1 /*
2 * vtables (and methods that call through them) for the 4 types of
3 * SSLSockets supported. Only one type is still supported.
4 * Various other functions.
5 *
6 * This Source Code Form is subject to the terms of the Mozilla Public
7 * License, v. 2.0. If a copy of the MPL was not distributed with this
8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
9 #include "seccomon.h"
10 #include "cert.h"
11 #include "keyhi.h"
12 #include "ssl.h"
13 #include "sslimpl.h"
14 #include "sslproto.h"
15 #include "nspr.h"
16 #include "private/pprio.h"
17 #ifndef NO_PKCS11_BYPASS
18 #include "blapi.h"
19 #endif
20 #include "pk11pub.h"
21 #include "nss.h"
22
23 /* This is a bodge to allow this code to be compiled against older NSS headers
24 * that don't contain the TLS 1.2 changes. */
25 #ifndef CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256
26 #define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24)
27 #endif
28
29 #define SET_ERROR_CODE /* reminder */
30
31 struct cipherPolicyStr {
32 int cipher;
33 unsigned char export; /* policy value for export policy */
34 unsigned char france; /* policy value for france policy */
35 };
36
37 typedef struct cipherPolicyStr cipherPolicy;
38
39 /* This table contains two preconfigured policies: Export and France.
40 ** It is used only by the functions NSS_SetDomesticPolicy,
41 ** NSS_SetExportPolicy, and NSS_SetFrancePolicy.
42 ** Order of entries is not important.
43 */
44 static cipherPolicy ssl_ciphers[] = { /* Export France */
45 { SSL_EN_RC4_128_WITH_MD5, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
46 { SSL_EN_RC4_128_EXPORT40_WITH_MD5, SSL_ALLOWED, SSL_ALLOWED },
47 { SSL_EN_RC2_128_CBC_WITH_MD5, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
48 { SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, SSL_ALLOWED, SSL_ALLOWED },
49 { SSL_EN_DES_64_CBC_WITH_MD5, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
50 { SSL_EN_DES_192_EDE3_CBC_WITH_MD5, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
51 { SSL_RSA_WITH_RC4_128_MD5, SSL_RESTRICTED, SSL_NOT_ALLOWED },
52 { SSL_RSA_WITH_RC4_128_SHA, SSL_RESTRICTED, SSL_NOT_ALLOWED },
53 { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
54 { SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RESTRICTED, SSL_NOT_ALLOWED },
55 { SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
56 { SSL_RSA_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
57 { SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_ALLOWED, SSL_ALLOWED },
58 { SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_ALLOWED, SSL_ALLOWED },
59 { SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
60 { SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
61 { SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
62 { SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
63 { TLS_DHE_DSS_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
64 { SSL_RSA_WITH_NULL_MD5, SSL_ALLOWED, SSL_ALLOWED },
65 { SSL_RSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED },
66 { TLS_RSA_WITH_NULL_SHA256, SSL_ALLOWED, SSL_ALLOWED },
67 { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
68 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
69 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
70 { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
71 { TLS_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
72 { TLS_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
73 { TLS_RSA_WITH_AES_128_GCM_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
74 { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
75 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
76 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
77 { TLS_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
78 { TLS_RSA_WITH_AES_256_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
79 { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
80 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
81 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
82 { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
83 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
84 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
85 { TLS_RSA_WITH_SEED_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
86 { TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_ALLOWED, SSL_NOT_ALLOWED },
87 { TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_ALLOWED, SSL_NOT_ALLOWED },
88 #ifdef NSS_ENABLE_ECC
89 { TLS_ECDH_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED },
90 { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
91 { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
92 { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
93 { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
94 { TLS_ECDHE_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED },
95 { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
96 { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
97 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
98 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
99 { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
100 { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
101 { TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
102 { TLS_ECDH_RSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED },
103 { TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
104 { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
105 { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
106 { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
107 { TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_ALLOWED, SSL_ALLOWED },
108 { TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
109 { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
110 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
111 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
112 { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
113 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
114 { TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
115 #endif /* NSS_ENABLE_ECC */
116 { 0, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }
117 };
118
119 static const sslSocketOps ssl_default_ops = { /* No SSL. */
120 ssl_DefConnect,
121 NULL,
122 ssl_DefBind,
123 ssl_DefListen,
124 ssl_DefShutdown,
125 ssl_DefClose,
126 ssl_DefRecv,
127 ssl_DefSend,
128 ssl_DefRead,
129 ssl_DefWrite,
130 ssl_DefGetpeername,
131 ssl_DefGetsockname
132 };
133
134 static const sslSocketOps ssl_secure_ops = { /* SSL. */
135 ssl_SecureConnect,
136 NULL,
137 ssl_DefBind,
138 ssl_DefListen,
139 ssl_SecureShutdown,
140 ssl_SecureClose,
141 ssl_SecureRecv,
142 ssl_SecureSend,
143 ssl_SecureRead,
144 ssl_SecureWrite,
145 ssl_DefGetpeername,
146 ssl_DefGetsockname
147 };
148
149 /*
150 ** default settings for socket enables
151 */
152 static sslOptions ssl_defaults = {
153 { siBuffer, NULL, 0 }, /* nextProtoNego */
154 PR_TRUE, /* useSecurity */
155 PR_FALSE, /* useSocks */
156 PR_FALSE, /* requestCertificate */
157 2, /* requireCertificate */
158 PR_FALSE, /* handshakeAsClient */
159 PR_FALSE, /* handshakeAsServer */
160 PR_FALSE, /* enableSSL2 */ /* now defaults to off in NSS 3.13 */
161 PR_FALSE, /* unusedBit9 */
162 PR_FALSE, /* unusedBit10 */
163 PR_FALSE, /* noCache */
164 PR_FALSE, /* fdx */
165 PR_FALSE, /* v2CompatibleHello */ /* now defaults to off in NSS 3.13 */
166 PR_TRUE, /* detectRollBack */
167 PR_FALSE, /* noStepDown */
168 PR_FALSE, /* bypassPKCS11 */
169 PR_FALSE, /* noLocks */
170 PR_FALSE, /* enableSessionTickets */
171 PR_FALSE, /* enableDeflate */
172 2, /* enableRenegotiation (default: requires extension) */
173 PR_FALSE, /* requireSafeNegotiation */
174 PR_FALSE, /* enableFalseStart */
175 PR_TRUE, /* cbcRandomIV */
176 PR_FALSE, /* enableOCSPStapling */
177 PR_FALSE, /* enableSignedCertTimestamps */
178 PR_FALSE /* enableFallbackSCSV */
179 };
180
181 /*
182 * default range of enabled SSL/TLS protocols
183 */
184 static SSLVersionRange versions_defaults_stream = {
185 SSL_LIBRARY_VERSION_3_0,
186 SSL_LIBRARY_VERSION_TLS_1_0
187 };
188
189 static SSLVersionRange versions_defaults_datagram = {
190 SSL_LIBRARY_VERSION_TLS_1_1,
191 SSL_LIBRARY_VERSION_TLS_1_1
192 };
193
194 #define VERSIONS_DEFAULTS(variant) \
195 (variant == ssl_variant_stream ? &versions_defaults_stream : \
196 &versions_defaults_datagram)
197
198 sslSessionIDLookupFunc ssl_sid_lookup;
199 sslSessionIDCacheFunc ssl_sid_cache;
200 sslSessionIDUncacheFunc ssl_sid_uncache;
201
202 static PRBool ssl_inited = PR_FALSE;
203 static PRDescIdentity ssl_layer_id;
204
205 PRBool locksEverDisabled; /* implicitly PR_FALSE */
206 PRBool ssl_force_locks; /* implicitly PR_FALSE */
207 int ssl_lock_readers = 1; /* default true. */
208 char ssl_debug;
209 char ssl_trace;
210 FILE * ssl_trace_iob;
211 FILE * ssl_keylog_iob;
212 char lockStatus[] = "Locks are ENABLED. ";
213 #define LOCKSTATUS_OFFSET 10 /* offset of ENABLED */
214
215 /* SRTP_NULL_HMAC_SHA1_80 and SRTP_NULL_HMAC_SHA1_32 are not implemented. */
216 static const PRUint16 srtpCiphers[] = {
217 SRTP_AES128_CM_HMAC_SHA1_80,
218 SRTP_AES128_CM_HMAC_SHA1_32,
219 0
220 };
221
222 /* forward declarations. */
223 static sslSocket *ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant variant);
224 static SECStatus ssl_MakeLocks(sslSocket *ss);
225 static void ssl_SetDefaultsFromEnvironment(void);
226 static PRStatus ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack,
227 PRDescIdentity id);
228
229 /************************************************************************/
230
231 /*
232 ** Lookup a socket structure from a file descriptor.
233 ** Only functions called through the PRIOMethods table should use this.
234 ** Other app-callable functions should use ssl_FindSocket.
235 */
236 static sslSocket *
ssl_GetPrivate(PRFileDesc * fd)237 ssl_GetPrivate(PRFileDesc *fd)
238 {
239 sslSocket *ss;
240
241 PORT_Assert(fd != NULL);
242 PORT_Assert(fd->methods->file_type == PR_DESC_LAYERED);
243 PORT_Assert(fd->identity == ssl_layer_id);
244
245 if (fd->methods->file_type != PR_DESC_LAYERED ||
246 fd->identity != ssl_layer_id) {
247 PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
248 return NULL;
249 }
250
251 ss = (sslSocket *)fd->secret;
252 ss->fd = fd;
253 return ss;
254 }
255
256 /* This function tries to find the SSL layer in the stack.
257 * It searches for the first SSL layer at or below the argument fd,
258 * and failing that, it searches for the nearest SSL layer above the
259 * argument fd. It returns the private sslSocket from the found layer.
260 */
261 sslSocket *
ssl_FindSocket(PRFileDesc * fd)262 ssl_FindSocket(PRFileDesc *fd)
263 {
264 PRFileDesc *layer;
265 sslSocket *ss;
266
267 PORT_Assert(fd != NULL);
268 PORT_Assert(ssl_layer_id != 0);
269
270 layer = PR_GetIdentitiesLayer(fd, ssl_layer_id);
271 if (layer == NULL) {
272 PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
273 return NULL;
274 }
275
276 ss = (sslSocket *)layer->secret;
277 ss->fd = layer;
278 return ss;
279 }
280
281 static sslSocket *
ssl_DupSocket(sslSocket * os)282 ssl_DupSocket(sslSocket *os)
283 {
284 sslSocket *ss;
285 SECStatus rv;
286
287 ss = ssl_NewSocket((PRBool)(!os->opt.noLocks), os->protocolVariant);
288 if (ss) {
289 ss->opt = os->opt;
290 ss->opt.useSocks = PR_FALSE;
291 ss->vrange = os->vrange;
292
293 ss->peerID = !os->peerID ? NULL : PORT_Strdup(os->peerID);
294 ss->url = !os->url ? NULL : PORT_Strdup(os->url);
295
296 ss->ops = os->ops;
297 ss->rTimeout = os->rTimeout;
298 ss->wTimeout = os->wTimeout;
299 ss->cTimeout = os->cTimeout;
300 ss->dbHandle = os->dbHandle;
301
302 /* copy ssl2&3 policy & prefs, even if it's not selected (yet) */
303 ss->allowedByPolicy = os->allowedByPolicy;
304 ss->maybeAllowedByPolicy= os->maybeAllowedByPolicy;
305 ss->chosenPreference = os->chosenPreference;
306 PORT_Memcpy(ss->cipherSuites, os->cipherSuites, sizeof os->cipherSuites);
307 PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, os->ssl3.dtlsSRTPCiphers,
308 sizeof(PRUint16) * os->ssl3.dtlsSRTPCipherCount);
309 ss->ssl3.dtlsSRTPCipherCount = os->ssl3.dtlsSRTPCipherCount;
310
311 if (os->cipherSpecs) {
312 ss->cipherSpecs = (unsigned char*)PORT_Alloc(os->sizeCipherSpecs);
313 if (ss->cipherSpecs)
314 PORT_Memcpy(ss->cipherSpecs, os->cipherSpecs,
315 os->sizeCipherSpecs);
316 ss->sizeCipherSpecs = os->sizeCipherSpecs;
317 ss->preferredCipher = os->preferredCipher;
318 } else {
319 ss->cipherSpecs = NULL; /* produced lazily */
320 ss->sizeCipherSpecs = 0;
321 ss->preferredCipher = NULL;
322 }
323 if (ss->opt.useSecurity) {
324 /* This int should be SSLKEAType, but CC on Irix complains,
325 * during the for loop.
326 */
327 int i;
328 sslServerCerts * oc = os->serverCerts;
329 sslServerCerts * sc = ss->serverCerts;
330
331 for (i=kt_null; i < kt_kea_size; i++, oc++, sc++) {
332 if (oc->serverCert && oc->serverCertChain) {
333 sc->serverCert = CERT_DupCertificate(oc->serverCert);
334 sc->serverCertChain = CERT_DupCertList(oc->serverCertChain);
335 if (!sc->serverCertChain)
336 goto loser;
337 } else {
338 sc->serverCert = NULL;
339 sc->serverCertChain = NULL;
340 }
341 sc->serverKeyPair = oc->serverKeyPair ?
342 ssl3_GetKeyPairRef(oc->serverKeyPair) : NULL;
343 if (oc->serverKeyPair && !sc->serverKeyPair)
344 goto loser;
345 sc->serverKeyBits = oc->serverKeyBits;
346 ss->certStatusArray[i] = !os->certStatusArray[i] ? NULL :
347 SECITEM_DupArray(NULL, os->certStatusArray[i]);
348 }
349 ss->stepDownKeyPair = !os->stepDownKeyPair ? NULL :
350 ssl3_GetKeyPairRef(os->stepDownKeyPair);
351 ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL :
352 ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair);
353 /*
354 * XXX the preceding CERT_ and SECKEY_ functions can fail and return NULL.
355 * XXX We should detect this, and not just march on with NULL pointers.
356 */
357 ss->authCertificate = os->authCertificate;
358 ss->authCertificateArg = os->authCertificateArg;
359 ss->getClientAuthData = os->getClientAuthData;
360 ss->getClientAuthDataArg = os->getClientAuthDataArg;
361 #ifdef NSS_PLATFORM_CLIENT_AUTH
362 ss->getPlatformClientAuthData = os->getPlatformClientAuthData;
363 ss->getPlatformClientAuthDataArg = os->getPlatformClientAuthDataArg;
364 #endif
365 ss->sniSocketConfig = os->sniSocketConfig;
366 ss->sniSocketConfigArg = os->sniSocketConfigArg;
367 ss->handleBadCert = os->handleBadCert;
368 ss->badCertArg = os->badCertArg;
369 ss->handshakeCallback = os->handshakeCallback;
370 ss->handshakeCallbackData = os->handshakeCallbackData;
371 ss->canFalseStartCallback = os->canFalseStartCallback;
372 ss->canFalseStartCallbackData = os->canFalseStartCallbackData;
373 ss->pkcs11PinArg = os->pkcs11PinArg;
374 ss->getChannelID = os->getChannelID;
375 ss->getChannelIDArg = os->getChannelIDArg;
376
377 /* Create security data */
378 rv = ssl_CopySecurityInfo(ss, os);
379 if (rv != SECSuccess) {
380 goto loser;
381 }
382 }
383 }
384 return ss;
385
386 loser:
387 ssl_FreeSocket(ss);
388 return NULL;
389 }
390
391 static void
ssl_DestroyLocks(sslSocket * ss)392 ssl_DestroyLocks(sslSocket *ss)
393 {
394 /* Destroy locks. */
395 if (ss->firstHandshakeLock) {
396 PZ_DestroyMonitor(ss->firstHandshakeLock);
397 ss->firstHandshakeLock = NULL;
398 }
399 if (ss->ssl3HandshakeLock) {
400 PZ_DestroyMonitor(ss->ssl3HandshakeLock);
401 ss->ssl3HandshakeLock = NULL;
402 }
403 if (ss->specLock) {
404 NSSRWLock_Destroy(ss->specLock);
405 ss->specLock = NULL;
406 }
407
408 if (ss->recvLock) {
409 PZ_DestroyLock(ss->recvLock);
410 ss->recvLock = NULL;
411 }
412 if (ss->sendLock) {
413 PZ_DestroyLock(ss->sendLock);
414 ss->sendLock = NULL;
415 }
416 if (ss->xmitBufLock) {
417 PZ_DestroyMonitor(ss->xmitBufLock);
418 ss->xmitBufLock = NULL;
419 }
420 if (ss->recvBufLock) {
421 PZ_DestroyMonitor(ss->recvBufLock);
422 ss->recvBufLock = NULL;
423 }
424 }
425
426 /* Caller holds any relevant locks */
427 static void
ssl_DestroySocketContents(sslSocket * ss)428 ssl_DestroySocketContents(sslSocket *ss)
429 {
430 /* "i" should be of type SSLKEAType, but CC on IRIX complains during
431 * the for loop.
