search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
don't pretend to support dbus on windows in dbus_export.h
[chromium-blink-merge.git] / net / third_party / nss / ssl / sslsock.c
blob028cd98f5aef4da5e22833e66d36da971ddb6e46
1 /*
2 * vtables (and methods that call through them) for the 4 types of
3 * SSLSockets supported. Only one type is still supported.
4 * Various other functions.
5 *
6 * This Source Code Form is subject to the terms of the Mozilla Public
7 * License, v. 2.0. If a copy of the MPL was not distributed with this
8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
9 #include "seccomon.h"
10 #include "cert.h"
11 #include "keyhi.h"
12 #include "ssl.h"
13 #include "sslimpl.h"
14 #include "sslproto.h"
15 #include "nspr.h"
16 #include "private/pprio.h"
17 #ifndef NO_PKCS11_BYPASS
18 #include "blapi.h"
19 #endif
20 #include "pk11pub.h"
21 #include "nss.h"
22
23 /* This is a bodge to allow this code to be compiled against older NSS headers
24 * that don't contain the TLS 1.2 changes. */
25 #ifndef CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256
26 #define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24)
27 #endif
28
29 #define SET_ERROR_CODE /* reminder */
30
31 static const sslSocketOps ssl_default_ops = { /* No SSL. */
32 ssl_DefConnect,
33 NULL,
34 ssl_DefBind,
35 ssl_DefListen,
36 ssl_DefShutdown,
37 ssl_DefClose,
38 ssl_DefRecv,
39 ssl_DefSend,
40 ssl_DefRead,
41 ssl_DefWrite,
42 ssl_DefGetpeername,
43 ssl_DefGetsockname
44 };
45
46 static const sslSocketOps ssl_secure_ops = { /* SSL. */
47 ssl_SecureConnect,
48 NULL,
49 ssl_DefBind,
50 ssl_DefListen,
51 ssl_SecureShutdown,
52 ssl_SecureClose,
53 ssl_SecureRecv,
54 ssl_SecureSend,
55 ssl_SecureRead,
56 ssl_SecureWrite,
57 ssl_DefGetpeername,
58 ssl_DefGetsockname
59 };
60
61 /*
62 ** default settings for socket enables
63 */
64 static sslOptions ssl_defaults = {
65 { siBuffer, NULL, 0 }, /* nextProtoNego */
66 PR_TRUE, /* useSecurity */
67 PR_FALSE, /* useSocks */
68 PR_FALSE, /* requestCertificate */
69 2, /* requireCertificate */
70 PR_FALSE, /* handshakeAsClient */
71 PR_FALSE, /* handshakeAsServer */
72 PR_FALSE, /* enableSSL2 */ /* now defaults to off in NSS 3.13 */
73 PR_FALSE, /* unusedBit9 */
74 PR_FALSE, /* unusedBit10 */
75 PR_FALSE, /* noCache */
76 PR_FALSE, /* fdx */
77 PR_FALSE, /* v2CompatibleHello */ /* now defaults to off in NSS 3.13 */
78 PR_TRUE, /* detectRollBack */
79 PR_FALSE, /* noStepDown */
80 PR_FALSE, /* bypassPKCS11 */
81 PR_FALSE, /* noLocks */
82 PR_FALSE, /* enableSessionTickets */
83 PR_FALSE, /* enableDeflate */
84 2, /* enableRenegotiation (default: requires extension) */
85 PR_FALSE, /* requireSafeNegotiation */
86 PR_FALSE, /* enableFalseStart */
87 PR_TRUE, /* cbcRandomIV */
88 PR_FALSE, /* enableOCSPStapling */
89 PR_TRUE, /* enableNPN */
90 PR_FALSE, /* enableALPN */
91 PR_FALSE, /* enableSignedCertTimestamps */
92 PR_FALSE /* enableFallbackSCSV */
93 };
94
95 /*
96 * default range of enabled SSL/TLS protocols
97 */
98 static SSLVersionRange versions_defaults_stream = {
99 SSL_LIBRARY_VERSION_3_0,
100 SSL_LIBRARY_VERSION_TLS_1_0
101 };
102
103 static SSLVersionRange versions_defaults_datagram = {
104 SSL_LIBRARY_VERSION_TLS_1_1,
105 SSL_LIBRARY_VERSION_TLS_1_1
106 };
107
108 #define VERSIONS_DEFAULTS(variant) \
109 (variant == ssl_variant_stream ? &versions_defaults_stream : \
110 &versions_defaults_datagram)
111
112 sslSessionIDLookupFunc ssl_sid_lookup;
113 sslSessionIDCacheFunc ssl_sid_cache;
114 sslSessionIDUncacheFunc ssl_sid_uncache;
115
116 static PRBool ssl_inited = PR_FALSE;
117 static PRDescIdentity ssl_layer_id;
118
119 PRBool locksEverDisabled; /* implicitly PR_FALSE */
120 PRBool ssl_force_locks; /* implicitly PR_FALSE */
121 int ssl_lock_readers = 1; /* default true. */
122 char ssl_debug;
123 char ssl_trace;
124 FILE * ssl_trace_iob;
125 FILE * ssl_keylog_iob;
126 char lockStatus[] = "Locks are ENABLED. ";
127 #define LOCKSTATUS_OFFSET 10 /* offset of ENABLED */
128
129 /* SRTP_NULL_HMAC_SHA1_80 and SRTP_NULL_HMAC_SHA1_32 are not implemented. */
130 static const PRUint16 srtpCiphers[] = {
131 SRTP_AES128_CM_HMAC_SHA1_80,
132 SRTP_AES128_CM_HMAC_SHA1_32,
133 0
134 };
135
136 /* forward declarations. */
137 static sslSocket *ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant variant);
138 static SECStatus ssl_MakeLocks(sslSocket *ss);
139 static void ssl_SetDefaultsFromEnvironment(void);
140 static PRStatus ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack,
141 PRDescIdentity id);
142
143 /************************************************************************/
144
145 /*
146 ** Lookup a socket structure from a file descriptor.
