, 1527 SECKEYPublicKey *svrPubKey, void *pwArg, 1528 unsigned char *keyName, PK11SymKey **aesKey, 1529 PK11SymKey **macKey); 1530 1531 /* Tell clients to consider tickets valid for this long. */ 1532 #define TLS_EX_SESS_TICKET_LIFETIME_HINT (2 * 24 * 60 * 60) /* 2 days */ 1533 #define TLS_EX_SESS_TICKET_VERSION (0x0100) 1534 1535 /* Construct a new NSPR socket for the app to use */ 1536 extern PRFileDesc *ssl_NewPRSocket(sslSocket *ss, PRFileDesc *fd); 1537 extern void ssl_FreePRSocket(PRFileDesc *fd); 1538 1539 /* Internal config function so SSL2 can initialize the present state of 1540 * various ciphers */ 1541 extern int ssl3_config_match_init(sslSocket *); 1542 1543 1544 /* Create a new ref counted key pair object from two keys. */ 1545 extern ssl3KeyPair * ssl3_NewKeyPair( SECKEYPrivateKey * privKey, 1546 SECKEYPublicKey * pubKey); 1547 1548 /* get a new reference (bump ref count) to an ssl3KeyPair. */ 1549 extern ssl3KeyPair * ssl3_GetKeyPairRef(ssl3KeyPair * keyPair); 1550 1551 /* Decrement keypair's ref count and free if zero. */ 1552 extern void ssl3_FreeKeyPair(ssl3KeyPair * keyPair); 1553 1554 /* calls for accessing wrapping keys across processes. */ 1555 extern PRBool 1556 ssl_GetWrappingKey( PRInt32 symWrapMechIndex, 1557 SSL3KEAType exchKeyType, 1558 SSLWrappedSymWrappingKey *wswk); 1559 1560 /* The caller passes in the new value it wants 1561 * to set. This code tests the wrapped sym key entry in the file on disk. 1562 * If it is uninitialized, this function writes the caller's value into 1563 * the disk entry, and returns false. 1564 * Otherwise, it overwrites the caller's wswk with the value obtained from 1565 * the disk, and returns PR_TRUE. 1566 * This is all done while holding the locks/semaphores necessary to make 1567 * the operation atomic. 1568 */ 1569 extern PRBool 1570 ssl_SetWrappingKey(SSLWrappedSymWrappingKey *wswk); 1571 1572 /* get rid of the symmetric wrapping key references. */ 1573 extern SECStatus SSL3_ShutdownServerCache(void); 1574 1575 extern SECStatus ssl_InitSymWrapKeysLock(void); 1576 1577 extern SECStatus ssl_FreeSymWrapKeysLock(void); 1578 1579 extern SECStatus ssl_InitSessionCacheLocks(PRBool lazyInit); 1580 1581 extern SECStatus ssl_FreeSessionCacheLocks(void); 1582 1583 1584 /********************** misc calls *********************/ 1585 1586 extern int ssl_MapLowLevelError(int hiLevelError); 1587 1588 extern PRUint32 ssl_Time(void); 1589 1590 extern void SSL_AtomicIncrementLong(long * x); 1591 1592 SECStatus SSL_DisableDefaultExportCipherSuites(void); 1593 SECStatus SSL_DisableExportCipherSuites(PRFileDesc * fd); 1594 PRBool SSL_IsExportCipherSuite(PRUint16 cipherSuite); 1595 1596 1597 #ifdef TRACE 1598 #define SSL_TRACE(msg) ssl_Trace msg 1599 #else 1600 #define SSL_TRACE(msg) 1601 #endif 1602 1603 void ssl_Trace(const char *format, ...); 1604 1605 SEC_END_PROTOS 1606 1607 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) 1608 #define SSL_GETPID getpid 1609 #elif defined(_WIN32_WCE) 1610 #define SSL_GETPID GetCurrentProcessId 1611 #elif defined(WIN32) 1612 extern int __cdecl _getpid(void); 1613 #define SSL_GETPID _getpid 1614 #else 1615 #define SSL_GETPID() 0 1616 #endif 1617 1618 #endif /* __sslimpl_h_ */ 1619