432 */
433 int i;
434
435 /* Free up socket */
436 ssl_DestroySecurityInfo(&ss->sec);
437
438 ssl3_DestroySSL3Info(ss);
439
440 PORT_Free(ss->saveBuf.buf);
441 PORT_Free(ss->pendingBuf.buf);
442 ssl_DestroyGather(&ss->gs);
443
444 if (ss->peerID != NULL)
445 PORT_Free(ss->peerID);
446 if (ss->url != NULL)
447 PORT_Free((void *)ss->url); /* CONST */
448 if (ss->cipherSpecs) {
449 PORT_Free(ss->cipherSpecs);
450 ss->cipherSpecs = NULL;
451 ss->sizeCipherSpecs = 0;
452 }
453
454 /* Clean up server configuration */
455 for (i=kt_null; i < kt_kea_size; i++) {
456 sslServerCerts * sc = ss->serverCerts + i;
457 if (sc->serverCert != NULL)
458 CERT_DestroyCertificate(sc->serverCert);
459 if (sc->serverCertChain != NULL)
460 CERT_DestroyCertificateList(sc->serverCertChain);
461 if (sc->serverKeyPair != NULL)
462 ssl3_FreeKeyPair(sc->serverKeyPair);
463 if (ss->certStatusArray[i] != NULL) {
464 SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE);
465 ss->certStatusArray[i] = NULL;
466 }
467 }
468 if (ss->stepDownKeyPair) {
469 ssl3_FreeKeyPair(ss->stepDownKeyPair);
470 ss->stepDownKeyPair = NULL;
471 }
472 if (ss->ephemeralECDHKeyPair) {
473 ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
474 ss->ephemeralECDHKeyPair = NULL;
475 }
476 SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE);
477 PORT_Assert(!ss->xtnData.sniNameArr);
478 if (ss->xtnData.sniNameArr) {
479 PORT_Free(ss->xtnData.sniNameArr);
480 ss->xtnData.sniNameArr = NULL;
481 }
482 }
483
484 /*
485 * free an sslSocket struct, and all the stuff that hangs off of it
486 */
487 void
ssl_FreeSocket(sslSocket * ss)488 ssl_FreeSocket(sslSocket *ss)
489 {
490 /* Get every lock you can imagine!
491 ** Caller already holds these:
492 ** SSL_LOCK_READER(ss);
493 ** SSL_LOCK_WRITER(ss);
494 */
495 ssl_Get1stHandshakeLock(ss);
496 ssl_GetRecvBufLock(ss);
497 ssl_GetSSL3HandshakeLock(ss);
498 ssl_GetXmitBufLock(ss);
499 ssl_GetSpecWriteLock(ss);
500
501 ssl_DestroySocketContents(ss);
502
503 /* Release all the locks acquired above. */
504 SSL_UNLOCK_READER(ss);
505 SSL_UNLOCK_WRITER(ss);
506 ssl_Release1stHandshakeLock(ss);
507 ssl_ReleaseRecvBufLock(ss);
508 ssl_ReleaseSSL3HandshakeLock(ss);
509 ssl_ReleaseXmitBufLock(ss);
510 ssl_ReleaseSpecWriteLock(ss);
511
512 ssl_DestroyLocks(ss);
513
514 #ifdef DEBUG
515 PORT_Memset(ss, 0x1f, sizeof *ss);
516 #endif
517 PORT_Free(ss);
518 return;
519 }
520
521 /************************************************************************/
522 SECStatus
ssl_EnableNagleDelay(sslSocket * ss,PRBool enabled)523 ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled)
524 {
525 PRFileDesc * osfd = ss->fd->lower;
526 SECStatus rv = SECFailure;
527 PRSocketOptionData opt;
528
529 opt.option = PR_SockOpt_NoDelay;
530 opt.value.no_delay = (PRBool)!enabled;
531
532 if (osfd->methods->setsocketoption) {
533 rv = (SECStatus) osfd->methods->setsocketoption(osfd, &opt);
534 } else {
535 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
536 }
537
538 return rv;
539 }
540
541 static void
ssl_ChooseOps(sslSocket * ss)542 ssl_ChooseOps(sslSocket *ss)
543 {
544 ss->ops = ss->opt.useSecurity ? &ssl_secure_ops : &ssl_default_ops;
545 }
546
547 /* Called from SSL_Enable (immediately below) */
548 static SECStatus
PrepareSocket(sslSocket * ss)549 PrepareSocket(sslSocket *ss)
550 {
551 SECStatus rv = SECSuccess;
552
553 ssl_ChooseOps(ss);
554 return rv;
555 }
556
557 SECStatus
SSL_Enable(PRFileDesc * fd,int which,PRBool on)558 SSL_Enable(PRFileDesc *fd, int which, PRBool on)
559 {
560 return SSL_OptionSet(fd, which, on);
561 }
562
563 #ifndef NO_PKCS11_BYPASS
564 static const PRCallOnceType pristineCallOnce;
565 static PRCallOnceType setupBypassOnce;
566
SSL_BypassShutdown(void * appData,void * nssData)567 static SECStatus SSL_BypassShutdown(void* appData, void* nssData)
568 {
569 /* unload freeBL shared library from memory */
570 BL_Unload();
571 setupBypassOnce = pristineCallOnce;
572 return SECSuccess;
573 }
574
SSL_BypassRegisterShutdown(void)575 static PRStatus SSL_BypassRegisterShutdown(void)
576 {
577 SECStatus rv = NSS_RegisterShutdown(SSL_BypassShutdown, NULL);
578 PORT_Assert(SECSuccess == rv);
579 return SECSuccess == rv ? PR_SUCCESS : PR_FAILURE;
580 }
581 #endif
582
SSL_BypassSetup(void)583 static PRStatus SSL_BypassSetup(void)
584 {
585 #ifdef NO_PKCS11_BYPASS
586 /* Guarantee binary compatibility */
587 return PR_SUCCESS;
588 #else
589 return PR_CallOnce(&setupBypassOnce, &SSL_BypassRegisterShutdown);
590 #endif
591 }
592
593 /* Implements the semantics for SSL_OptionSet(SSL_ENABLE_TLS, on) described in
594 * ssl.h in the section "SSL version range setting API".
595 */
596 static void
ssl_EnableTLS(SSLVersionRange * vrange,PRBool on)597 ssl_EnableTLS(SSLVersionRange *vrange, PRBool on)
598 {
599 if (SSL3_ALL_VERSIONS_DISABLED(vrange)) {
600 if (on) {
601 vrange->min = SSL_LIBRARY_VERSION_TLS_1_0;
602 vrange->max = SSL_LIBRARY_VERSION_TLS_1_0;
603 } /* else don't change anything */
604 return;
605 }
606
607 if (on) {
608 /* Expand the range of enabled version to include TLS 1.0 */
609 vrange->min = PR_MIN(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
610 vrange->max = PR_MAX(vrange->max, SSL_LIBRARY_VERSION_TLS_1_0);
611 } else {
612 /* Disable all TLS versions, leaving only SSL 3.0 if it was enabled */
613 if (vrange->min == SSL_LIBRARY_VERSION_3_0) {
614 vrange->max = SSL_LIBRARY_VERSION_3_0;
615 } else {
616 /* Only TLS was enabled, so now no versions are. */
617 vrange->min = SSL_LIBRARY_VERSION_NONE;
618 vrange->max = SSL_LIBRARY_VERSION_NONE;
619 }
620 }
621 }
622
623 /* Implements the semantics for SSL_OptionSet(SSL_ENABLE_SSL3, on) described in
624 * ssl.h in the section "SSL version range setting API".
625 */
626 static void
ssl_EnableSSL3(SSLVersionRange * vrange,PRBool on)627 ssl_EnableSSL3(SSLVersionRange *vrange, PRBool on)
628 {
629 if (SSL3_ALL_VERSIONS_DISABLED(vrange)) {
630 if (on) {
631 vrange->min = SSL_LIBRARY_VERSION_3_0;
632 vrange->max = SSL_LIBRARY_VERSION_3_0;
633 } /* else don't change anything */
634 return;
635 }
636
637 if (on) {
638 /* Expand the range of enabled versions to include SSL 3.0. We know
639 * SSL 3.0 or some version of TLS is already enabled at this point, so
640 * we don't need to change vrange->max.
641 */
642 vrange->min = SSL_LIBRARY_VERSION_3_0;
643 } else {
644 /* Disable SSL 3.0, leaving TLS unaffected. */
645 if (vrange->max > SSL_LIBRARY_VERSION_3_0) {
646 vrange->min = PR_MAX(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
647 } else {
648 /* Only SSL 3.0 was enabled, so now no versions are. */
649 vrange->min = SSL_LIBRARY_VERSION_NONE;
650 vrange->max = SSL_LIBRARY_VERSION_NONE;
651 }
652 }
653 }
654
655 SECStatus
SSL_OptionSet(PRFileDesc * fd,PRInt32 which,PRBool on)656 SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
657 {
658 sslSocket *ss = ssl_FindSocket(fd);
659 SECStatus rv = SECSuccess;
660 PRBool holdingLocks;
661
662 if (!ss) {
663 SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd));
664 return SECFailure;
665 }
666
667 holdingLocks = (!ss->opt.noLocks);
668 ssl_Get1stHandshakeLock(ss);
669 ssl_GetSSL3HandshakeLock(ss);
670
671 switch (which) {
672 case SSL_SOCKS:
673 ss->opt.useSocks = PR_FALSE;
674 rv = PrepareSocket(ss);
675 if (on) {
676 PORT_SetError(SEC_ERROR_INVALID_ARGS);
677 rv = SECFailure;
678 }
679 break;
680
681 case SSL_SECURITY:
682 ss->opt.useSecurity = on;
683 rv = PrepareSocket(ss);
684 break;
685
686 case SSL_REQUEST_CERTIFICATE:
687 ss->opt.requestCertificate = on;
688 break;
689
690 case SSL_REQUIRE_CERTIFICATE:
691 ss->opt.requireCertificate = on;
692 break;
693
694 case SSL_HANDSHAKE_AS_CLIENT:
695 if ( ss->opt.handshakeAsServer && on ) {
696 PORT_SetError(SEC_ERROR_INVALID_ARGS);
697 rv = SECFailure;
698 break;
699 }
700 ss->opt.handshakeAsClient = on;
701 break;
702
703 case SSL_HANDSHAKE_AS_SERVER:
704 if ( ss->opt.handshakeAsClient && on ) {
705 PORT_SetError(SEC_ERROR_INVALID_ARGS);
706 rv = SECFailure;
707 break;
708 }
709 ss->opt.handshakeAsServer = on;
710 break;
711
712 case SSL_ENABLE_TLS:
713 if (IS_DTLS(ss)) {
714 if (on) {
715 PORT_SetError(SEC_ERROR_INVALID_ARGS);
716 rv = SECFailure; /* not allowed */
717 }
718 break;
719 }
720 ssl_EnableTLS(&ss->vrange, on);
721 ss->preferredCipher = NULL;
722 if (ss->cipherSpecs) {
723 PORT_Free(ss->cipherSpecs);
724 ss->cipherSpecs = NULL;
725 ss->sizeCipherSpecs = 0;
726 }
727 break;
728
729 case SSL_ENABLE_SSL3:
730 if (IS_DTLS(ss)) {
731 if (on) {
732 PORT_SetError(SEC_ERROR_INVALID_ARGS);
733 rv = SECFailure; /* not allowed */
734 }
735 break;
736 }
737 ssl_EnableSSL3(&ss->vrange, on);
738 ss->preferredCipher = NULL;
739 if (ss->cipherSpecs) {
740 PORT_Free(ss->cipherSpecs);
741 ss->cipherSpecs = NULL;
742 ss->sizeCipherSpecs = 0;
743 }
744 break;
745
746 case SSL_ENABLE_SSL2:
747 if (IS_DTLS(ss)) {
748 if (on) {
749 PORT_SetError(SEC_ERROR_INVALID_ARGS);
750 rv = SECFailure; /* not allowed */
751 }
752 break;
753 }
754 ss->opt.enableSSL2 = on;
755 if (on) {
756 ss->opt.v2CompatibleHello = on;
757 }
758 ss->preferredCipher = NULL;
759 if (ss->cipherSpecs) {
760 PORT_Free(ss->cipherSpecs);
761 ss->cipherSpecs = NULL;
762 ss->sizeCipherSpecs = 0;
763 }
764 break;
765
766 case SSL_NO_CACHE:
767 ss->opt.noCache = on;
768 break;
769
770 case SSL_ENABLE_FDX:
771 if (on && ss->opt.noLocks) {
772 PORT_SetError(SEC_ERROR_INVALID_ARGS);
773 rv = SECFailure;
774 }
775 ss->opt.fdx = on;
776 break;
777
778 case SSL_V2_COMPATIBLE_HELLO:
779 if (IS_DTLS(ss)) {
780 if (on) {
781 PORT_SetError(SEC_ERROR_INVALID_ARGS);
782 rv = SECFailure; /* not allowed */
783 }
784 break;
785 }
786 ss->opt.v2CompatibleHello = on;
787 if (!on) {
788 ss->opt.enableSSL2 = on;
789 }
790 break;
791
792 case SSL_ROLLBACK_DETECTION:
793 ss->opt.detectRollBack = on;
794 break;
795
796 case SSL_NO_STEP_DOWN:
797 ss->opt.noStepDown = on;
798 if (on)
799 SSL_DisableExportCipherSuites(fd);
800 break;
801
802 case SSL_BYPASS_PKCS11:
803 if (ss->handshakeBegun) {
804 PORT_SetError(PR_INVALID_STATE_ERROR);
805 rv = SECFailure;
806 } else {
807 if (PR_FALSE != on) {
808 if (PR_SUCCESS == SSL_BypassSetup() ) {
809 #ifdef NO_PKCS11_BYPASS
810 ss->opt.bypassPKCS11 = PR_FALSE;
811 #else
812 ss->opt.bypassPKCS11 = on;
813 #endif
814 } else {
815 rv = SECFailure;
816 }
817 } else {
818 ss->opt.bypassPKCS11 = PR_FALSE;
819 }
820 }
821 break;
822
823 case SSL_NO_LOCKS:
824 if (on && ss->opt.fdx) {
825 PORT_SetError(SEC_ERROR_INVALID_ARGS);
826 rv = SECFailure;
827 }
828 if (on && ssl_force_locks)
829 on = PR_FALSE; /* silent override */
830 ss->opt.noLocks = on;
831 if (on) {
832 locksEverDisabled = PR_TRUE;
833 strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
834 } else if (!holdingLocks) {
835 rv = ssl_MakeLocks(ss);
836 if (rv != SECSuccess) {
837 ss->opt.noLocks = PR_TRUE;
838 }
839 }
840 break;
841
842 case SSL_ENABLE_SESSION_TICKETS:
843 ss->opt.enableSessionTickets = on;
844 break;
845
846 case SSL_ENABLE_DEFLATE:
847 ss->opt.enableDeflate = on;
848 break;
849
850 case SSL_ENABLE_RENEGOTIATION:
851 ss->opt.enableRenegotiation = on;
852 break;
853
854 case SSL_REQUIRE_SAFE_NEGOTIATION:
855 ss->opt.requireSafeNegotiation = on;
856 break;
857
858 case SSL_ENABLE_FALSE_START:
859 ss->opt.enableFalseStart = on;
860 break;
861
862 case SSL_CBC_RANDOM_IV:
863 ss->opt.cbcRandomIV = on;
864 break;
865
866 case SSL_ENABLE_OCSP_STAPLING:
867 ss->opt.enableOCSPStapling = on;
868 break;
869
870 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
871 ss->opt.enableSignedCertTimestamps = on;
872 break;
873
874 case SSL_ENABLE_FALLBACK_SCSV:
875 ss->opt.enableFallbackSCSV = on;
876 break;
877
878 default:
879 PORT_SetError(SEC_ERROR_INVALID_ARGS);
880 rv = SECFailure;
881 }
882
883 /* We can't use the macros for releasing the locks here,
884 * because ss->opt.noLocks might have changed just above.