147 ** Only functions called through the PRIOMethods table should use this.
148 ** Other app-callable functions should use ssl_FindSocket.
149 */
150 static sslSocket *
151 ssl_GetPrivate(PRFileDesc *fd)
152 {
153 sslSocket *ss;
154
155 PORT_Assert(fd != NULL);
156 PORT_Assert(fd->methods->file_type == PR_DESC_LAYERED);
157 PORT_Assert(fd->identity == ssl_layer_id);
158
159 if (fd->methods->file_type != PR_DESC_LAYERED ||
160 fd->identity != ssl_layer_id) {
161 PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
162 return NULL;
163 }
164
165 ss = (sslSocket *)fd->secret;
166 ss->fd = fd;
167 return ss;
168 }
169
170 /* This function tries to find the SSL layer in the stack.
171 * It searches for the first SSL layer at or below the argument fd,
172 * and failing that, it searches for the nearest SSL layer above the
173 * argument fd. It returns the private sslSocket from the found layer.
174 */
175 sslSocket *
176 ssl_FindSocket(PRFileDesc *fd)
177 {
178 PRFileDesc *layer;
179 sslSocket *ss;
180
181 PORT_Assert(fd != NULL);
182 PORT_Assert(ssl_layer_id != 0);
183
184 layer = PR_GetIdentitiesLayer(fd, ssl_layer_id);
185 if (layer == NULL) {
186 PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
187 return NULL;
188 }
189
190 ss = (sslSocket *)layer->secret;
191 ss->fd = layer;
192 return ss;
193 }
194
195 static sslSocket *
196 ssl_DupSocket(sslSocket *os)
197 {
198 sslSocket *ss;
199 SECStatus rv;
200
201 ss = ssl_NewSocket((PRBool)(!os->opt.noLocks), os->protocolVariant);
202 if (ss) {
203 ss->opt = os->opt;
204 ss->opt.useSocks = PR_FALSE;
205 ss->vrange = os->vrange;
206
207 ss->peerID = !os->peerID ? NULL : PORT_Strdup(os->peerID);
208 ss->url = !os->url ? NULL : PORT_Strdup(os->url);
209
210 ss->ops = os->ops;
211 ss->rTimeout = os->rTimeout;
212 ss->wTimeout = os->wTimeout;
213 ss->cTimeout = os->cTimeout;
214 ss->dbHandle = os->dbHandle;
215
216 /* copy ssl2&3 policy & prefs, even if it's not selected (yet) */
217 ss->allowedByPolicy = os->allowedByPolicy;
218 ss->maybeAllowedByPolicy= os->maybeAllowedByPolicy;
219 ss->chosenPreference = os->chosenPreference;
220 PORT_Memcpy(ss->cipherSuites, os->cipherSuites, sizeof os->cipherSuites);
221 PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, os->ssl3.dtlsSRTPCiphers,
222 sizeof(PRUint16) * os->ssl3.dtlsSRTPCipherCount);
223 ss->ssl3.dtlsSRTPCipherCount = os->ssl3.dtlsSRTPCipherCount;
224
225 if (os->cipherSpecs) {
226 ss->cipherSpecs = (unsigned char*)PORT_Alloc(os->sizeCipherSpecs);
227 if (ss->cipherSpecs)
228 PORT_Memcpy(ss->cipherSpecs, os->cipherSpecs,
229 os->sizeCipherSpecs);
230 ss->sizeCipherSpecs = os->sizeCipherSpecs;
231 ss->preferredCipher = os->preferredCipher;
232 } else {
233 ss->cipherSpecs = NULL; /* produced lazily */
234 ss->sizeCipherSpecs = 0;
235 ss->preferredCipher = NULL;
236 }
237 if (ss->opt.useSecurity) {
238 /* This int should be SSLKEAType, but CC on Irix complains,
239 * during the for loop.
240 */
241 int i;
242 sslServerCerts * oc = os->serverCerts;
243 sslServerCerts * sc = ss->serverCerts;
244
245 for (i=kt_null; i < kt_kea_size; i++, oc++, sc++) {
246 if (oc->serverCert && oc->serverCertChain) {
247 sc->serverCert = CERT_DupCertificate(oc->serverCert);
248 sc->serverCertChain = CERT_DupCertList(oc->serverCertChain);
249 if (!sc->serverCertChain)
250 goto loser;
251 } else {
252 sc->serverCert = NULL;
253 sc->serverCertChain = NULL;
254 }
255 sc->serverKeyPair = oc->serverKeyPair ?
256 ssl3_GetKeyPairRef(oc->serverKeyPair) : NULL;
257 if (oc->serverKeyPair && !sc->serverKeyPair)
258 goto loser;
259 sc->serverKeyBits = oc->serverKeyBits;
260 ss->certStatusArray[i] = !os->certStatusArray[i] ? NULL :
261 SECITEM_DupArray(NULL, os->certStatusArray[i]);
262 }
263 ss->stepDownKeyPair = !os->stepDownKeyPair ? NULL :
264 ssl3_GetKeyPairRef(os->stepDownKeyPair);
265 ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL :
266 ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair);
267 /*
268 * XXX the preceding CERT_ and SECKEY_ functions can fail and return NULL.
269 * XXX We should detect this, and not just march on with NULL pointers.