885 * We must release these locks (monitors) here, if we aquired them above,
886 * regardless of the current value of ss->opt.noLocks.
887 */
888 if (holdingLocks) {
889 PZ_ExitMonitor((ss)->ssl3HandshakeLock);
890 PZ_ExitMonitor((ss)->firstHandshakeLock);
891 }
892
893 return rv;
894 }
895
896 SECStatus
SSL_OptionGet(PRFileDesc * fd,PRInt32 which,PRBool * pOn)897 SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
898 {
899 sslSocket *ss = ssl_FindSocket(fd);
900 SECStatus rv = SECSuccess;
901 PRBool on = PR_FALSE;
902
903 if (!pOn) {
904 PORT_SetError(SEC_ERROR_INVALID_ARGS);
905 return SECFailure;
906 }
907 if (!ss) {
908 SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd));
909 *pOn = PR_FALSE;
910 return SECFailure;
911 }
912
913 ssl_Get1stHandshakeLock(ss);
914 ssl_GetSSL3HandshakeLock(ss);
915
916 switch (which) {
917 case SSL_SOCKS: on = PR_FALSE; break;
918 case SSL_SECURITY: on = ss->opt.useSecurity; break;
919 case SSL_REQUEST_CERTIFICATE: on = ss->opt.requestCertificate; break;
920 case SSL_REQUIRE_CERTIFICATE: on = ss->opt.requireCertificate; break;
921 case SSL_HANDSHAKE_AS_CLIENT: on = ss->opt.handshakeAsClient; break;
922 case SSL_HANDSHAKE_AS_SERVER: on = ss->opt.handshakeAsServer; break;
923 case SSL_ENABLE_TLS:
924 on = ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_0;
925 break;
926 case SSL_ENABLE_SSL3:
927 on = ss->vrange.min == SSL_LIBRARY_VERSION_3_0;
928 break;
929 case SSL_ENABLE_SSL2: on = ss->opt.enableSSL2; break;
930 case SSL_NO_CACHE: on = ss->opt.noCache; break;
931 case SSL_ENABLE_FDX: on = ss->opt.fdx; break;
932 case SSL_V2_COMPATIBLE_HELLO: on = ss->opt.v2CompatibleHello; break;
933 case SSL_ROLLBACK_DETECTION: on = ss->opt.detectRollBack; break;
934 case SSL_NO_STEP_DOWN: on = ss->opt.noStepDown; break;
935 case SSL_BYPASS_PKCS11: on = ss->opt.bypassPKCS11; break;
936 case SSL_NO_LOCKS: on = ss->opt.noLocks; break;
937 case SSL_ENABLE_SESSION_TICKETS:
938 on = ss->opt.enableSessionTickets;
939 break;
940 case SSL_ENABLE_DEFLATE: on = ss->opt.enableDeflate; break;
941 case SSL_ENABLE_RENEGOTIATION:
942 on = ss->opt.enableRenegotiation; break;
943 case SSL_REQUIRE_SAFE_NEGOTIATION:
944 on = ss->opt.requireSafeNegotiation; break;
945 case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break;
946 case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break;
947 case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break;
948 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
949 on = ss->opt.enableSignedCertTimestamps;
950 break;
951 case SSL_ENABLE_FALLBACK_SCSV: on = ss->opt.enableFallbackSCSV; break;
952
953 default:
954 PORT_SetError(SEC_ERROR_INVALID_ARGS);
955 rv = SECFailure;
956 }
957
958 ssl_ReleaseSSL3HandshakeLock(ss);
959 ssl_Release1stHandshakeLock(ss);
960
961 *pOn = on;
962 return rv;
963 }
964
965 SECStatus
SSL_OptionGetDefault(PRInt32 which,PRBool * pOn)966 SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
967 {
968 SECStatus rv = SECSuccess;
969 PRBool on = PR_FALSE;
970
971 if (!pOn) {
972 PORT_SetError(SEC_ERROR_INVALID_ARGS);
973 return SECFailure;
974 }
975
976 ssl_SetDefaultsFromEnvironment();
977
978 switch (which) {
979 case SSL_SOCKS: on = PR_FALSE; break;
980 case SSL_SECURITY: on = ssl_defaults.useSecurity; break;
981 case SSL_REQUEST_CERTIFICATE: on = ssl_defaults.requestCertificate; break;
982 case SSL_REQUIRE_CERTIFICATE: on = ssl_defaults.requireCertificate; break;
983 case SSL_HANDSHAKE_AS_CLIENT: on = ssl_defaults.handshakeAsClient; break;
984 case SSL_HANDSHAKE_AS_SERVER: on = ssl_defaults.handshakeAsServer; break;
985 case SSL_ENABLE_TLS:
986 on = versions_defaults_stream.max >= SSL_LIBRARY_VERSION_TLS_1_0;
987 break;
988 case SSL_ENABLE_SSL3:
989 on = versions_defaults_stream.min == SSL_LIBRARY_VERSION_3_0;
990 break;
991 case SSL_ENABLE_SSL2: on = ssl_defaults.enableSSL2; break;
992 case SSL_NO_CACHE: on = ssl_defaults.noCache; break;
993 case SSL_ENABLE_FDX: on = ssl_defaults.fdx; break;
994 case SSL_V2_COMPATIBLE_HELLO: on = ssl_defaults.v2CompatibleHello; break;
995 case SSL_ROLLBACK_DETECTION: on = ssl_defaults.detectRollBack; break;
996 case SSL_NO_STEP_DOWN: on = ssl_defaults.noStepDown; break;
997 case SSL_BYPASS_PKCS11: on = ssl_defaults.bypassPKCS11; break;
998 case SSL_NO_LOCKS: on = ssl_defaults.noLocks; break;
999 case SSL_ENABLE_SESSION_TICKETS:
1000 on = ssl_defaults.enableSessionTickets;
1001 break;
1002 case SSL_ENABLE_DEFLATE: on = ssl_defaults.enableDeflate; break;
1003 case SSL_ENABLE_RENEGOTIATION:
1004 on = ssl_defaults.enableRenegotiation; break;
1005 case SSL_REQUIRE_SAFE_NEGOTIATION:
1006 on = ssl_defaults.requireSafeNegotiation;
1007 break;
1008 case SSL_ENABLE_FALSE_START: on = ssl_defaults.enableFalseStart; break;
1009 case SSL_CBC_RANDOM_IV: on = ssl_defaults.cbcRandomIV; break;
1010 case SSL_ENABLE_OCSP_STAPLING:
1011 on = ssl_defaults.enableOCSPStapling;
1012 break;
1013 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
1014 on = ssl_defaults.enableSignedCertTimestamps;
1015 break;
1016 case SSL_ENABLE_FALLBACK_SCSV:
1017 on = ssl_defaults.enableFallbackSCSV;
1018 break;
1019
1020 default:
1021 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1022 rv = SECFailure;
1023 }
1024
1025 *pOn = on;
1026 return rv;
1027 }
1028
1029 /* XXX Use Global Lock to protect this stuff. */
1030 SECStatus
SSL_EnableDefault(int which,PRBool on)1031 SSL_EnableDefault(int which, PRBool on)
1032 {
1033 return SSL_OptionSetDefault(which, on);
1034 }
1035
1036 SECStatus
SSL_OptionSetDefault(PRInt32 which,PRBool on)1037 SSL_OptionSetDefault(PRInt32 which, PRBool on)
1038 {
1039 SECStatus status = ssl_Init();
1040
1041 if (status != SECSuccess) {
1042 return status;
1043 }
1044
1045 ssl_SetDefaultsFromEnvironment();
1046
1047 switch (which) {
1048 case SSL_SOCKS:
1049 ssl_defaults.useSocks = PR_FALSE;
1050 if (on) {
1051 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1052 return SECFailure;
1053 }
1054 break;
1055
1056 case SSL_SECURITY:
1057 ssl_defaults.useSecurity = on;
1058 break;
1059
1060 case SSL_REQUEST_CERTIFICATE:
1061 ssl_defaults.requestCertificate = on;
1062 break;
1063
1064 case SSL_REQUIRE_CERTIFICATE:
1065 ssl_defaults.requireCertificate = on;
1066 break;
1067
1068 case SSL_HANDSHAKE_AS_CLIENT:
1069 if ( ssl_defaults.handshakeAsServer && on ) {
1070 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1071 return SECFailure;
1072 }
1073 ssl_defaults.handshakeAsClient = on;
1074 break;
1075
1076 case SSL_HANDSHAKE_AS_SERVER:
1077 if ( ssl_defaults.handshakeAsClient && on ) {
1078 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1079 return SECFailure;
1080 }
1081 ssl_defaults.handshakeAsServer = on;
1082 break;
1083
1084 case SSL_ENABLE_TLS:
1085 ssl_EnableTLS(&versions_defaults_stream, on);
1086 break;
1087
1088 case SSL_ENABLE_SSL3:
1089 ssl_EnableSSL3(&versions_defaults_stream, on);
1090 break;
1091
1092 case SSL_ENABLE_SSL2:
1093 ssl_defaults.enableSSL2 = on;
1094 if (on) {
1095 ssl_defaults.v2CompatibleHello = on;
1096 }
1097 break;
1098
1099 case SSL_NO_CACHE:
1100 ssl_defaults.noCache = on;
1101 break;
1102
1103 case SSL_ENABLE_FDX:
1104 if (on && ssl_defaults.noLocks) {
1105 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1106 return SECFailure;
1107 }
1108 ssl_defaults.fdx = on;
1109 break;
1110
1111 case SSL_V2_COMPATIBLE_HELLO:
1112 ssl_defaults.v2CompatibleHello = on;
1113 if (!on) {
1114 ssl_defaults.enableSSL2 = on;
1115 }
1116 break;
1117
1118 case SSL_ROLLBACK_DETECTION:
1119 ssl_defaults.detectRollBack = on;
1120 break;
1121
1122 case SSL_NO_STEP_DOWN:
1123 ssl_defaults.noStepDown = on;
1124 if (on)
1125 SSL_DisableDefaultExportCipherSuites();
1126 break;
1127
1128 case SSL_BYPASS_PKCS11:
1129 if (PR_FALSE != on) {
1130 if (PR_SUCCESS == SSL_BypassSetup()) {
1131 #ifdef NO_PKCS11_BYPASS
1132 ssl_defaults.bypassPKCS11 = PR_FALSE;
1133 #else
1134 ssl_defaults.bypassPKCS11 = on;
1135 #endif
1136 } else {
1137 return SECFailure;
1138 }
1139 } else {
1140 ssl_defaults.bypassPKCS11 = PR_FALSE;
1141 }
1142 break;
1143
1144 case SSL_NO_LOCKS:
1145 if (on && ssl_defaults.fdx) {
1146 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1147 return SECFailure;
1148 }
1149 if (on && ssl_force_locks)
1150 on = PR_FALSE; /* silent override */
1151 ssl_defaults.noLocks = on;
1152 if (on) {
1153 locksEverDisabled = PR_TRUE;
1154 strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
1155 }
1156 break;
1157
1158 case SSL_ENABLE_SESSION_TICKETS:
1159 ssl_defaults.enableSessionTickets = on;
1160 break;
1161
1162 case SSL_ENABLE_DEFLATE:
1163 ssl_defaults.enableDeflate = on;
1164 break;
1165
1166 case SSL_ENABLE_RENEGOTIATION:
1167 ssl_defaults.enableRenegotiation = on;
1168 break;
1169
1170 case SSL_REQUIRE_SAFE_NEGOTIATION:
1171 ssl_defaults.requireSafeNegotiation = on;
1172 break;
1173
1174 case SSL_ENABLE_FALSE_START:
1175 ssl_defaults.enableFalseStart = on;
1176 break;
1177
1178 case SSL_CBC_RANDOM_IV:
1179 ssl_defaults.cbcRandomIV = on;
1180 break;
1181
1182 case SSL_ENABLE_OCSP_STAPLING:
1183 ssl_defaults.enableOCSPStapling = on;
1184 break;
1185
1186 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
1187 ssl_defaults.enableSignedCertTimestamps = on;
1188 break;
1189
1190 case SSL_ENABLE_FALLBACK_SCSV:
1191 ssl_defaults.enableFallbackSCSV = on;
1192 break;
1193
1194 default:
1195 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1196 return SECFailure;
1197 }
1198 return SECSuccess;
1199 }
1200
1201 /* function tells us if the cipher suite is one that we no longer support. */
1202 static PRBool
ssl_IsRemovedCipherSuite(PRInt32 suite)1203 ssl_IsRemovedCipherSuite(PRInt32 suite)
1204 {
1205 switch (suite) {
1206 case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
1207 case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:
1208 case SSL_FORTEZZA_DMS_WITH_RC4_128_SHA:
1209 return PR_TRUE;
1210 default:
1211 return PR_FALSE;
1212 }
1213 }
1214
1215 /* Part of the public NSS API.
1216 * Since this is a global (not per-socket) setting, we cannot use the
1217 * HandshakeLock to protect this. Probably want a global lock.
1218 */
1219 SECStatus
SSL_SetPolicy(long which,int policy)1220 SSL_SetPolicy(long which, int policy)
1221 {
1222 if ((which & 0xfffe) == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) {
1223 /* one of the two old FIPS ciphers */
1224 if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA)
1225 which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA;
1226 else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA)
1227 which = SSL_RSA_FIPS_WITH_DES_CBC_SHA;
1228 }
1229 if (ssl_IsRemovedCipherSuite(which))
1230 return SECSuccess;
1231 return SSL_CipherPolicySet(which, policy);
1232 }
1233
1234 SECStatus
SSL_CipherPolicySet(PRInt32 which,PRInt32 policy)1235 SSL_CipherPolicySet(PRInt32 which, PRInt32 policy)
1236 {
1237 SECStatus rv = ssl_Init();
1238
1239 if (rv != SECSuccess) {
1240 return rv;
1241 }
1242
1243 if (ssl_IsRemovedCipherSuite(which)) {
1244 rv = SECSuccess;
1245 } else if (SSL_IS_SSL2_CIPHER(which)) {
1246 rv = ssl2_SetPolicy(which, policy);
1247 } else {
1248 rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy);
1249 }
1250 return rv;
1251 }
1252
1253 SECStatus
SSL_CipherPolicyGet(PRInt32 which,PRInt32 * oPolicy)1254 SSL_CipherPolicyGet(PRInt32 which, PRInt32 *oPolicy)
1255 {
1256 SECStatus rv;
1257
1258 if (!oPolicy) {
1259 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1260 return SECFailure;
1261 }
1262 if (ssl_IsRemovedCipherSuite(which)) {
1263 *oPolicy = SSL_NOT_ALLOWED;
1264 rv = SECSuccess;
1265 } else if (SSL_IS_SSL2_CIPHER(which)) {
1266 rv = ssl2_GetPolicy(which, oPolicy);
1267 } else {
1268 rv = ssl3_GetPolicy((ssl3CipherSuite)which, oPolicy);
1269 }
1270 return rv;
1271 }
1272
1273 /* Part of the public NSS API.
1274 * Since this is a global (not per-socket) setting, we cannot use the
1275 * HandshakeLock to protect this. Probably want a global lock.
1276 * These changes have no effect on any sslSockets already created.
1277 */
1278 SECStatus
SSL_EnableCipher(long which,PRBool enabled)1279 SSL_EnableCipher(long which, PRBool enabled)
1280 {
1281 if ((which & 0xfffe) == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) {
1282 /* one of the two old FIPS ciphers */
1283 if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA)
1284 which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA;
1285 else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA)
1286 which = SSL_RSA_FIPS_WITH_DES_CBC_SHA;
1287 }
1288 if (ssl_IsRemovedCipherSuite(which))
1289 return SECSuccess;
1290 return SSL_CipherPrefSetDefault(which, enabled);
1291 }
1292
1293 SECStatus
SSL_CipherPrefSetDefault(PRInt32 which,PRBool enabled)1294 SSL_CipherPrefSetDefault(PRInt32 which, PRBool enabled)
1295 {
1296 SECStatus rv = ssl_Init();
1297
1298 if (rv != SECSuccess) {
1299 return rv;
1300 }
1301
1302 if (ssl_IsRemovedCipherSuite(which))
1303 return SECSuccess;
1304 if (enabled && ssl_defaults.noStepDown && SSL_IsExportCipherSuite(which)) {
1305 PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
1306 return SECFailure;
1307 }
1308 if (SSL_IS_SSL2_CIPHER(which)) {
1309 rv = ssl2_CipherPrefSetDefault(which, enabled);
1310 } else {
1311 rv = ssl3_CipherPrefSetDefault((ssl3CipherSuite)which, enabled);
1312 }
1313 return rv;
1314 }
1315
1316 SECStatus
SSL_CipherPrefGetDefault(PRInt32 which,PRBool * enabled)1317 SSL_CipherPrefGetDefault(PRInt32 which, PRBool *enabled)
1318 {
1319 SECStatus rv;
1320
1321 if (!enabled) {
1322 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1323 return SECFailure;
1324 }
1325 if (ssl_IsRemovedCipherSuite(which)) {
1326 *enabled = PR_FALSE;
1327 rv = SECSuccess;
1328 } else if (SSL_IS_SSL2_CIPHER(which)) {
1329 rv = ssl2_CipherPrefGetDefault(which, enabled);
1330 } else {
1331 rv = ssl3_CipherPrefGetDefault((ssl3CipherSuite)which, enabled);
1332 }
1333 return rv;
1334 }
1335
1336 SECStatus
SSL_CipherPrefSet(PRFileDesc * fd,PRInt32 which,PRBool enabled)1337 SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled)
1338 {
1339 SECStatus rv;
1340 sslSocket *ss = ssl_FindSocket(fd);
1341
1342 if (!ss) {
1343 SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefSet", SSL_GETPID(), fd));
1344 return SECFailure;
1345 }
1346 if (ssl_IsRemovedCipherSuite(which))
1347 return SECSuccess;
1348 if (enabled && ss->opt.noStepDown && SSL_IsExportCipherSuite(which)) {
1349 PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
1350 return SECFailure;
1351 }
1352 if (SSL_IS_SSL2_CIPHER(which)) {
1353 rv = ssl2_CipherPrefSet(ss, which, enabled);
1354 } else {
1355 rv = ssl3_CipherPrefSet(ss, (ssl3CipherSuite)which, enabled);
1356 }
1357 return rv;
1358 }
1359
1360 SECStatus
SSL_CipherOrderSet(PRFileDesc * fd,const PRUint16 * ciphers,unsigned int len)1361 SSL_CipherOrderSet(PRFileDesc *fd, const PRUint16 *ciphers, unsigned int len)
1362 {
1363 sslSocket *ss = ssl_FindSocket(fd);
1364
1365 if (!ss) {
1366 SSL_DBG(("%d: SSL[%d]: bad socket in CipherOrderSet", SSL_GETPID(),
1367 fd));
1368 return SECFailure;
1369 }
1370 return ssl3_CipherOrderSet(ss, ciphers, len);
1371 }
1372
1373 SECStatus
SSL_CipherPrefGet(PRFileDesc * fd,PRInt32 which,PRBool * enabled)1374 SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 which, PRBool *enabled)
1375 {
1376 SECStatus rv;
1377 sslSocket *ss = ssl_FindSocket(fd);
1378
1379 if (!enabled) {
1380 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1381 return SECFailure;
1382 }
1383 if (!ss) {
1384 SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefGet", SSL_GETPID(), fd));
1385 *enabled = PR_FALSE;
1386 return SECFailure;
1387 }
1388 if (ssl_IsRemovedCipherSuite(which)) {
1389 *enabled = PR_FALSE;
1390 rv = SECSuccess;
1391 } else if (SSL_IS_SSL2_CIPHER(which)) {
1392 rv = ssl2_CipherPrefGet(ss, which, enabled);
1393 } else {
1394 rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled);
1395 }
1396 return rv;
1397 }
1398
1399 SECStatus
NSS_SetDomesticPolicy(void)1400 NSS_SetDomesticPolicy(void)
1401 {
1402 SECStatus status = SECSuccess;
1403 cipherPolicy * policy;
1404
1405 for (policy = ssl_ciphers; policy->cipher != 0; ++policy) {
1406 status = SSL_SetPolicy(policy->cipher, SSL_ALLOWED);
1407 if (status != SECSuccess)
1408 break;
1409 }
1410 return status;
1411 }
1412
1413 SECStatus
NSS_SetExportPolicy(void)1414 NSS_SetExportPolicy(void)
1415 {
1416 return NSS_SetDomesticPolicy();
1417 }
1418
1419 SECStatus
NSS_SetFrancePolicy(void)1420 NSS_SetFrancePolicy(void)
1421 {
1422 return NSS_SetDomesticPolicy();
1423 }
1424
1425 SECStatus
SSL_GetChannelBinding(PRFileDesc * fd,SSLChannelBindingType binding_type,unsigned char * out,unsigned int * outLen,unsigned int outLenMax)1426 SSL_GetChannelBinding(PRFileDesc *fd,
1427 SSLChannelBindingType binding_type,
1428 unsigned char *out,
1429 unsigned int *outLen,
1430 unsigned int outLenMax) {
1431 sslSocket *ss = ssl_FindSocket(fd);
1432
1433 if (!ss) {
1434 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetChannelBinding",
1435 SSL_GETPID(), fd));
1436 return SECFailure;
1437 }
1438
1439 if (binding_type != SSL_CHANNEL_BINDING_TLS_UNIQUE) {
1440 PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
1441 return SECFailure;
1442 }
1443
1444 return ssl3_GetTLSUniqueChannelBinding(ss, out, outLen, outLenMax);
1445 }
1446
1447
1448 /* LOCKS ??? XXX */
1449 static PRFileDesc *
ssl_ImportFD(PRFileDesc * model,PRFileDesc * fd,SSLProtocolVariant variant)1450 ssl_ImportFD(PRFileDesc *model, PRFileDesc *fd, SSLProtocolVariant variant)
1451 {
1452 sslSocket * ns = NULL;
1453 PRStatus rv;
1454 PRNetAddr addr;
1455 SECStatus status = ssl_Init();
1456
1457 if (status != SECSuccess) {
1458 return NULL;
1459 }
1460
1461 if (model == NULL) {
1462 /* Just create a default socket if we're given NULL for the model */
1463 ns = ssl_NewSocket((PRBool)(!ssl_defaults.noLocks), variant);
1464 } else {
1465 sslSocket * ss = ssl_FindSocket(model);
1466 if (ss == NULL || ss->protocolVariant != variant) {
1467 SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ImportFD",
1468 SSL_GETPID(), model));
1469 return NULL;
1470 }
1471 ns = ssl_DupSocket(ss);
1472 }
1473 if (ns == NULL)
1474 return NULL;
1475
1476 rv = ssl_PushIOLayer(ns, fd, PR_TOP_IO_LAYER);
1477 if (rv != PR_SUCCESS) {
1478 ssl_FreeSocket(ns);
1479 SET_ERROR_CODE
1480 return NULL;
1481 }
1482 ns = ssl_FindSocket(fd);
1483 PORT_Assert(ns);
1484 if (ns)
1485 ns->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ns, &addr));
1486 return fd;
1487 }
1488
1489 PRFileDesc *
SSL_ImportFD(PRFileDesc * model,PRFileDesc * fd)1490 SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd)
1491 {
1492 return ssl_ImportFD(model, fd, ssl_variant_stream);
1493 }
1494
1495 PRFileDesc *
DTLS_ImportFD(PRFileDesc * model,PRFileDesc * fd)1496 DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd)
1497 {
1498 return ssl_ImportFD(model, fd, ssl_variant_datagram);
1499 }
1500
1501 SECStatus
SSL_SetNextProtoCallback(PRFileDesc * fd,SSLNextProtoCallback callback,void * arg)1502 SSL_SetNextProtoCallback(PRFileDesc *fd, SSLNextProtoCallback callback,
1503 void *arg)
1504 {
1505 sslSocket *ss = ssl_FindSocket(fd);
1506
1507 if (!ss) {
1508 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoCallback", SSL_GETPID(),
1509 fd));
1510 return SECFailure;
1511 }
1512
1513 ssl_GetSSL3HandshakeLock(ss);
1514 ss->nextProtoCallback = callback;
1515 ss->nextProtoArg = arg;
1516 ssl_ReleaseSSL3HandshakeLock(ss);
1517
1518 return SECSuccess;
1519 }
1520
1521 /* ssl_NextProtoNegoCallback is set as an NPN callback for the case when
1522 * SSL_SetNextProtoNego is used.
1523 */
1524 static SECStatus
ssl_NextProtoNegoCallback(void * arg,PRFileDesc * fd,const unsigned char * protos,unsigned int protos_len,unsigned char * protoOut,unsigned int * protoOutLen,unsigned int protoMaxLen)1525 ssl_NextProtoNegoCallback(void *arg, PRFileDesc *fd,
1526 const unsigned char *protos, unsigned int protos_len,
1527 unsigned char *protoOut, unsigned int *protoOutLen,
1528 unsigned int protoMaxLen)
1529 {
1530 unsigned int i, j;
1531 const unsigned char *result;
1532 sslSocket *ss = ssl_FindSocket(fd);
1533
1534 if (!ss) {
1535 SSL_DBG(("%d: SSL[%d]: bad socket in ssl_NextProtoNegoCallback",
1536 SSL_GETPID(), fd));
1537 return SECFailure;
1538 }
1539
1540 if (protos_len == 0) {
1541 /* The server supports the extension, but doesn't have any protocols
1542 * configured. In this case we request our favoured protocol. */
1543 goto pick_first;
1544 }
1545
1546 /* For each protocol in server preference, see if we support it. */
1547 for (i = 0; i < protos_len; ) {
1548 for (j = 0; j < ss->opt.nextProtoNego.len; ) {
1549 if (protos[i] == ss->opt.nextProtoNego.data[j] &&
1550 PORT_Memcmp(&protos[i+1], &ss->opt.nextProtoNego.data[j+1],
1551 protos[i]) == 0) {
1552 /* We found a match. */
1553 ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NEGOTIATED;
1554 result = &protos[i];
1555 goto found;
1556 }
1557 j += 1 + (unsigned int)ss->opt.nextProtoNego.data[j];
1558 }
1559 i += 1 + (unsigned int)protos[i];
1560 }
1561
1562 pick_first:
1563 ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NO_OVERLAP;
1564 result = ss->opt.nextProtoNego.data;
1565
1566 found:
1567 if (protoMaxLen < result[0]) {
1568 PORT_SetError(SEC_ERROR_OUTPUT_LEN);
1569 return SECFailure;
1570 }
1571 memcpy(protoOut, result + 1, result[0]);
1572 *protoOutLen = result[0];
1573 return SECSuccess;
1574 }
1575
1576 SECStatus
SSL_SetNextProtoNego(PRFileDesc * fd,const unsigned char * data,unsigned int length)1577 SSL_SetNextProtoNego(PRFileDesc *fd, const unsigned char *data,
1578 unsigned int length)
1579 {
1580 sslSocket *ss;
1581 SECStatus rv;
1582 SECItem dataItem = { siBuffer, (unsigned char *) data, length };
1583
1584 ss = ssl_FindSocket(fd);
1585 if (!ss) {
1586 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoNego",
1587 SSL_GETPID(), fd));
1588 return SECFailure;
1589 }
1590
1591 if (ssl3_ValidateNextProtoNego(data, length) != SECSuccess)
1592 return SECFailure;
1593
1594 ssl_GetSSL3HandshakeLock(ss);
1595 SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE);
1596 rv = SECITEM_CopyItem(NULL, &ss->opt.nextProtoNego, &dataItem);
1597 ssl_ReleaseSSL3HandshakeLock(ss);
1598
1599 if (rv != SECSuccess)
1600 return rv;
1601
1602 return SSL_SetNextProtoCallback(fd, ssl_NextProtoNegoCallback, NULL);
1603 }
1604
1605 SECStatus
SSL_GetNextProto(PRFileDesc * fd,SSLNextProtoState * state,unsigned char * buf,unsigned int * bufLen,unsigned int bufLenMax)1606 SSL_GetNextProto(PRFileDesc *fd, SSLNextProtoState *state, unsigned char *buf,
1607 unsigned int *bufLen, unsigned int bufLenMax)
1608 {
1609 sslSocket *ss = ssl_FindSocket(fd);
1610
1611 if (!ss) {
1612 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNextProto", SSL_GETPID(),
1613 fd));
1614 return SECFailure;
1615 }
1616
1617 if (!state || !buf || !bufLen) {
1618 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1619 return SECFailure;
1620 }
1621
1622 *state = ss->ssl3.nextProtoState;
1623
1624 if (ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NO_SUPPORT &&
1625 ss->ssl3.nextProto.data) {
1626 if (ss->ssl3.nextProto.len > bufLenMax) {
1627 PORT_SetError(SEC_ERROR_OUTPUT_LEN);
1628 return SECFailure;
1629 }
1630 PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len);
1631 *bufLen = ss->ssl3.nextProto.len;
1632 } else {
1633 *bufLen = 0;
1634 }
1635
1636 return SECSuccess;
1637 }
1638
SSL_SetSRTPCiphers(PRFileDesc * fd,const PRUint16 * ciphers,unsigned int numCiphers)1639 SECStatus SSL_SetSRTPCiphers(PRFileDesc *fd,
1640 const PRUint16 *ciphers,
1641 unsigned int numCiphers)
1642 {
1643 sslSocket *ss;
1644 unsigned int i;
1645
1646 ss = ssl_FindSocket(fd);
1647 if (!ss || !IS_DTLS(ss)) {
1648 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSRTPCiphers",
1649 SSL_GETPID(), fd));
1650 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1651 return SECFailure;
1652 }
1653
1654 if (numCiphers > MAX_DTLS_SRTP_CIPHER_SUITES) {
1655 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1656 return SECFailure;
1657 }
1658
1659 ss->ssl3.dtlsSRTPCipherCount = 0;
1660 for (i = 0; i < numCiphers; i++) {
1661 const PRUint16 *srtpCipher = srtpCiphers;
1662
1663 while (*srtpCipher) {
1664 if (ciphers[i] == *srtpCipher)
1665 break;
1666 srtpCipher++;
1667 }
1668 if (*srtpCipher) {
1669 ss->ssl3.dtlsSRTPCiphers[ss->ssl3.dtlsSRTPCipherCount++] =
1670 ciphers[i];
1671 } else {
1672 SSL_DBG(("%d: SSL[%d]: invalid or unimplemented SRTP cipher "
1673 "suite specified: 0x%04hx", SSL_GETPID(), fd,
1674 ciphers[i]));
1675 }
1676 }
1677
1678 if (ss->ssl3.dtlsSRTPCipherCount == 0) {
1679 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1680 return SECFailure;
1681 }
1682
1683 return SECSuccess;
1684 }
1685
1686 SECStatus
SSL_GetSRTPCipher(PRFileDesc * fd,PRUint16 * cipher)1687 SSL_GetSRTPCipher(PRFileDesc *fd, PRUint16 *cipher)
1688 {
1689 sslSocket * ss;
1690
1691 ss = ssl_FindSocket(fd);
1692 if (!ss) {
1693 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetSRTPCipher",
1694 SSL_GETPID(), fd));
1695 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1696 return SECFailure;
1697 }
1698
1699 if (!ss->ssl3.dtlsSRTPCipherSuite) {
1700 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1701 return SECFailure;
1702 }
1703
1704 *cipher = ss->ssl3.dtlsSRTPCipherSuite;
1705 return SECSuccess;
1706 }
1707
1708 PRFileDesc *
SSL_ReconfigFD(PRFileDesc * model,PRFileDesc * fd)1709 SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
1710 {
1711 PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
1712 PR_NOT_REACHED("not implemented");
1713 return NULL;
1714
1715 #if 0
1716 sslSocket * sm = NULL, *ss = NULL;
1717 int i;
1718 sslServerCerts * mc = NULL;
1719 sslServerCerts * sc = NULL;
1720
1721 if (model == NULL) {
1722 PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
1723 return NULL;
1724 }
1725 sm = ssl_FindSocket(model);
1726 if (sm == NULL) {
1727 SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ReconfigFD",
1728 SSL_GETPID(), model));
1729 return NULL;
1730 }
1731 ss = ssl_FindSocket(fd);
1732 PORT_Assert(ss);
1733 if (ss == NULL) {
1734 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1735 return NULL;
1736 }
1737
1738 ss->opt = sm->opt;
1739 ss->vrange = sm->vrange;
1740 PORT_Memcpy(ss->cipherSuites, sm->cipherSuites, sizeof sm->cipherSuites);
1741 PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, sm->ssl3.dtlsSRTPCiphers,
1742 sizeof(PRUint16) * sm->ssl3.dtlsSRTPCipherCount);
1743 ss->ssl3.dtlsSRTPCipherCount = sm->ssl3.dtlsSRTPCipherCount;
1744
1745 if (!ss->opt.useSecurity) {
1746 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1747 return NULL;
1748 }
1749 /* This int should be SSLKEAType, but CC on Irix complains,
1750 * during the for loop.