270 */
271 ss->authCertificate = os->authCertificate;
272 ss->authCertificateArg = os->authCertificateArg;
273 ss->getClientAuthData = os->getClientAuthData;
274 ss->getClientAuthDataArg = os->getClientAuthDataArg;
275 #ifdef NSS_PLATFORM_CLIENT_AUTH
276 ss->getPlatformClientAuthData = os->getPlatformClientAuthData;
277 ss->getPlatformClientAuthDataArg = os->getPlatformClientAuthDataArg;
278 #endif
279 ss->sniSocketConfig = os->sniSocketConfig;
280 ss->sniSocketConfigArg = os->sniSocketConfigArg;
281 ss->handleBadCert = os->handleBadCert;
282 ss->badCertArg = os->badCertArg;
283 ss->handshakeCallback = os->handshakeCallback;
284 ss->handshakeCallbackData = os->handshakeCallbackData;
285 ss->canFalseStartCallback = os->canFalseStartCallback;
286 ss->canFalseStartCallbackData = os->canFalseStartCallbackData;
287 ss->pkcs11PinArg = os->pkcs11PinArg;
288 ss->getChannelID = os->getChannelID;
289 ss->getChannelIDArg = os->getChannelIDArg;
290
291 /* Create security data */
292 rv = ssl_CopySecurityInfo(ss, os);
293 if (rv != SECSuccess) {
294 goto loser;
295 }
296 }
297 }
298 return ss;
299
300 loser:
301 ssl_FreeSocket(ss);
302 return NULL;
303 }
304
305 static void
306 ssl_DestroyLocks(sslSocket *ss)
307 {
308 /* Destroy locks. */
309 if (ss->firstHandshakeLock) {
310 PZ_DestroyMonitor(ss->firstHandshakeLock);
311 ss->firstHandshakeLock = NULL;
312 }
313 if (ss->ssl3HandshakeLock) {
314 PZ_DestroyMonitor(ss->ssl3HandshakeLock);
315 ss->ssl3HandshakeLock = NULL;
316 }
317 if (ss->specLock) {
318 NSSRWLock_Destroy(ss->specLock);
319 ss->specLock = NULL;
320 }
321
322 if (ss->recvLock) {
323 PZ_DestroyLock(ss->recvLock);
324 ss->recvLock = NULL;
325 }
326 if (ss->sendLock) {
327 PZ_DestroyLock(ss->sendLock);
328 ss->sendLock = NULL;
329 }
330 if (ss->xmitBufLock) {
331 PZ_DestroyMonitor(ss->xmitBufLock);
332 ss->xmitBufLock = NULL;
333 }
334 if (ss->recvBufLock) {
335 PZ_DestroyMonitor(ss->recvBufLock);
336 ss->recvBufLock = NULL;
337 }
338 }
339
340 /* Caller holds any relevant locks */
341 static void
342 ssl_DestroySocketContents(sslSocket *ss)
343 {
344 /* "i" should be of type SSLKEAType, but CC on IRIX complains during
345 * the for loop.
346 */
347 int i;
348
349 /* Free up socket */
350 ssl_DestroySecurityInfo(&ss->sec);
351
352 ssl3_DestroySSL3Info(ss);
353
354 PORT_Free(ss->saveBuf.buf);
355 PORT_Free(ss->pendingBuf.buf);
356 ssl_DestroyGather(&ss->gs);
357
358 if (ss->peerID != NULL)
359 PORT_Free(ss->peerID);
360 if (ss->url != NULL)
361 PORT_Free((void *)ss->url); /* CONST */
362 if (ss->cipherSpecs) {
363 PORT_Free(ss->cipherSpecs);
364 ss->cipherSpecs = NULL;
365 ss->sizeCipherSpecs = 0;
366 }
367
368 /* Clean up server configuration */
369 for (i=kt_null; i < kt_kea_size; i++) {
370 sslServerCerts * sc = ss->serverCerts + i;
371 if (sc->serverCert != NULL)
372 CERT_DestroyCertificate(sc->serverCert);
373 if (sc->serverCertChain != NULL)
374 CERT_DestroyCertificateList(sc->serverCertChain);
375 if (sc->serverKeyPair != NULL)
376 ssl3_FreeKeyPair(sc->serverKeyPair);
377 if (ss->certStatusArray[i] != NULL) {
378 SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE);
379 ss->certStatusArray[i] = NULL;
380 }
381 }
382 if (ss->stepDownKeyPair) {
383 ssl3_FreeKeyPair(ss->stepDownKeyPair);
384 ss->stepDownKeyPair = NULL;
385 }
386 if (ss->ephemeralECDHKeyPair) {
387 ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
388 ss->ephemeralECDHKeyPair = NULL;
389 }
390 SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE);
391 PORT_Assert(!ss->xtnData.sniNameArr);
392 if (ss->xtnData.sniNameArr) {
393 PORT_Free(ss->xtnData.sniNameArr);
394 ss->xtnData.sniNameArr = NULL;
395 }
396 }
397
398 /*
399 * free an sslSocket struct, and all the stuff that hangs off of it
400 */
401 void
402 ssl_FreeSocket(sslSocket *ss)
403 {
404 /* Get every lock you can imagine!