1751 */
1752 for (i=kt_null; i < kt_kea_size; i++) {
1753 mc = &(sm->serverCerts[i]);
1754 sc = &(ss->serverCerts[i]);
1755 if (mc->serverCert && mc->serverCertChain) {
1756 if (sc->serverCert) {
1757 CERT_DestroyCertificate(sc->serverCert);
1758 }
1759 sc->serverCert = CERT_DupCertificate(mc->serverCert);
1760 if (sc->serverCertChain) {
1761 CERT_DestroyCertificateList(sc->serverCertChain);
1762 }
1763 sc->serverCertChain = CERT_DupCertList(mc->serverCertChain);
1764 if (!sc->serverCertChain)
1765 goto loser;
1766 if (sm->certStatusArray[i]) {
1767 if (ss->certStatusArray[i]) {
1768 SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE);
1769 ss->certStatusArray[i] = NULL;
1770 }
1771 ss->certStatusArray[i] = SECITEM_DupArray(NULL, sm->certStatusArray[i]);
1772 if (!ss->certStatusArray[i])
1773 goto loser;
1774 }
1775 }
1776 if (mc->serverKeyPair) {
1777 if (sc->serverKeyPair) {
1778 ssl3_FreeKeyPair(sc->serverKeyPair);
1779 }
1780 sc->serverKeyPair = ssl3_GetKeyPairRef(mc->serverKeyPair);
1781 sc->serverKeyBits = mc->serverKeyBits;
1782 }
1783 }
1784 if (sm->stepDownKeyPair) {
1785 if (ss->stepDownKeyPair) {
1786 ssl3_FreeKeyPair(ss->stepDownKeyPair);
1787 }
1788 ss->stepDownKeyPair = ssl3_GetKeyPairRef(sm->stepDownKeyPair);
1789 }
1790 if (sm->ephemeralECDHKeyPair) {
1791 if (ss->ephemeralECDHKeyPair) {
1792 ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
1793 }
1794 ss->ephemeralECDHKeyPair =
1795 ssl3_GetKeyPairRef(sm->ephemeralECDHKeyPair);
1796 }
1797 /* copy trust anchor names */
1798 if (sm->ssl3.ca_list) {
1799 if (ss->ssl3.ca_list) {
1800 CERT_FreeDistNames(ss->ssl3.ca_list);
1801 }
1802 ss->ssl3.ca_list = CERT_DupDistNames(sm->ssl3.ca_list);
1803 if (!ss->ssl3.ca_list) {
1804 goto loser;
1805 }
1806 }
1807
1808 if (sm->authCertificate)
1809 ss->authCertificate = sm->authCertificate;
1810 if (sm->authCertificateArg)
1811 ss->authCertificateArg = sm->authCertificateArg;
1812 if (sm->getClientAuthData)
1813 ss->getClientAuthData = sm->getClientAuthData;
1814 if (sm->getClientAuthDataArg)
1815 ss->getClientAuthDataArg = sm->getClientAuthDataArg;
1816 #ifdef NSS_PLATFORM_CLIENT_AUTH
1817 if (sm->getPlatformClientAuthData)
1818 ss->getPlatformClientAuthData = sm->getPlatformClientAuthData;
1819 if (sm->getPlatformClientAuthDataArg)
1820 ss->getPlatformClientAuthDataArg = sm->getPlatformClientAuthDataArg;
1821 #endif
1822 if (sm->sniSocketConfig)
1823 ss->sniSocketConfig = sm->sniSocketConfig;
1824 if (sm->sniSocketConfigArg)
1825 ss->sniSocketConfigArg = sm->sniSocketConfigArg;
1826 if (sm->handleBadCert)
1827 ss->handleBadCert = sm->handleBadCert;
1828 if (sm->badCertArg)
1829 ss->badCertArg = sm->badCertArg;
1830 if (sm->handshakeCallback)
1831 ss->handshakeCallback = sm->handshakeCallback;
1832 if (sm->handshakeCallbackData)
1833 ss->handshakeCallbackData = sm->handshakeCallbackData;
1834 if (sm->pkcs11PinArg)
1835 ss->pkcs11PinArg = sm->pkcs11PinArg;
1836 if (sm->getChannelID)
1837 ss->getChannelID = sm->getChannelID;
1838 if (sm->getChannelIDArg)
1839 ss->getChannelIDArg = sm->getChannelIDArg;
1840 return fd;
1841 loser:
1842 return NULL;
1843 #endif
1844 }
1845
1846 PRBool
ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant,SSL3ProtocolVersion version)1847 ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant,
1848 SSL3ProtocolVersion version)
1849 {
1850 switch (protocolVariant) {
1851 case ssl_variant_stream:
1852 return (version >= SSL_LIBRARY_VERSION_3_0 &&
1853 version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED);
1854 case ssl_variant_datagram:
1855 return (version >= SSL_LIBRARY_VERSION_TLS_1_1 &&
1856 version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED);
1857 default:
1858 /* Can't get here */
1859 PORT_Assert(PR_FALSE);
1860 return PR_FALSE;
1861 }
1862 }
1863
1864 /* Returns PR_TRUE if the given version range is valid and
1865 ** fully supported; otherwise, returns PR_FALSE.
1866 */
1867 static PRBool
ssl3_VersionRangeIsValid(SSLProtocolVariant protocolVariant,const SSLVersionRange * vrange)1868 ssl3_VersionRangeIsValid(SSLProtocolVariant protocolVariant,
1869 const SSLVersionRange *vrange)
1870 {
1871 return vrange &&
1872 vrange->min <= vrange->max &&
1873 ssl3_VersionIsSupported(protocolVariant, vrange->min) &&
1874 ssl3_VersionIsSupported(protocolVariant, vrange->max);
1875 }
1876
1877 SECStatus
SSL_VersionRangeGetSupported(SSLProtocolVariant protocolVariant,SSLVersionRange * vrange)1878 SSL_VersionRangeGetSupported(SSLProtocolVariant protocolVariant,
1879 SSLVersionRange *vrange)
1880 {
1881 if (!vrange) {
1882 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1883 return SECFailure;
1884 }
1885
1886 switch (protocolVariant) {
1887 case ssl_variant_stream:
1888 vrange->min = SSL_LIBRARY_VERSION_3_0;
1889 vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED;
1890 break;
1891 case ssl_variant_datagram:
1892 vrange->min = SSL_LIBRARY_VERSION_TLS_1_1;
1893 vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED;
1894 break;
1895 default:
1896 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1897 return SECFailure;
1898 }
1899
1900 return SECSuccess;
1901 }
1902
1903 SECStatus
SSL_VersionRangeGetDefault(SSLProtocolVariant protocolVariant,SSLVersionRange * vrange)1904 SSL_VersionRangeGetDefault(SSLProtocolVariant protocolVariant,
1905 SSLVersionRange *vrange)
1906 {
1907 if ((protocolVariant != ssl_variant_stream &&
1908 protocolVariant != ssl_variant_datagram) || !vrange) {
1909 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1910 return SECFailure;
1911 }
1912
1913 *vrange = *VERSIONS_DEFAULTS(protocolVariant);
1914
1915 return SECSuccess;
1916 }
1917
1918 SECStatus
SSL_VersionRangeSetDefault(SSLProtocolVariant protocolVariant,const SSLVersionRange * vrange)1919 SSL_VersionRangeSetDefault(SSLProtocolVariant protocolVariant,
1920 const SSLVersionRange *vrange)
1921 {
1922 if (!ssl3_VersionRangeIsValid(protocolVariant, vrange)) {
1923 PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
1924 return SECFailure;
1925 }
1926
1927 *VERSIONS_DEFAULTS(protocolVariant) = *vrange;
1928
1929 return SECSuccess;
1930 }
1931
1932 SECStatus
SSL_VersionRangeGet(PRFileDesc * fd,SSLVersionRange * vrange)1933 SSL_VersionRangeGet(PRFileDesc *fd, SSLVersionRange *vrange)
1934 {
1935 sslSocket *ss = ssl_FindSocket(fd);
1936
1937 if (!ss) {
1938 SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeGet",
1939 SSL_GETPID(), fd));
1940 return SECFailure;
1941 }
1942
1943 if (!vrange) {
1944 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1945 return SECFailure;
1946 }
1947
1948 ssl_Get1stHandshakeLock(ss);
1949 ssl_GetSSL3HandshakeLock(ss);
1950
1951 *vrange = ss->vrange;
1952
1953 ssl_ReleaseSSL3HandshakeLock(ss);
1954 ssl_Release1stHandshakeLock(ss);
1955
1956 return SECSuccess;
1957 }
1958
1959 static PRCallOnceType checkTLS12TokenOnce;
1960 static PRBool tls12TokenExists;
1961
1962 static PRStatus
ssl_CheckTLS12Token(void)1963 ssl_CheckTLS12Token(void)
1964 {
1965 tls12TokenExists =
1966 PK11_TokenExists(CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256);
1967 return PR_SUCCESS;
1968 }
1969
1970 static PRBool
ssl_TLS12TokenExists(void)1971 ssl_TLS12TokenExists(void)
1972 {
1973 (void) PR_CallOnce(&checkTLS12TokenOnce, ssl_CheckTLS12Token);
1974 return tls12TokenExists;
1975 }
1976
1977 SECStatus
SSL_VersionRangeSet(PRFileDesc * fd,const SSLVersionRange * vrange)1978 SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange)
1979 {
1980 sslSocket *ss = ssl_FindSocket(fd);
1981
1982 if (!ss) {
1983 SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeSet",
1984 SSL_GETPID(), fd));
1985 return SECFailure;
1986 }
1987
1988 if (!ssl3_VersionRangeIsValid(ss->protocolVariant, vrange)) {
1989 PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
1990 return SECFailure;
1991 }
1992
1993 ssl_Get1stHandshakeLock(ss);
1994 ssl_GetSSL3HandshakeLock(ss);
1995
1996 ss->vrange = *vrange;
1997 /* If we don't have a sufficiently up-to-date softoken then we cannot do
1998 * TLS 1.2. */
1999 if (ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_2 &&
2000 !ssl_TLS12TokenExists()) {
2001 /* If the user requested a minimum version of 1.2, then we don't
2002 * silently downgrade. */
2003 if (ss->vrange.min >= SSL_LIBRARY_VERSION_TLS_1_2) {
2004 ssl_ReleaseSSL3HandshakeLock(ss);
2005 ssl_Release1stHandshakeLock(ss);
2006 PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
2007 return SECFailure;
2008 }
2009 ss->vrange.max = SSL_LIBRARY_VERSION_TLS_1_1;
2010 }
2011
2012 ssl_ReleaseSSL3HandshakeLock(ss);
2013 ssl_Release1stHandshakeLock(ss);
2014
2015 return SECSuccess;
2016 }
2017
2018 const SECItemArray *
SSL_PeerStapledOCSPResponses(PRFileDesc * fd)2019 SSL_PeerStapledOCSPResponses(PRFileDesc *fd)
2020 {
2021 sslSocket *ss = ssl_FindSocket(fd);
2022
2023 if (!ss) {
2024 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_PeerStapledOCSPResponses",
2025 SSL_GETPID(), fd));
2026 return NULL;
2027 }
2028
2029 if (!ss->sec.ci.sid) {
2030 PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
2031 return NULL;
2032 }
2033
2034 return &ss->sec.ci.sid->peerCertStatus;
2035 }
2036
2037 const SECItem *
SSL_PeerSignedCertTimestamps(PRFileDesc * fd)2038 SSL_PeerSignedCertTimestamps(PRFileDesc *fd)
2039 {
2040 sslSocket *ss = ssl_FindSocket(fd);
2041
2042 if (!ss) {
2043 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_PeerSignedCertTimestamps",
2044 SSL_GETPID(), fd));
2045 return NULL;
2046 }
2047
2048 if (!ss->sec.ci.sid) {
2049 PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
2050 return NULL;
2051 }
2052
2053 if (ss->sec.ci.sid->version < SSL_LIBRARY_VERSION_3_0) {
2054 PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);
2055 return NULL;
2056 }
2057 return &ss->sec.ci.sid->u.ssl3.signedCertTimestamps;
2058 }
2059
2060 SECStatus
SSL_HandshakeResumedSession(PRFileDesc * fd,PRBool * handshake_resumed)2061 SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *handshake_resumed) {
2062 sslSocket *ss = ssl_FindSocket(fd);
2063
2064 if (!ss) {
2065 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_HandshakeResumedSession",
2066 SSL_GETPID(), fd));
2067 return SECFailure;
2068 }
2069
2070 *handshake_resumed = ss->ssl3.hs.isResuming;
2071 return SECSuccess;
2072 }
2073
2074 const SECItem *
SSL_GetRequestedClientCertificateTypes(PRFileDesc * fd)2075 SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd)
2076 {
2077 sslSocket *ss = ssl_FindSocket(fd);
2078
2079 if (!ss) {
2080 SSL_DBG(("%d: SSL[%d]: bad socket in "
2081 "SSL_GetRequestedClientCertificateTypes", SSL_GETPID(), fd));
2082 return NULL;
2083 }
2084
2085 return ss->requestedCertTypes;
2086 }
2087
2088 /************************************************************************/
2089 /* The following functions are the TOP LEVEL SSL functions.
2090 ** They all get called through the NSPRIOMethods table below.
2091 */
2092
2093 static PRFileDesc * PR_CALLBACK
ssl_Accept(PRFileDesc * fd,PRNetAddr * sockaddr,PRIntervalTime timeout)2094 ssl_Accept(PRFileDesc *fd, PRNetAddr *sockaddr, PRIntervalTime timeout)
2095 {
2096 sslSocket *ss;
2097 sslSocket *ns = NULL;
2098 PRFileDesc *newfd = NULL;
2099 PRFileDesc *osfd;
2100 PRStatus status;
2101
2102 ss = ssl_GetPrivate(fd);
2103 if (!ss) {
2104 SSL_DBG(("%d: SSL[%d]: bad socket in accept", SSL_GETPID(), fd));
2105 return NULL;
2106 }
2107
2108 /* IF this is a listen socket, there shouldn't be any I/O going on */
2109 SSL_LOCK_READER(ss);
2110 SSL_LOCK_WRITER(ss);
2111 ssl_Get1stHandshakeLock(ss);
2112 ssl_GetSSL3HandshakeLock(ss);
2113
2114 ss->cTimeout = timeout;
2115
2116 osfd = ss->fd->lower;
2117
2118 /* First accept connection */
2119 newfd = osfd->methods->accept(osfd, sockaddr, timeout);
2120 if (newfd == NULL) {
2121 SSL_DBG(("%d: SSL[%d]: accept failed, errno=%d",
2122 SSL_GETPID(), ss->fd, PORT_GetError()));
2123 } else {
2124 /* Create ssl module */
2125 ns = ssl_DupSocket(ss);
2126 }
2127
2128 ssl_ReleaseSSL3HandshakeLock(ss);
2129 ssl_Release1stHandshakeLock(ss);
2130 SSL_UNLOCK_WRITER(ss);
2131 SSL_UNLOCK_READER(ss); /* ss isn't used below here. */
2132
2133 if (ns == NULL)
2134 goto loser;
2135
2136 /* push ssl module onto the new socket */
2137 status = ssl_PushIOLayer(ns, newfd, PR_TOP_IO_LAYER);
2138 if (status != PR_SUCCESS)
2139 goto loser;
2140
2141 /* Now start server connection handshake with client.
2142 ** Don't need locks here because nobody else has a reference to ns yet.
2143 */
2144 if ( ns->opt.useSecurity ) {
2145 if ( ns->opt.handshakeAsClient ) {
2146 ns->handshake = ssl2_BeginClientHandshake;
2147 ss->handshaking = sslHandshakingAsClient;
2148 } else {
2149 ns->handshake = ssl2_BeginServerHandshake;
2150 ss->handshaking = sslHandshakingAsServer;
2151 }
2152 }
2153 ns->TCPconnected = 1;
2154 return newfd;
2155
2156 loser:
2157 if (ns != NULL)
2158 ssl_FreeSocket(ns);
2159 if (newfd != NULL)
2160 PR_Close(newfd);
2161 return NULL;
2162 }
2163
2164 static PRStatus PR_CALLBACK
ssl_Connect(PRFileDesc * fd,const PRNetAddr * sockaddr,PRIntervalTime timeout)2165 ssl_Connect(PRFileDesc *fd, const PRNetAddr *sockaddr, PRIntervalTime timeout)
2166 {
2167 sslSocket *ss;
2168 PRStatus rv;
2169
2170 ss = ssl_GetPrivate(fd);
2171 if (!ss) {
2172 SSL_DBG(("%d: SSL[%d]: bad socket in connect", SSL_GETPID(), fd));
2173 return PR_FAILURE;
2174 }
2175
2176 /* IF this is a listen socket, there shouldn't be any I/O going on */
2177 SSL_LOCK_READER(ss);
2178 SSL_LOCK_WRITER(ss);
2179
2180 ss->cTimeout = timeout;
2181 rv = (PRStatus)(*ss->ops->connect)(ss, sockaddr);
2182
2183 SSL_UNLOCK_WRITER(ss);
2184 SSL_UNLOCK_READER(ss);
2185
2186 return rv;
2187 }
2188
2189 static PRStatus PR_CALLBACK
ssl_Bind(PRFileDesc * fd,const PRNetAddr * addr)2190 ssl_Bind(PRFileDesc *fd, const PRNetAddr *addr)
2191 {
2192 sslSocket * ss = ssl_GetPrivate(fd);
2193 PRStatus rv;
2194
2195 if (!ss) {
2196 SSL_DBG(("%d: SSL[%d]: bad socket in bind", SSL_GETPID(), fd));
2197 return PR_FAILURE;
2198 }
2199 SSL_LOCK_READER(ss);
2200 SSL_LOCK_WRITER(ss);
2201
2202 rv = (PRStatus)(*ss->ops->bind)(ss, addr);
2203
2204 SSL_UNLOCK_WRITER(ss);
2205 SSL_UNLOCK_READER(ss);
2206 return rv;
2207 }
2208
2209 static PRStatus PR_CALLBACK
ssl_Listen(PRFileDesc * fd,PRIntn backlog)2210 ssl_Listen(PRFileDesc *fd, PRIntn backlog)
2211 {
2212 sslSocket * ss = ssl_GetPrivate(fd);
2213 PRStatus rv;
2214
2215 if (!ss) {
2216 SSL_DBG(("%d: SSL[%d]: bad socket in listen", SSL_GETPID(), fd));
2217 return PR_FAILURE;
2218 }
2219 SSL_LOCK_READER(ss);
2220 SSL_LOCK_WRITER(ss);
2221
2222 rv = (PRStatus)(*ss->ops->listen)(ss, backlog);
2223
2224 SSL_UNLOCK_WRITER(ss);
2225 SSL_UNLOCK_READER(ss);
2226 return rv;
2227 }
2228
2229 static PRStatus PR_CALLBACK
ssl_Shutdown(PRFileDesc * fd,PRIntn how)2230 ssl_Shutdown(PRFileDesc *fd, PRIntn how)
2231 {
2232 sslSocket * ss = ssl_GetPrivate(fd);
2233 PRStatus rv;
2234
2235 if (!ss) {
2236 SSL_DBG(("%d: SSL[%d]: bad socket in shutdown", SSL_GETPID(), fd));
2237 return PR_FAILURE;
2238 }
2239 if (how == PR_SHUTDOWN_RCV || how == PR_SHUTDOWN_BOTH) {
2240 SSL_LOCK_READER(ss);
2241 }
2242 if (how == PR_SHUTDOWN_SEND || how == PR_SHUTDOWN_BOTH) {
2243 SSL_LOCK_WRITER(ss);
2244 }
2245
2246 rv = (PRStatus)(*ss->ops->shutdown)(ss, how);
2247
2248 if (how == PR_SHUTDOWN_SEND || how == PR_SHUTDOWN_BOTH) {
2249 SSL_UNLOCK_WRITER(ss);
2250 }
2251 if (how == PR_SHUTDOWN_RCV || how == PR_SHUTDOWN_BOTH) {
2252 SSL_UNLOCK_READER(ss);
2253 }
2254 return rv;
2255 }
2256
2257 static PRStatus PR_CALLBACK
ssl_Close(PRFileDesc * fd)2258 ssl_Close(PRFileDesc *fd)
2259 {
2260 sslSocket *ss;
2261 PRStatus rv;
2262
2263 ss = ssl_GetPrivate(fd);
2264 if (!ss) {
2265 SSL_DBG(("%d: SSL[%d]: bad socket in close", SSL_GETPID(), fd));
2266 return PR_FAILURE;
2267 }
2268
2269 /* There must not be any I/O going on */
2270 SSL_LOCK_READER(ss);
2271 SSL_LOCK_WRITER(ss);
2272
2273 /* By the time this function returns,
2274 ** ss is an invalid pointer, and the locks to which it points have
2275 ** been unlocked and freed. So, this is the ONE PLACE in all of SSL
2276 ** where the LOCK calls and the corresponding UNLOCK calls are not in
2277 ** the same function scope. The unlock calls are in ssl_FreeSocket().
2278 */
2279 rv = (PRStatus)(*ss->ops->close)(ss);
2280
2281 return rv;
2282 }
2283
2284 static int PR_CALLBACK
ssl_Recv(PRFileDesc * fd,void * buf,PRInt32 len,PRIntn flags,PRIntervalTime timeout)2285 ssl_Recv(PRFileDesc *fd, void *buf, PRInt32 len, PRIntn flags,
2286 PRIntervalTime timeout)
2287 {
2288 sslSocket *ss;
2289 int rv;
2290
2291 ss = ssl_GetPrivate(fd);
2292 if (!ss) {
2293 SSL_DBG(("%d: SSL[%d]: bad socket in recv", SSL_GETPID(), fd));
2294 return SECFailure;
2295 }
2296 SSL_LOCK_READER(ss);
2297 ss->rTimeout = timeout;
2298 if (!ss->opt.fdx)
2299 ss->wTimeout = timeout;
2300 rv = (*ss->ops->recv)(ss, (unsigned char*)buf, len, flags);
2301 SSL_UNLOCK_READER(ss);
2302 return rv;
2303 }
2304
2305 static int PR_CALLBACK
ssl_Send(PRFileDesc * fd,const void * buf,PRInt32 len,PRIntn flags,PRIntervalTime timeout)2306 ssl_Send(PRFileDesc *fd, const void *buf, PRInt32 len, PRIntn flags,
2307 PRIntervalTime timeout)
2308 {
2309 sslSocket *ss;
2310 int rv;
2311
2312 ss = ssl_GetPrivate(fd);
2313 if (!ss) {
2314 SSL_DBG(("%d: SSL[%d]: bad socket in send", SSL_GETPID(), fd));
2315 return SECFailure;
2316 }
2317 SSL_LOCK_WRITER(ss);
2318 ss->wTimeout = timeout;
2319 if (!ss->opt.fdx)
2320 ss->rTimeout = timeout;
2321 rv = (*ss->ops->send)(ss, (const unsigned char*)buf, len, flags);
2322 SSL_UNLOCK_WRITER(ss);
2323 return rv;
2324 }
2325
2326 static int PR_CALLBACK
ssl_Read(PRFileDesc * fd,void * buf,PRInt32 len)2327 ssl_Read(PRFileDesc *fd, void *buf, PRInt32 len)
2328 {
2329 sslSocket *ss;
2330 int rv;
2331
2332 ss = ssl_GetPrivate(fd);
2333 if (!ss) {
2334 SSL_DBG(("%d: SSL[%d]: bad socket in read", SSL_GETPID(), fd));
2335 return SECFailure;
2336 }
2337 SSL_LOCK_READER(ss);
2338 ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
2339 if (!ss->opt.fdx)
2340 ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
2341 rv = (*ss->ops->read)(ss, (unsigned char*)buf, len);
2342 SSL_UNLOCK_READER(ss);
2343 return rv;
2344 }
2345
2346 static int PR_CALLBACK
ssl_Write(PRFileDesc * fd,const void * buf,PRInt32 len)2347 ssl_Write(PRFileDesc *fd, const void *buf, PRInt32 len)
2348 {
2349 sslSocket *ss;
2350 int rv;
2351
2352 ss = ssl_GetPrivate(fd);
2353 if (!ss) {
2354 SSL_DBG(("%d: SSL[%d]: bad socket in write", SSL_GETPID(), fd));
2355 return SECFailure;
2356 }
2357 SSL_LOCK_WRITER(ss);
2358 ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
2359 if (!ss->opt.fdx)
2360 ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
2361 rv = (*ss->ops->write)(ss, (const unsigned char*)buf, len);
2362 SSL_UNLOCK_WRITER(ss);
2363 return rv;
2364 }
2365
2366 static PRStatus PR_CALLBACK
ssl_GetPeerName(PRFileDesc * fd,PRNetAddr * addr)2367 ssl_GetPeerName(PRFileDesc *fd, PRNetAddr *addr)
2368 {
2369 sslSocket *ss;
2370
2371 ss = ssl_GetPrivate(fd);
2372 if (!ss) {
2373 SSL_DBG(("%d: SSL[%d]: bad socket in getpeername", SSL_GETPID(), fd));
2374 return PR_FAILURE;
2375 }
2376 return (PRStatus)(*ss->ops->getpeername)(ss, addr);
2377 }
2378
2379 /*
2380 */
2381 SECStatus
ssl_GetPeerInfo(sslSocket * ss)2382 ssl_GetPeerInfo(sslSocket *ss)
2383 {
2384 PRFileDesc * osfd;
2385 int rv;
2386 PRNetAddr sin;
2387
2388 osfd = ss->fd->lower;
2389
2390 PORT_Memset(&sin, 0, sizeof(sin));
2391 rv = osfd->methods->getpeername(osfd, &sin);
2392 if (rv < 0) {
2393 return SECFailure;
2394 }
2395 ss->TCPconnected = 1;
2396 if (sin.inet.family == PR_AF_INET) {
2397 PR_ConvertIPv4AddrToIPv6(sin.inet.ip, &ss->sec.ci.peer);
2398 ss->sec.ci.port = sin.inet.port;
2399 } else if (sin.ipv6.family == PR_AF_INET6) {
2400 ss->sec.ci.peer = sin.ipv6.ip;
2401 ss->sec.ci.port = sin.ipv6.port;
2402 } else {
2403 PORT_SetError(PR_ADDRESS_NOT_SUPPORTED_ERROR);
2404 return SECFailure;
2405 }
2406 return SECSuccess;
2407 }
2408
2409 static PRStatus PR_CALLBACK
ssl_GetSockName(PRFileDesc * fd,PRNetAddr * name)2410 ssl_GetSockName(PRFileDesc *fd, PRNetAddr *name)
2411 {
2412 sslSocket *ss;
2413
2414 ss = ssl_GetPrivate(fd);
2415 if (!ss) {
2416 SSL_DBG(("%d: SSL[%d]: bad socket in getsockname", SSL_GETPID(), fd));
2417 return PR_FAILURE;
2418 }
2419 return (PRStatus)(*ss->ops->getsockname)(ss, name);
2420 }
2421
2422 SECStatus
SSL_SetStapledOCSPResponses(PRFileDesc * fd,const SECItemArray * responses,SSLKEAType kea)2423 SSL_SetStapledOCSPResponses(PRFileDesc *fd, const SECItemArray *responses,
2424 SSLKEAType kea)
2425 {
2426 sslSocket *ss;
2427
2428 ss = ssl_FindSocket(fd);
2429 if (!ss) {
2430 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetStapledOCSPResponses",
2431 SSL_GETPID(), fd));
2432 return SECFailure;
2433 }
2434
2435 if ( kea <= 0 || kea >= kt_kea_size) {
2436 SSL_DBG(("%d: SSL[%d]: invalid key in SSL_SetStapledOCSPResponses",
2437 SSL_GETPID(), fd));
2438 return SECFailure;
2439 }
2440
2441 if (ss->certStatusArray[kea]) {
2442 SECITEM_FreeArray(ss->certStatusArray[kea], PR_TRUE);
2443 ss->certStatusArray[kea] = NULL;
2444 }
2445 if (responses) {
2446 ss->certStatusArray[kea] = SECITEM_DupArray(NULL, responses);
2447 }
2448 return (ss->certStatusArray[kea] || !responses) ? SECSuccess : SECFailure;
2449 }
2450
2451 SECStatus
SSL_SetSockPeerID(PRFileDesc * fd,const char * peerID)2452 SSL_SetSockPeerID(PRFileDesc *fd, const char *peerID)
2453 {
2454 sslSocket *ss;
2455
2456 ss = ssl_FindSocket(fd);
2457 if (!ss) {
2458 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSockPeerID",
2459 SSL_GETPID(), fd));
2460 return SECFailure;
2461 }
2462
2463 if (ss->peerID) {
2464 PORT_Free(ss->peerID);
2465 ss->peerID = NULL;
2466 }
2467 if (peerID)
2468 ss->peerID = PORT_Strdup(peerID);
2469 return (ss->peerID || !peerID) ? SECSuccess : SECFailure;
2470 }
2471
2472 #define PR_POLL_RW (PR_POLL_WRITE | PR_POLL_READ)
2473
2474 static PRInt16 PR_CALLBACK
ssl_Poll(PRFileDesc * fd,PRInt16 how_flags,PRInt16 * p_out_flags)2475 ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags)
2476 {
2477 sslSocket *ss;
2478 PRInt16 new_flags = how_flags; /* should select on these flags. */
2479 PRNetAddr addr;
2480
2481 *p_out_flags = 0;
2482 ss = ssl_GetPrivate(fd);
2483 if (!ss) {
2484 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_Poll",
2485 SSL_GETPID(), fd));
2486 return 0; /* don't poll on this socket */
2487 }
2488
2489 if (ss->opt.useSecurity &&
2490 ss->handshaking != sslHandshakingUndetermined &&
2491 !ss->firstHsDone &&
2492 (how_flags & PR_POLL_RW)) {
2493 if (!ss->TCPconnected) {
2494 ss->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ss, &addr));
2495 }
2496 /* If it's not connected, then presumably the application is polling
2497 ** on read or write appropriately, so don't change it.