405 ** Caller already holds these:
406 ** SSL_LOCK_READER(ss);
407 ** SSL_LOCK_WRITER(ss);
408 */
409 ssl_Get1stHandshakeLock(ss);
410 ssl_GetRecvBufLock(ss);
411 ssl_GetSSL3HandshakeLock(ss);
412 ssl_GetXmitBufLock(ss);
413 ssl_GetSpecWriteLock(ss);
414
415 ssl_DestroySocketContents(ss);
416
417 /* Release all the locks acquired above. */
418 SSL_UNLOCK_READER(ss);
419 SSL_UNLOCK_WRITER(ss);
420 ssl_Release1stHandshakeLock(ss);
421 ssl_ReleaseRecvBufLock(ss);
422 ssl_ReleaseSSL3HandshakeLock(ss);
423 ssl_ReleaseXmitBufLock(ss);
424 ssl_ReleaseSpecWriteLock(ss);
425
426 ssl_DestroyLocks(ss);
427
428 #ifdef DEBUG
429 PORT_Memset(ss, 0x1f, sizeof *ss);
430 #endif
431 PORT_Free(ss);
432 return;
433 }
434
435 /************************************************************************/
436 SECStatus
437 ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled)
438 {
439 PRFileDesc * osfd = ss->fd->lower;
440 SECStatus rv = SECFailure;
441 PRSocketOptionData opt;
442
443 opt.option = PR_SockOpt_NoDelay;
444 opt.value.no_delay = (PRBool)!enabled;
445
446 if (osfd->methods->setsocketoption) {
447 rv = (SECStatus) osfd->methods->setsocketoption(osfd, &opt);
448 } else {
449 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
450 }
451
452 return rv;
453 }
454
455 static void
456 ssl_ChooseOps(sslSocket *ss)
457 {
458 ss->ops = ss->opt.useSecurity ? &ssl_secure_ops : &ssl_default_ops;
459 }
460
461 /* Called from SSL_Enable (immediately below) */
462 static SECStatus
463 PrepareSocket(sslSocket *ss)
464 {
465 SECStatus rv = SECSuccess;
466
467 ssl_ChooseOps(ss);
468 return rv;
469 }
470
471 SECStatus
472 SSL_Enable(PRFileDesc *fd, int which, PRBool on)
473 {
474 return SSL_OptionSet(fd, which, on);
475 }
476
477 #ifndef NO_PKCS11_BYPASS
478 static const PRCallOnceType pristineCallOnce;
479 static PRCallOnceType setupBypassOnce;
480
481 static SECStatus SSL_BypassShutdown(void* appData, void* nssData)
482 {
483 /* unload freeBL shared library from memory */
484 BL_Unload();
485 setupBypassOnce = pristineCallOnce;
486 return SECSuccess;
487 }
488
489 static PRStatus SSL_BypassRegisterShutdown(void)
490 {
491 SECStatus rv = NSS_RegisterShutdown(SSL_BypassShutdown, NULL);
492 PORT_Assert(SECSuccess == rv);
493 return SECSuccess == rv ? PR_SUCCESS : PR_FAILURE;
494 }
495 #endif
496
497 static PRStatus SSL_BypassSetup(void)
498 {
499 #ifdef NO_PKCS11_BYPASS
500 /* Guarantee binary compatibility */
501 return PR_SUCCESS;
502 #else
503 return PR_CallOnce(&setupBypassOnce, &SSL_BypassRegisterShutdown);
504 #endif
505 }
506
507 /* Implements the semantics for SSL_OptionSet(SSL_ENABLE_TLS, on) described in
508 * ssl.h in the section "SSL version range setting API".
509 */
510 static void
511 ssl_EnableTLS(SSLVersionRange *vrange, PRBool on)
512 {
513 if (SSL3_ALL_VERSIONS_DISABLED(vrange)) {
514 if (on) {
515 vrange->min = SSL_LIBRARY_VERSION_TLS_1_0;
516 vrange->max = SSL_LIBRARY_VERSION_TLS_1_0;
517 } /* else don't change anything */
518 return;
519 }
520
521 if (on) {
522 /* Expand the range of enabled version to include TLS 1.0 */
523 vrange->min = PR_MIN(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
524 vrange->max = PR_MAX(vrange->max, SSL_LIBRARY_VERSION_TLS_1_0);
525 } else {
526 /* Disable all TLS versions, leaving only SSL 3.0 if it was enabled */
527 if (vrange->min == SSL_LIBRARY_VERSION_3_0) {
528 vrange->max = SSL_LIBRARY_VERSION_3_0;
529 } else {
530 /* Only TLS was enabled, so now no versions are. */
531 vrange->min = SSL_LIBRARY_VERSION_NONE;
532 vrange->max = SSL_LIBRARY_VERSION_NONE;
533 }
534 }
535 }
536
537 /* Implements the semantics for SSL_OptionSet(SSL_ENABLE_SSL3, on) described in
538 * ssl.h in the section "SSL version range setting API".
539 */
540 static void
541 ssl_EnableSSL3(SSLVersionRange *vrange, PRBool on)
542 {
543 if (SSL3_ALL_VERSIONS_DISABLED(vrange)) {
544 if (on) {
545 vrange->min = SSL_LIBRARY_VERSION_3_0;
546 vrange->max = SSL_LIBRARY_VERSION_3_0;
547 } /* else don't change anything */
548 return;
549 }
550
551 if (on) {
552 /* Expand the range of enabled versions to include SSL 3.0. We know
553 * SSL 3.0 or some version of TLS is already enabled at this point, so
554 * we don't need to change vrange->max.