2498 */
2499 if (ss->TCPconnected) {
2500 if (!ss->handshakeBegun) {
2501 /* If the handshake has not begun, poll on read or write
2502 ** based on the local application's role in the handshake,
2503 ** not based on what the application requested.
2504 */
2505 new_flags &= ~PR_POLL_RW;
2506 if (ss->handshaking == sslHandshakingAsClient) {
2507 new_flags |= PR_POLL_WRITE;
2508 } else { /* handshaking as server */
2509 new_flags |= PR_POLL_READ;
2510 }
2511 } else
2512 /* First handshake is in progress */
2513 if (ss->lastWriteBlocked) {
2514 if (new_flags & PR_POLL_READ) {
2515 /* The caller is waiting for data to be received,
2516 ** but the initial handshake is blocked on write, or the
2517 ** client's first handshake record has not been written.
2518 ** The code should select on write, not read.
2519 */
2520 new_flags ^= PR_POLL_READ; /* don't select on read. */
2521 new_flags |= PR_POLL_WRITE; /* do select on write. */
2522 }
2523 } else if (new_flags & PR_POLL_WRITE) {
2524 /* The caller is trying to write, but the handshake is
2525 ** blocked waiting for data to read, and the first
2526 ** handshake has been sent. So do NOT to poll on write
2527 ** unless we did false start.
2528 */
2529 if (!(ss->version >= SSL_LIBRARY_VERSION_3_0 &&
2530 ss->ssl3.hs.canFalseStart)) {
2531 new_flags ^= PR_POLL_WRITE; /* don't select on write. */
2532 }
2533 new_flags |= PR_POLL_READ; /* do select on read. */
2534 }
2535 }
2536 } else if ((new_flags & PR_POLL_READ) && (SSL_DataPending(fd) > 0)) {
2537 *p_out_flags = PR_POLL_READ; /* it's ready already. */
2538 return new_flags;
2539 } else if ((ss->lastWriteBlocked) && (how_flags & PR_POLL_READ) &&
2540 (ss->pendingBuf.len != 0)) { /* write data waiting to be sent */
2541 new_flags |= PR_POLL_WRITE; /* also select on write. */
2542 }
2543
2544 if (ss->version >= SSL_LIBRARY_VERSION_3_0 &&
2545 ss->ssl3.hs.restartTarget != NULL) {
2546 /* Read and write will block until the asynchronous callback completes
2547 * (e.g. until SSL_AuthCertificateComplete is called), so don't tell
2548 * the caller to poll the socket unless there is pending write data.
2549 */
2550 if (ss->lastWriteBlocked && ss->pendingBuf.len != 0) {
2551 /* Ignore any newly-received data on the socket, but do wait for
2552 * the socket to become writable again. Here, it is OK for an error
2553 * to be detected, because our logic for sending pending write data
2554 * will allow us to report the error to the caller without the risk
2555 * of the application spinning.
2556 */
2557 new_flags &= (PR_POLL_WRITE | PR_POLL_EXCEPT);
2558 } else {
2559 /* Unfortunately, clearing new_flags will make it impossible for
2560 * the application to detect errors that it would otherwise be
2561 * able to detect with PR_POLL_EXCEPT, until the asynchronous
2562 * callback completes. However, we must clear all the flags to
2563 * prevent the application from spinning (alternating between
2564 * calling PR_Poll that would return PR_POLL_EXCEPT, and send/recv
2565 * which won't actually report the I/O error while we are waiting
2566 * for the asynchronous callback to complete).
2567 */
2568 new_flags = 0;
2569 }
2570 }
2571
2572 if (new_flags && (fd->lower->methods->poll != NULL)) {
2573 PRInt16 lower_out_flags = 0;
2574 PRInt16 lower_new_flags;
2575 lower_new_flags = fd->lower->methods->poll(fd->lower, new_flags,
2576 &lower_out_flags);
2577 if ((lower_new_flags & lower_out_flags) && (how_flags != new_flags)) {
2578 PRInt16 out_flags = lower_out_flags & ~PR_POLL_RW;
2579 if (lower_out_flags & PR_POLL_READ)
2580 out_flags |= PR_POLL_WRITE;
2581 if (lower_out_flags & PR_POLL_WRITE)
2582 out_flags |= PR_POLL_READ;
2583 *p_out_flags = out_flags;
2584 new_flags = how_flags;
2585 } else {
2586 *p_out_flags = lower_out_flags;
2587 new_flags = lower_new_flags;
2588 }
2589 }
2590
2591 return new_flags;
2592 }
2593
2594 static PRInt32 PR_CALLBACK
ssl_TransmitFile(PRFileDesc * sd,PRFileDesc * fd,const void * headers,PRInt32 hlen,PRTransmitFileFlags flags,PRIntervalTime timeout)2595 ssl_TransmitFile(PRFileDesc *sd, PRFileDesc *fd,
2596 const void *headers, PRInt32 hlen,
2597 PRTransmitFileFlags flags, PRIntervalTime timeout)
2598 {
2599 PRSendFileData sfd;
2600
2601 sfd.fd = fd;
2602 sfd.file_offset = 0;
2603 sfd.file_nbytes = 0;
2604 sfd.header = headers;
2605 sfd.hlen = hlen;
2606 sfd.trailer = NULL;
2607 sfd.tlen = 0;
2608
2609 return sd->methods->sendfile(sd, &sfd, flags, timeout);
2610 }
2611
2612
2613 PRBool
ssl_FdIsBlocking(PRFileDesc * fd)2614 ssl_FdIsBlocking(PRFileDesc *fd)
2615 {
2616 PRSocketOptionData opt;
2617 PRStatus status;
2618
2619 opt.option = PR_SockOpt_Nonblocking;
2620 opt.value.non_blocking = PR_FALSE;
2621 status = PR_GetSocketOption(fd, &opt);
2622 if (status != PR_SUCCESS)
2623 return PR_FALSE;
2624 return (PRBool)!opt.value.non_blocking;
2625 }
2626
2627 PRBool
ssl_SocketIsBlocking(sslSocket * ss)2628 ssl_SocketIsBlocking(sslSocket *ss)
2629 {
2630 return ssl_FdIsBlocking(ss->fd);
2631 }
2632
2633 PRInt32 sslFirstBufSize = 8 * 1024;
2634 PRInt32 sslCopyLimit = 1024;
2635
2636 static PRInt32 PR_CALLBACK
ssl_WriteV(PRFileDesc * fd,const PRIOVec * iov,PRInt32 vectors,PRIntervalTime timeout)2637 ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors,
2638 PRIntervalTime timeout)
2639 {
2640 PRInt32 bufLen;
2641 PRInt32 left;
2642 PRInt32 rv;
2643 PRInt32 sent = 0;
2644 const PRInt32 first_len = sslFirstBufSize;
2645 const PRInt32 limit = sslCopyLimit;
2646 PRBool blocking;
2647 PRIOVec myIov = { 0, 0 };
2648 char buf[MAX_FRAGMENT_LENGTH];
2649
2650 if (vectors > PR_MAX_IOVECTOR_SIZE) {
2651 PORT_SetError(PR_BUFFER_OVERFLOW_ERROR);
2652 return -1;
2653 }
2654 blocking = ssl_FdIsBlocking(fd);
2655
2656 #define K16 sizeof(buf)
2657 #define KILL_VECTORS while (vectors && !iov->iov_len) { ++iov; --vectors; }
2658 #define GET_VECTOR do { myIov = *iov++; --vectors; KILL_VECTORS } while (0)
2659 #define HANDLE_ERR(rv, len) \
2660 if (rv != len) { \
2661 if (rv < 0) { \
2662 if (!blocking \
2663 && (PR_GetError() == PR_WOULD_BLOCK_ERROR) \
2664 && (sent > 0)) { \
2665 return sent; \
2666 } else { \
2667 return -1; \
2668 } \
2669 } \
2670 /* Only a nonblocking socket can have partial sends */ \
2671 PR_ASSERT(!blocking); \
2672 return sent + rv; \
2673 }
2674 #define SEND(bfr, len) \
2675 do { \
2676 rv = ssl_Send(fd, bfr, len, 0, timeout); \
2677 HANDLE_ERR(rv, len) \
2678 sent += len; \
2679 } while (0)
2680
2681 /* Make sure the first write is at least 8 KB, if possible. */
2682 KILL_VECTORS
2683 if (!vectors)
2684 return ssl_Send(fd, 0, 0, 0, timeout);
2685 GET_VECTOR;
2686 if (!vectors) {
2687 return ssl_Send(fd, myIov.iov_base, myIov.iov_len, 0, timeout);
2688 }
2689 if (myIov.iov_len < first_len) {
2690 PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len);
2691 bufLen = myIov.iov_len;
2692 left = first_len - bufLen;
2693 while (vectors && left) {
2694 int toCopy;
2695 GET_VECTOR;
2696 toCopy = PR_MIN(left, myIov.iov_len);
2697 PORT_Memcpy(buf + bufLen, myIov.iov_base, toCopy);
2698 bufLen += toCopy;
2699 left -= toCopy;
2700 myIov.iov_base += toCopy;
2701 myIov.iov_len -= toCopy;
2702 }
2703 SEND( buf, bufLen );
2704 }
2705
2706 while (vectors || myIov.iov_len) {
2707 PRInt32 addLen;
2708 if (!myIov.iov_len) {
2709 GET_VECTOR;
2710 }
2711 while (myIov.iov_len >= K16) {
2712 SEND(myIov.iov_base, K16);
2713 myIov.iov_base += K16;
2714 myIov.iov_len -= K16;
2715 }
2716 if (!myIov.iov_len)
2717 continue;
2718
2719 if (!vectors || myIov.iov_len > limit) {
2720 addLen = 0;
2721 } else if ((addLen = iov->iov_len % K16) + myIov.iov_len <= limit) {
2722 /* Addlen is already computed. */;
2723 } else if (vectors > 1 &&
2724 iov[1].iov_len % K16 + addLen + myIov.iov_len <= 2 * limit) {
2725 addLen = limit - myIov.iov_len;
2726 } else
2727 addLen = 0;
2728
2729 if (!addLen) {
2730 SEND( myIov.iov_base, myIov.iov_len );
2731 myIov.iov_len = 0;
2732 continue;
2733 }
2734 PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len);
2735 bufLen = myIov.iov_len;
2736 do {
2737 GET_VECTOR;
2738 PORT_Memcpy(buf + bufLen, myIov.iov_base, addLen);
2739 myIov.iov_base += addLen;
2740 myIov.iov_len -= addLen;
2741 bufLen += addLen;
2742
2743 left = PR_MIN( limit, K16 - bufLen);
2744 if (!vectors /* no more left */
2745 || myIov.iov_len > 0 /* we didn't use that one all up */
2746 || bufLen >= K16 /* it's full. */
2747 ) {
2748 addLen = 0;
2749 } else if ((addLen = iov->iov_len % K16) <= left) {
2750 /* Addlen is already computed. */;
2751 } else if (vectors > 1 &&
2752 iov[1].iov_len % K16 + addLen <= left + limit) {
2753 addLen = left;
2754 } else
2755 addLen = 0;
2756
2757 } while (addLen);
2758 SEND( buf, bufLen );
2759 }
2760 return sent;
2761 }
2762
2763 /*
2764 * These functions aren't implemented.