555 */
556 vrange->min = SSL_LIBRARY_VERSION_3_0;
557 } else {
558 /* Disable SSL 3.0, leaving TLS unaffected. */
559 if (vrange->max > SSL_LIBRARY_VERSION_3_0) {
560 vrange->min = PR_MAX(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
561 } else {
562 /* Only SSL 3.0 was enabled, so now no versions are. */
563 vrange->min = SSL_LIBRARY_VERSION_NONE;
564 vrange->max = SSL_LIBRARY_VERSION_NONE;
565 }
566 }
567 }
568
569 SECStatus
570 SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
571 {
572 sslSocket *ss = ssl_FindSocket(fd);
573 SECStatus rv = SECSuccess;
574 PRBool holdingLocks;
575
576 if (!ss) {
577 SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd));
578 return SECFailure;
579 }
580
581 holdingLocks = (!ss->opt.noLocks);
582 ssl_Get1stHandshakeLock(ss);
583 ssl_GetSSL3HandshakeLock(ss);
584
585 switch (which) {
586 case SSL_SOCKS:
587 ss->opt.useSocks = PR_FALSE;
588 rv = PrepareSocket(ss);
589 if (on) {
590 PORT_SetError(SEC_ERROR_INVALID_ARGS);
591 rv = SECFailure;
592 }
593 break;
594
595 case SSL_SECURITY:
596 ss->opt.useSecurity = on;
597 rv = PrepareSocket(ss);
598 break;
599
600 case SSL_REQUEST_CERTIFICATE:
601 ss->opt.requestCertificate = on;
602 break;
603
604 case SSL_REQUIRE_CERTIFICATE:
605 ss->opt.requireCertificate = on;
606 break;
607
608 case SSL_HANDSHAKE_AS_CLIENT:
609 if ( ss->opt.handshakeAsServer && on ) {
610 PORT_SetError(SEC_ERROR_INVALID_ARGS);
611 rv = SECFailure;
612 break;
613 }
614 ss->opt.handshakeAsClient = on;
615 break;
616
617 case SSL_HANDSHAKE_AS_SERVER:
618 if ( ss->opt.handshakeAsClient && on ) {
619 PORT_SetError(SEC_ERROR_INVALID_ARGS);
620 rv = SECFailure;
621 break;
622 }
623 ss->opt.handshakeAsServer = on;
624 break;
625
626 case SSL_ENABLE_TLS:
627 if (IS_DTLS(ss)) {
628 if (on) {
629 PORT_SetError(SEC_ERROR_INVALID_ARGS);
630 rv = SECFailure; /* not allowed */
631 }
632 break;
633 }
634 ssl_EnableTLS(&ss->vrange, on);
635 ss->preferredCipher = NULL;
636 if (ss->cipherSpecs) {
637 PORT_Free(ss->cipherSpecs);
638 ss->cipherSpecs = NULL;
639 ss->sizeCipherSpecs = 0;
640 }
641 break;
642
643 case SSL_ENABLE_SSL3:
644 if (IS_DTLS(ss)) {
645 if (on) {
646 PORT_SetError(SEC_ERROR_INVALID_ARGS);
647 rv = SECFailure; /* not allowed */
648 }
649 break;
650 }
651 ssl_EnableSSL3(&ss->vrange, on);
652 ss->preferredCipher = NULL;
653 if (ss->cipherSpecs) {
654 PORT_Free(ss->cipherSpecs);
655 ss->cipherSpecs = NULL;
656 ss->sizeCipherSpecs = 0;
657 }
658 break;
659
660 case SSL_ENABLE_SSL2:
661 if (IS_DTLS(ss)) {
662 if (on) {
663 PORT_SetError(SEC_ERROR_INVALID_ARGS);
664 rv = SECFailure; /* not allowed */
665 }
666 break;
667 }
668 ss->opt.enableSSL2 = on;
669 if (on) {
670 ss->opt.v2CompatibleHello = on;
671 }
672 ss->preferredCipher = NULL;
673 if (ss->cipherSpecs) {
674 PORT_Free(ss->cipherSpecs);
675 ss->cipherSpecs = NULL;
676 ss->sizeCipherSpecs = 0;
677 }
678 break;
679
680 case SSL_NO_CACHE:
681 ss->opt.noCache = on;
682 break;
683
684 case SSL_ENABLE_FDX:
685 if (on && ss->opt.noLocks) {
686 PORT_SetError(SEC_ERROR_INVALID_ARGS);
687 rv = SECFailure;
688 }
689 ss->opt.fdx = on;
690 break;
691
692 case SSL_V2_COMPATIBLE_HELLO:
693 if (IS_DTLS(ss)) {
694 if (on) {
695 PORT_SetError(SEC_ERROR_INVALID_ARGS);
696 rv = SECFailure; /* not allowed */
697 }
698 break;
699 }
700 ss->opt.v2CompatibleHello = on;
701 if (!on) {
702 ss->opt.enableSSL2 = on;
703 }
704 break;
705
706 case SSL_ROLLBACK_DETECTION:
707 ss->opt.detectRollBack = on;
708 break;
709
710 case SSL_NO_STEP_DOWN:
711 ss->opt.noStepDown = on;
712 if (on)
713 SSL_DisableExportCipherSuites(fd);
714 break;
715
716 case SSL_BYPASS_PKCS11:
717 if (ss->handshakeBegun) {
718 PORT_SetError(PR_INVALID_STATE_ERROR);
719 rv = SECFailure;
720 } else {
721 if (PR_FALSE != on) {
722 if (PR_SUCCESS == SSL_BypassSetup() ) {
723 #ifdef NO_PKCS11_BYPASS
724 ss->opt.bypassPKCS11 = PR_FALSE;
725 #else
726 ss->opt.bypassPKCS11 = on;
727 #endif
728 } else {
729 rv = SECFailure;
730 }
731 } else {
732 ss->opt.bypassPKCS11 = PR_FALSE;
733 }
734 }
735 break;
736
737 case SSL_NO_LOCKS:
738 if (on && ss->opt.fdx) {
739 PORT_SetError(SEC_ERROR_INVALID_ARGS);
740 rv = SECFailure;
741 }
742 if (on && ssl_force_locks)
743 on = PR_FALSE; /* silent override */
744 ss->opt.noLocks = on;
745 if (on) {
746 locksEverDisabled = PR_TRUE;
747 strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
748 } else if (!holdingLocks) {
749 rv = ssl_MakeLocks(ss);
750 if (rv != SECSuccess) {
751 ss->opt.noLocks = PR_TRUE;
752 }
753 }
754 break;
755
756 case SSL_ENABLE_SESSION_TICKETS:
757 ss->opt.enableSessionTickets = on;
758 break;
759
760 case SSL_ENABLE_DEFLATE:
761 ss->opt.enableDeflate = on;
762 break;
763
764 case SSL_ENABLE_RENEGOTIATION:
765 ss->opt.enableRenegotiation = on;
766 break;
767
768 case SSL_REQUIRE_SAFE_NEGOTIATION:
769 ss->opt.requireSafeNegotiation = on;
770 break;
771
772 case SSL_ENABLE_FALSE_START:
773 ss->opt.enableFalseStart = on;
774 break;
775
776 case SSL_CBC_RANDOM_IV:
777 ss->opt.cbcRandomIV = on;
778 break;
779
780 case SSL_ENABLE_OCSP_STAPLING:
781 ss->opt.enableOCSPStapling = on;
782 break;
783
784 case SSL_ENABLE_NPN:
785 ss->opt.enableNPN = on;
786 break;
787
788 case SSL_ENABLE_ALPN:
789 ss->opt.enableALPN = on;
790 break;
791
792 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
793 ss->opt.enableSignedCertTimestamps = on;
794 break;
795
796 case SSL_ENABLE_FALLBACK_SCSV:
797 ss->opt.enableFallbackSCSV = on;
798 break;
799
800 default:
801 PORT_SetError(SEC_ERROR_INVALID_ARGS);
802 rv = SECFailure;
803 }
804
805 /* We can't use the macros for releasing the locks here,
806 * because ss->opt.noLocks might have changed just above.
807 * We must release these locks (monitors) here, if we aquired them above,
808 * regardless of the current value of ss->opt.noLocks.
809 */
810 if (holdingLocks) {
811 PZ_ExitMonitor((ss)->ssl3HandshakeLock);
812 PZ_ExitMonitor((ss)->firstHandshakeLock);
813 }
814
815 return rv;
816 }
817
818 SECStatus
819 SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
820 {
821 sslSocket *ss = ssl_FindSocket(fd);
822 SECStatus rv = SECSuccess;
823 PRBool on = PR_FALSE;
824
825 if (!pOn) {
826 PORT_SetError(SEC_ERROR_INVALID_ARGS);
827 return SECFailure;
828 }
829 if (!ss) {
830 SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd));
831 *pOn = PR_FALSE;
832 return SECFailure;
833 }
834
835 ssl_Get1stHandshakeLock(ss);
836 ssl_GetSSL3HandshakeLock(ss);
837
838 switch (which) {
839 case SSL_SOCKS: on = PR_FALSE; break;
840 case SSL_SECURITY: on = ss->opt.useSecurity; break;
841 case SSL_REQUEST_CERTIFICATE: on = ss->opt.requestCertificate; break;
842 case SSL_REQUIRE_CERTIFICATE: on = ss->opt.requireCertificate; break;
843 case SSL_HANDSHAKE_AS_CLIENT: on = ss->opt.handshakeAsClient; break;
844 case SSL_HANDSHAKE_AS_SERVER: on = ss->opt.handshakeAsServer; break;
845 case SSL_ENABLE_TLS:
846 on = ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_0;
847 break;
848 case SSL_ENABLE_SSL3:
849 on = ss->vrange.min == SSL_LIBRARY_VERSION_3_0;
850 break;
851 case SSL_ENABLE_SSL2: on = ss->opt.enableSSL2; break;
852 case SSL_NO_CACHE: on = ss->opt.noCache; break;
853 case SSL_ENABLE_FDX: on = ss->opt.fdx; break;
854 case SSL_V2_COMPATIBLE_HELLO: on = ss->opt.v2CompatibleHello; break;
855 case SSL_ROLLBACK_DETECTION: on = ss->opt.detectRollBack; break;
856 case SSL_NO_STEP_DOWN: on = ss->opt.noStepDown; break;
857 case SSL_BYPASS_PKCS11: on = ss->opt.bypassPKCS11; break;
858 case SSL_NO_LOCKS: on = ss->opt.noLocks; break;
859 case SSL_ENABLE_SESSION_TICKETS:
860 on = ss->opt.enableSessionTickets;
861 break;
862 case SSL_ENABLE_DEFLATE: on = ss->opt.enableDeflate; break;
863 case SSL_ENABLE_RENEGOTIATION:
864 on = ss->opt.enableRenegotiation; break;
865 case SSL_REQUIRE_SAFE_NEGOTIATION:
866 on = ss->opt.requireSafeNegotiation; break;
867 case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break;
868 case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break;
869 case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break;
870 case SSL_ENABLE_NPN: on = ss->opt.enableNPN; break;
871 case SSL_ENABLE_ALPN: on = ss->opt.enableALPN; break;
872 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
873 on = ss->opt.enableSignedCertTimestamps;
874 break;
875 case SSL_ENABLE_FALLBACK_SCSV: on = ss->opt.enableFallbackSCSV; break;
876
877 default:
878 PORT_SetError(SEC_ERROR_INVALID_ARGS);
879 rv = SECFailure;
880 }
881
882 ssl_ReleaseSSL3HandshakeLock(ss);
883 ssl_Release1stHandshakeLock(ss);
884
885 *pOn = on;
886 return rv;
887 }
888
889 SECStatus
890 SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
891 {
892 SECStatus rv = SECSuccess;
893 PRBool on = PR_FALSE;
894
895 if (!pOn) {
896 PORT_SetError(SEC_ERROR_INVALID_ARGS);
897 return SECFailure;
898 }
899
900 ssl_SetDefaultsFromEnvironment();
901
902 switch (which) {
903 case SSL_SOCKS: on = PR_FALSE; break;
904 case SSL_SECURITY: on = ssl_defaults.useSecurity; break;
905 case SSL_REQUEST_CERTIFICATE: on = ssl_defaults.requestCertificate; break;
906 case SSL_REQUIRE_CERTIFICATE: on = ssl_defaults.requireCertificate; break;
907 case SSL_HANDSHAKE_AS_CLIENT: on = ssl_defaults.handshakeAsClient; break;
908 case SSL_HANDSHAKE_AS_SERVER: on = ssl_defaults.handshakeAsServer; break;
909 case SSL_ENABLE_TLS:
910 on = versions_defaults_stream.max >= SSL_LIBRARY_VERSION_TLS_1_0;
911 break;
912 case SSL_ENABLE_SSL3:
913 on = versions_defaults_stream.min == SSL_LIBRARY_VERSION_3_0;
914 break;
915 case SSL_ENABLE_SSL2: on = ssl_defaults.enableSSL2; break;
916 case SSL_NO_CACHE: on = ssl_defaults.noCache; break;
917 case SSL_ENABLE_FDX: on = ssl_defaults.fdx; break;
918 case SSL_V2_COMPATIBLE_HELLO: on = ssl_defaults.v2CompatibleHello; break;
919 case SSL_ROLLBACK_DETECTION: on = ssl_defaults.detectRollBack; break;
920 case SSL_NO_STEP_DOWN: on = ssl_defaults.noStepDown; break;
921 case SSL_BYPASS_PKCS11: on = ssl_defaults.bypassPKCS11; break;
922 case SSL_NO_LOCKS: on = ssl_defaults.noLocks; break;
923 case SSL_ENABLE_SESSION_TICKETS:
924 on = ssl_defaults.enableSessionTickets;
925 break;
926 case SSL_ENABLE_DEFLATE: on = ssl_defaults.enableDeflate; break;