2765 */
2766
2767 static PRInt32 PR_CALLBACK
ssl_Available(PRFileDesc * fd)2768 ssl_Available(PRFileDesc *fd)
2769 {
2770 PORT_Assert(0);
2771 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2772 return SECFailure;
2773 }
2774
2775 static PRInt64 PR_CALLBACK
ssl_Available64(PRFileDesc * fd)2776 ssl_Available64(PRFileDesc *fd)
2777 {
2778 PRInt64 res;
2779
2780 PORT_Assert(0);
2781 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2782 LL_I2L(res, -1L);
2783 return res;
2784 }
2785
2786 static PRStatus PR_CALLBACK
ssl_FSync(PRFileDesc * fd)2787 ssl_FSync(PRFileDesc *fd)
2788 {
2789 PORT_Assert(0);
2790 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2791 return PR_FAILURE;
2792 }
2793
2794 static PRInt32 PR_CALLBACK
ssl_Seek(PRFileDesc * fd,PRInt32 offset,PRSeekWhence how)2795 ssl_Seek(PRFileDesc *fd, PRInt32 offset, PRSeekWhence how) {
2796 PORT_Assert(0);
2797 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2798 return SECFailure;
2799 }
2800
2801 static PRInt64 PR_CALLBACK
ssl_Seek64(PRFileDesc * fd,PRInt64 offset,PRSeekWhence how)2802 ssl_Seek64(PRFileDesc *fd, PRInt64 offset, PRSeekWhence how) {
2803 PRInt64 res;
2804
2805 PORT_Assert(0);
2806 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2807 LL_I2L(res, -1L);
2808 return res;
2809 }
2810
2811 static PRStatus PR_CALLBACK
ssl_FileInfo(PRFileDesc * fd,PRFileInfo * info)2812 ssl_FileInfo(PRFileDesc *fd, PRFileInfo *info)
2813 {
2814 PORT_Assert(0);
2815 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2816 return PR_FAILURE;
2817 }
2818
2819 static PRStatus PR_CALLBACK
ssl_FileInfo64(PRFileDesc * fd,PRFileInfo64 * info)2820 ssl_FileInfo64(PRFileDesc *fd, PRFileInfo64 *info)
2821 {
2822 PORT_Assert(0);
2823 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2824 return PR_FAILURE;
2825 }
2826
2827 static PRInt32 PR_CALLBACK
ssl_RecvFrom(PRFileDesc * fd,void * buf,PRInt32 amount,PRIntn flags,PRNetAddr * addr,PRIntervalTime timeout)2828 ssl_RecvFrom(PRFileDesc *fd, void *buf, PRInt32 amount, PRIntn flags,
2829 PRNetAddr *addr, PRIntervalTime timeout)
2830 {
2831 PORT_Assert(0);
2832 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2833 return SECFailure;
2834 }
2835
2836 static PRInt32 PR_CALLBACK
ssl_SendTo(PRFileDesc * fd,const void * buf,PRInt32 amount,PRIntn flags,const PRNetAddr * addr,PRIntervalTime timeout)2837 ssl_SendTo(PRFileDesc *fd, const void *buf, PRInt32 amount, PRIntn flags,
2838 const PRNetAddr *addr, PRIntervalTime timeout)
2839 {
2840 PORT_Assert(0);
2841 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2842 return SECFailure;
2843 }
2844
2845 static const PRIOMethods ssl_methods = {
2846 PR_DESC_LAYERED,
2847 ssl_Close, /* close */
2848 ssl_Read, /* read */
2849 ssl_Write, /* write */
2850 ssl_Available, /* available */
2851 ssl_Available64, /* available64 */
2852 ssl_FSync, /* fsync */
2853 ssl_Seek, /* seek */
2854 ssl_Seek64, /* seek64 */
2855 ssl_FileInfo, /* fileInfo */
2856 ssl_FileInfo64, /* fileInfo64 */
2857 ssl_WriteV, /* writev */
2858 ssl_Connect, /* connect */
2859 ssl_Accept, /* accept */
2860 ssl_Bind, /* bind */
2861 ssl_Listen, /* listen */
2862 ssl_Shutdown, /* shutdown */
2863 ssl_Recv, /* recv */
2864 ssl_Send, /* send */
2865 ssl_RecvFrom, /* recvfrom */
2866 ssl_SendTo, /* sendto */
2867 ssl_Poll, /* poll */
2868 PR_EmulateAcceptRead, /* acceptread */
2869 ssl_TransmitFile, /* transmitfile */
2870 ssl_GetSockName, /* getsockname */
2871 ssl_GetPeerName, /* getpeername */
2872 NULL, /* getsockopt OBSOLETE */
2873 NULL, /* setsockopt OBSOLETE */
2874 NULL, /* getsocketoption */
2875 NULL, /* setsocketoption */
2876 PR_EmulateSendFile, /* Send a (partial) file with header/trailer*/
2877 NULL, /* reserved for future use */
2878 NULL, /* reserved for future use */
2879 NULL, /* reserved for future use */
2880 NULL, /* reserved for future use */
2881 NULL /* reserved for future use */
2882 };
2883
2884
2885 static PRIOMethods combined_methods;
2886
2887 static void
ssl_SetupIOMethods(void)2888 ssl_SetupIOMethods(void)
2889 {
2890 PRIOMethods *new_methods = &combined_methods;
2891 const PRIOMethods *nspr_methods = PR_GetDefaultIOMethods();
2892 const PRIOMethods *my_methods = &ssl_methods;
2893
2894 *new_methods = *nspr_methods;
2895
2896 new_methods->file_type = my_methods->file_type;
2897 new_methods->close = my_methods->close;
2898 new_methods->read = my_methods->read;
2899 new_methods->write = my_methods->write;
2900 new_methods->available = my_methods->available;
2901 new_methods->available64 = my_methods->available64;
2902 new_methods->fsync = my_methods->fsync;
2903 new_methods->seek = my_methods->seek;
2904 new_methods->seek64 = my_methods->seek64;
2905 new_methods->fileInfo = my_methods->fileInfo;
2906 new_methods->fileInfo64 = my_methods->fileInfo64;
2907 new_methods->writev = my_methods->writev;
2908 new_methods->connect = my_methods->connect;
2909 new_methods->accept = my_methods->accept;
2910 new_methods->bind = my_methods->bind;
2911 new_methods->listen = my_methods->listen;
2912 new_methods->shutdown = my_methods->shutdown;
2913 new_methods->recv = my_methods->recv;
2914 new_methods->send = my_methods->send;
2915 new_methods->recvfrom = my_methods->recvfrom;
2916 new_methods->sendto = my_methods->sendto;
2917 new_methods->poll = my_methods->poll;
2918 new_methods->acceptread = my_methods->acceptread;
2919 new_methods->transmitfile = my_methods->transmitfile;
2920 new_methods->getsockname = my_methods->getsockname;
2921 new_methods->getpeername = my_methods->getpeername;
2922 /* new_methods->getsocketoption = my_methods->getsocketoption; */
2923 /* new_methods->setsocketoption = my_methods->setsocketoption; */
2924 new_methods->sendfile = my_methods->sendfile;
2925
2926 }
2927
2928 static PRCallOnceType initIoLayerOnce;
2929
2930 static PRStatus
ssl_InitIOLayer(void)2931 ssl_InitIOLayer(void)
2932 {
2933 ssl_layer_id = PR_GetUniqueIdentity("SSL");
2934 ssl_SetupIOMethods();
2935 ssl_inited = PR_TRUE;
2936 return PR_SUCCESS;
2937 }
2938
2939 static PRStatus
ssl_PushIOLayer(sslSocket * ns,PRFileDesc * stack,PRDescIdentity id)2940 ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack, PRDescIdentity id)
2941 {
2942 PRFileDesc *layer = NULL;
2943 PRStatus status;
2944
2945 if (!ssl_inited) {
2946 status = PR_CallOnce(&initIoLayerOnce, &ssl_InitIOLayer);
2947 if (status != PR_SUCCESS)
2948 goto loser;
2949 }
2950
2951 if (ns == NULL)
2952 goto loser;
2953
2954 layer = PR_CreateIOLayerStub(ssl_layer_id, &combined_methods);
2955 if (layer == NULL)
2956 goto loser;
2957 layer->secret = (PRFilePrivate *)ns;
2958
2959 /* Here, "stack" points to the PRFileDesc on the top of the stack.
2960 ** "layer" points to a new FD that is to be inserted into the stack.
2961 ** If layer is being pushed onto the top of the stack, then
2962 ** PR_PushIOLayer switches the contents of stack and layer, and then
2963 ** puts stack on top of layer, so that after it is done, the top of
2964 ** stack is the same "stack" as it was before, and layer is now the
2965 ** FD for the former top of stack.
2966 ** After this call, stack always points to the top PRFD on the stack.
2967 ** If this function fails, the contents of stack and layer are as
2968 ** they were before the call.
2969 */
2970 status = PR_PushIOLayer(stack, id, layer);
2971 if (status != PR_SUCCESS)
2972 goto loser;
2973
2974 ns->fd = (id == PR_TOP_IO_LAYER) ? stack : layer;
2975 return PR_SUCCESS;
2976
2977 loser:
2978 if (layer) {
2979 layer->dtor(layer); /* free layer */
2980 }
2981 return PR_FAILURE;
2982 }
2983
2984 /* if this fails, caller must destroy socket. */
2985 static SECStatus
ssl_MakeLocks(sslSocket * ss)2986 ssl_MakeLocks(sslSocket *ss)
2987 {
2988 ss->firstHandshakeLock = PZ_NewMonitor(nssILockSSL);
2989 if (!ss->firstHandshakeLock)
2990 goto loser;
2991 ss->ssl3HandshakeLock = PZ_NewMonitor(nssILockSSL);
2992 if (!ss->ssl3HandshakeLock)
2993 goto loser;
2994 ss->specLock = NSSRWLock_New(SSL_LOCK_RANK_SPEC, NULL);
2995 if (!ss->specLock)
2996 goto loser;
2997 ss->recvBufLock = PZ_NewMonitor(nssILockSSL);
2998 if (!ss->recvBufLock)
2999 goto loser;
3000 ss->xmitBufLock = PZ_NewMonitor(nssILockSSL);
3001 if (!ss->xmitBufLock)
3002 goto loser;
3003 ss->writerThread = NULL;
3004 if (ssl_lock_readers) {
3005 ss->recvLock = PZ_NewLock(nssILockSSL);
3006 if (!ss->recvLock)
3007 goto loser;
3008 ss->sendLock = PZ_NewLock(nssILockSSL);
3009 if (!ss->sendLock)
3010 goto loser;
3011 }
3012 return SECSuccess;
3013 loser:
3014 ssl_DestroyLocks(ss);
3015 return SECFailure;
3016 }
3017
3018 #if defined(XP_UNIX) || defined(XP_WIN32) || defined(XP_BEOS)
3019 #define NSS_HAVE_GETENV 1
3020 #endif
3021
3022 #define LOWER(x) (x | 0x20) /* cheap ToLower function ignores LOCALE */
3023
3024 static void
ssl_SetDefaultsFromEnvironment(void)3025 ssl_SetDefaultsFromEnvironment(void)
3026 {
3027 #if defined( NSS_HAVE_GETENV )
3028 static int firsttime = 1;
3029
3030 if (firsttime) {
3031 char * ev;
3032 firsttime = 0;
3033 #ifdef DEBUG
3034 ev = getenv("SSLDEBUGFILE");
3035 if (ev && ev[0]) {
3036 ssl_trace_iob = fopen(ev, "w");
3037 }
3038 if (!ssl_trace_iob) {
3039 ssl_trace_iob = stderr;
3040 }
3041 #ifdef TRACE
3042 ev = getenv("SSLTRACE");
3043 if (ev && ev[0]) {
3044 ssl_trace = atoi(ev);
3045 SSL_TRACE(("SSL: tracing set to %d", ssl_trace));
3046 }
3047 #endif /* TRACE */
3048 ev = getenv("SSLDEBUG");
3049 if (ev && ev[0]) {
3050 ssl_debug = atoi(ev);
3051 SSL_TRACE(("SSL: debugging set to %d", ssl_debug));
3052 }
3053 #endif /* DEBUG */
3054 ev = getenv("SSLKEYLOGFILE");
3055 if (ev && ev[0]) {
3056 ssl_keylog_iob = fopen(ev, "a");
3057 if (!ssl_keylog_iob) {
3058 SSL_TRACE(("SSL: failed to open key log file"));
3059 } else {
3060 if (ftell(ssl_keylog_iob) == 0) {
3061 fputs("# SSL/TLS secrets log file, generated by NSS\n",
3062 ssl_keylog_iob);
3063 }
3064 SSL_TRACE(("SSL: logging SSL/TLS secrets to %s", ev));
3065 }
3066 }
3067 #ifndef NO_PKCS11_BYPASS
3068 ev = getenv("SSLBYPASS");
3069 if (ev && ev[0]) {
3070 ssl_defaults.bypassPKCS11 = (ev[0] == '1');
3071 SSL_TRACE(("SSL: bypass default set to %d", \
3072 ssl_defaults.bypassPKCS11));
3073 }
3074 #endif /* NO_PKCS11_BYPASS */
3075 ev = getenv("SSLFORCELOCKS");
3076 if (ev && ev[0] == '1') {
3077 ssl_force_locks = PR_TRUE;
3078 ssl_defaults.noLocks = 0;
3079 strcpy(lockStatus + LOCKSTATUS_OFFSET, "FORCED. ");
3080 SSL_TRACE(("SSL: force_locks set to %d", ssl_force_locks));
3081 }
3082 ev = getenv("NSS_SSL_ENABLE_RENEGOTIATION");
3083 if (ev) {
3084 if (ev[0] == '1' || LOWER(ev[0]) == 'u')
3085 ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_UNRESTRICTED;
3086 else if (ev[0] == '0' || LOWER(ev[0]) == 'n')
3087 ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_NEVER;
3088 else if (ev[0] == '2' || LOWER(ev[0]) == 'r')
3089 ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN;
3090 else if (ev[0] == '3' || LOWER(ev[0]) == 't')
3091 ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_TRANSITIONAL;
3092 SSL_TRACE(("SSL: enableRenegotiation set to %d",
3093 ssl_defaults.enableRenegotiation));
3094 }
3095 ev = getenv("NSS_SSL_REQUIRE_SAFE_NEGOTIATION");
3096 if (ev && ev[0] == '1') {
3097 ssl_defaults.requireSafeNegotiation = PR_TRUE;
3098 SSL_TRACE(("SSL: requireSafeNegotiation set to %d",
3099 PR_TRUE));
3100 }
3101 ev = getenv("NSS_SSL_CBC_RANDOM_IV");
3102 if (ev && ev[0] == '0') {
3103 ssl_defaults.cbcRandomIV = PR_FALSE;
3104 SSL_TRACE(("SSL: cbcRandomIV set to 0"));
3105 }
3106 }
3107 #endif /* NSS_HAVE_GETENV */
3108 }
3109
3110 /*
3111 ** Create a newsocket structure for a file descriptor.
3112 */
3113 static sslSocket *
ssl_NewSocket(PRBool makeLocks,SSLProtocolVariant protocolVariant)3114 ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
3115 {
3116 sslSocket *ss;
3117
3118 ssl_SetDefaultsFromEnvironment();
3119
3120 if (ssl_force_locks)
3121 makeLocks = PR_TRUE;
3122
3123 /* Make a new socket and get it ready */
3124 ss = (sslSocket*) PORT_ZAlloc(sizeof(sslSocket));
3125 if (ss) {
3126 /* This should be of type SSLKEAType, but CC on IRIX
3127 * complains during the for loop.
3128 */
3129 int i;
3130 SECStatus status;
3131
3132 ss->opt = ssl_defaults;
3133 ss->opt.useSocks = PR_FALSE;
3134 ss->opt.noLocks = !makeLocks;
3135 ss->vrange = *VERSIONS_DEFAULTS(protocolVariant);
3136 ss->protocolVariant = protocolVariant;
3137
3138 ss->peerID = NULL;
3139 ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
3140 ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
3141 ss->cTimeout = PR_INTERVAL_NO_TIMEOUT;
3142 ss->cipherSpecs = NULL;
3143 ss->sizeCipherSpecs = 0; /* produced lazily */
3144 ss->preferredCipher = NULL;
3145 ss->url = NULL;
3146
3147 for (i=kt_null; i < kt_kea_size; i++) {
3148 sslServerCerts * sc = ss->serverCerts + i;
3149 sc->serverCert = NULL;
3150 sc->serverCertChain = NULL;
3151 sc->serverKeyPair = NULL;
3152 sc->serverKeyBits = 0;
3153 ss->certStatusArray[i] = NULL;
3154 }
3155 ss->requestedCertTypes = NULL;
3156 ss->stepDownKeyPair = NULL;
3157 ss->dbHandle = CERT_GetDefaultCertDB();
3158
3159 /* Provide default implementation of hooks */
3160 ss->authCertificate = SSL_AuthCertificate;
3161 ss->authCertificateArg = (void *)ss->dbHandle;
3162 ss->sniSocketConfig = NULL;
3163 ss->sniSocketConfigArg = NULL;
3164 ss->getClientAuthData = NULL;
3165 #ifdef NSS_PLATFORM_CLIENT_AUTH
3166 ss->getPlatformClientAuthData = NULL;
3167 ss->getPlatformClientAuthDataArg = NULL;
3168 #endif /* NSS_PLATFORM_CLIENT_AUTH */
3169 ss->handleBadCert = NULL;
3170 ss->badCertArg = NULL;
3171 ss->pkcs11PinArg = NULL;
3172 ss->ephemeralECDHKeyPair = NULL;
3173 ss->getChannelID = NULL;
3174 ss->getChannelIDArg = NULL;
3175
3176 ssl_ChooseOps(ss);
3177 ssl2_InitSocketPolicy(ss);
3178 ssl3_InitSocketPolicy(ss);
3179 PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight);
3180
3181 if (makeLocks) {
3182 status = ssl_MakeLocks(ss);
3183 if (status != SECSuccess)
3184 goto loser;
3185 }
3186 status = ssl_CreateSecurityInfo(ss);
3187 if (status != SECSuccess)
3188 goto loser;
3189 status = ssl_InitGather(&ss->gs);
3190 if (status != SECSuccess) {
3191 loser:
3192 ssl_DestroySocketContents(ss);
3193 ssl_DestroyLocks(ss);
3194 PORT_Free(ss);
3195 ss = NULL;
3196 }
3197 }
3198 return ss;
3199 }
3200