927 case SSL_ENABLE_RENEGOTIATION:
928 on = ssl_defaults.enableRenegotiation; break;
929 case SSL_REQUIRE_SAFE_NEGOTIATION:
930 on = ssl_defaults.requireSafeNegotiation;
931 break;
932 case SSL_ENABLE_FALSE_START: on = ssl_defaults.enableFalseStart; break;
933 case SSL_CBC_RANDOM_IV: on = ssl_defaults.cbcRandomIV; break;
934 case SSL_ENABLE_OCSP_STAPLING:
935 on = ssl_defaults.enableOCSPStapling;
936 break;
937 case SSL_ENABLE_NPN: on = ssl_defaults.enableNPN; break;
938 case SSL_ENABLE_ALPN: on = ssl_defaults.enableALPN; break;
939 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
940 on = ssl_defaults.enableSignedCertTimestamps;
941 break;
942 case SSL_ENABLE_FALLBACK_SCSV:
943 on = ssl_defaults.enableFallbackSCSV;
944 break;
945
946 default:
947 PORT_SetError(SEC_ERROR_INVALID_ARGS);
948 rv = SECFailure;
949 }
950
951 *pOn = on;
952 return rv;
953 }
954
955 /* XXX Use Global Lock to protect this stuff. */
956 SECStatus
957 SSL_EnableDefault(int which, PRBool on)
958 {
959 return SSL_OptionSetDefault(which, on);
960 }
961
962 SECStatus
963 SSL_OptionSetDefault(PRInt32 which, PRBool on)
964 {
965 SECStatus status = ssl_Init();
966
967 if (status != SECSuccess) {
968 return status;
969 }
970
971 ssl_SetDefaultsFromEnvironment();
972
973 switch (which) {
974 case SSL_SOCKS:
975 ssl_defaults.useSocks = PR_FALSE;
976 if (on) {
977 PORT_SetError(SEC_ERROR_INVALID_ARGS);
978 return SECFailure;
979 }
980 break;
981
982 case SSL_SECURITY:
983 ssl_defaults.useSecurity = on;
984 break;
985
986 case SSL_REQUEST_CERTIFICATE:
987 ssl_defaults.requestCertificate = on;
988 break;
989
990 case SSL_REQUIRE_CERTIFICATE:
991 ssl_defaults.requireCertificate = on;
992 break;
993
994 case SSL_HANDSHAKE_AS_CLIENT:
995 if ( ssl_defaults.handshakeAsServer && on ) {
996 PORT_SetError(SEC_ERROR_INVALID_ARGS);
997 return SECFailure;
998 }
999 ssl_defaults.handshakeAsClient = on;
1000 break;
1001
1002 case SSL_HANDSHAKE_AS_SERVER:
1003 if ( ssl_defaults.handshakeAsClient && on ) {
1004 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1005 return SECFailure;
1006 }
1007 ssl_defaults.handshakeAsServer = on;
1008 break;
1009
1010 case SSL_ENABLE_TLS:
1011 ssl_EnableTLS(&versions_defaults_stream, on);
1012 break;
1013
1014 case SSL_ENABLE_SSL3:
1015 ssl_EnableSSL3(&versions_defaults_stream, on);
1016 break;
1017
1018 case SSL_ENABLE_SSL2:
1019 ssl_defaults.enableSSL2 = on;
1020 if (on) {
1021 ssl_defaults.v2CompatibleHello = on;
1022 }
1023 break;
1024
1025 case SSL_NO_CACHE:
1026 ssl_defaults.noCache = on;
1027 break;
1028
1029 case SSL_ENABLE_FDX:
1030 if (on && ssl_defaults.noLocks) {
1031 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1032 return SECFailure;
1033 }
1034 ssl_defaults.fdx = on;
1035 break;
1036
1037 case SSL_V2_COMPATIBLE_HELLO:
1038 ssl_defaults.v2CompatibleHello = on;
1039 if (!on) {
1040 ssl_defaults.enableSSL2 = on;
1041 }
1042 break;
1043
1044 case SSL_ROLLBACK_DETECTION:
1045 ssl_defaults.detectRollBack = on;
1046 break;
1047
1048 case SSL_NO_STEP_DOWN:
1049 ssl_defaults.noStepDown = on;
1050 if (on)
1051 SSL_DisableDefaultExportCipherSuites();
1052 break;
1053
1054 case SSL_BYPASS_PKCS11:
1055 if (PR_FALSE != on) {
1056 if (PR_SUCCESS == SSL_BypassSetup()) {
1057 #ifdef NO_PKCS11_BYPASS
1058 ssl_defaults.bypassPKCS11 = PR_FALSE;
1059 #else
1060 ssl_defaults.bypassPKCS11 = on;
1061 #endif
1062 } else {
1063 return SECFailure;
1064 }
1065 } else {
1066 ssl_defaults.bypassPKCS11 = PR_FALSE;
1067 }
1068 break;
1069
1070 case SSL_NO_LOCKS:
1071 if (on && ssl_defaults.fdx) {
1072 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1073 return SECFailure;
1074 }
1075 if (on && ssl_force_locks)
1076 on = PR_FALSE; /* silent override */
1077 ssl_defaults.noLocks = on;
1078 if (on) {
1079 locksEverDisabled = PR_TRUE;
1080 strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
1081 }
1082 break;
1083
1084 case SSL_ENABLE_SESSION_TICKETS:
1085 ssl_defaults.enableSessionTickets = on;
1086 break;
1087
1088 case SSL_ENABLE_DEFLATE:
1089 ssl_defaults.enableDeflate = on;
1090 break;
1091
1092 case SSL_ENABLE_RENEGOTIATION:
1093 ssl_defaults.enableRenegotiation = on;
1094 break;
1095
1096 case SSL_REQUIRE_SAFE_NEGOTIATION:
1097 ssl_defaults.requireSafeNegotiation = on;
1098 break;
1099
1100 case SSL_ENABLE_FALSE_START:
1101 ssl_defaults.enableFalseStart = on;
1102 break;
1103
1104 case SSL_CBC_RANDOM_IV:
1105 ssl_defaults.cbcRandomIV = on;
1106 break;
1107
1108 case SSL_ENABLE_OCSP_STAPLING:
1109 ssl_defaults.enableOCSPStapling = on;
1110 break;
1111
1112 case SSL_ENABLE_NPN:
1113 ssl_defaults.enableNPN = on;
1114 break;
1115
1116 case SSL_ENABLE_ALPN:
1117 ssl_defaults.enableALPN = on;
1118 break;
1119
1120 case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
1121 ssl_defaults.enableSignedCertTimestamps = on;
1122 break;
1123
1124 case SSL_ENABLE_FALLBACK_SCSV:
1125 ssl_defaults.enableFallbackSCSV = on;
1126 break;
1127
1128 default:
1129 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1130 return SECFailure;
1131 }
1132 return SECSuccess;
1133 }
1134
1135 /* function tells us if the cipher suite is one that we no longer support. */
1136 static PRBool
1137 ssl_IsRemovedCipherSuite(PRInt32 suite)
1138 {
1139 switch (suite) {
1140 case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
1141 case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:
1142 case SSL_FORTEZZA_DMS_WITH_RC4_128_SHA:
1143 return PR_TRUE;
1144 default:
1145 return PR_FALSE;
1146 }
1147 }
1148
1149 /* Part of the public NSS API.
1150 * Since this is a global (not per-socket) setting, we cannot use the
1151 * HandshakeLock to protect this. Probably want a global lock.
1152 */
1153 SECStatus
1154 SSL_SetPolicy(long which, int policy)
1155 {
1156 if ((which & 0xfffe) == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) {
1157 /* one of the two old FIPS ciphers */
1158 if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA)
1159 which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA;
1160 else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA)
1161 which = SSL_RSA_FIPS_WITH_DES_CBC_SHA;
1162 }
1163 if (ssl_IsRemovedCipherSuite(which))
1164 return SECSuccess;
1165 return SSL_CipherPolicySet(which, policy);
1166 }
1167
1168 SECStatus
1169 SSL_CipherPolicySet(PRInt32 which, PRInt32 policy)
1170 {
1171 SECStatus rv = ssl_Init();
1172
1173 if (rv != SECSuccess) {
1174 return rv;
1175 }
1176
1177 if (ssl_IsRemovedCipherSuite(which)) {
1178 rv = SECSuccess;
1179 } else if (SSL_IS_SSL2_CIPHER(which)) {
1180 rv = ssl2_SetPolicy(which, policy);
1181 } else {
1182 rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy);
1183 }
1184 return rv;
1185 }
1186
1187 SECStatus
1188 SSL_CipherPolicyGet(PRInt32 which, PRInt32 *oPolicy)
1189 {
1190 SECStatus rv;
1191
1192 if (!oPolicy) {
1193 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1194 return SECFailure;
1195 }
1196 if (ssl_IsRemovedCipherSuite(which)) {
1197 *oPolicy = SSL_NOT_ALLOWED;
1198 rv = SECSuccess;
1199 } else if (SSL_IS_SSL2_CIPHER(which)) {
1200 rv = ssl2_GetPolicy(which, oPolicy);
1201 } else {
1202 rv = ssl3_GetPolicy((ssl3CipherSuite)which, oPolicy);
1203 }
1204 return rv;
1205 }
1206
1207 /* Part of the public NSS API.
1208 * Since this is a global (not per-socket) setting, we cannot use the
1209 * HandshakeLock to protect this. Probably want a global lock.
1210 * These changes have no effect on any sslSockets already created.
1211 */
1212 SECStatus
1213 SSL_EnableCipher(long which, PRBool enabled)
1214 {
1215 if ((which & 0xfffe) == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) {
1216 /* one of the two old FIPS ciphers */
1217 if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA)
1218 which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA;
1219 else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA)
1220 which = SSL_RSA_FIPS_WITH_DES_CBC_SHA;
1221 }
1222 if (ssl_IsRemovedCipherSuite(which))
1223 return SECSuccess;
1224 return SSL_CipherPrefSetDefault(which, enabled);
1225 }
1226
1227 SECStatus
1228 SSL_CipherPrefSetDefault(PRInt32 which, PRBool enabled)
1229 {
1230 SECStatus rv = ssl_Init();
1231
1232 if (rv != SECSuccess) {
1233 return rv;
1234 }
1235
1236 if (ssl_IsRemovedCipherSuite(which))
1237 return SECSuccess;
1238 if (enabled && ssl_defaults.noStepDown && SSL_IsExportCipherSuite(which)) {
1239 PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
1240 return SECFailure;
1241 }
1242 if (SSL_IS_SSL2_CIPHER(which)) {
1243 rv = ssl2_CipherPrefSetDefault(which, enabled);
1244 } else {
1245 rv = ssl3_CipherPrefSetDefault((ssl3CipherSuite)which, enabled);
1246 }
1247 return rv;
1248 }
1249
1250 SECStatus
1251 SSL_CipherPrefGetDefault(PRInt32 which, PRBool *enabled)
1252 {
1253 SECStatus rv;
1254
1255 if (!enabled) {
1256 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1257 return SECFailure;
1258 }
1259 if (ssl_IsRemovedCipherSuite(which)) {
1260 *enabled = PR_FALSE;
1261 rv = SECSuccess;
1262 } else if (SSL_IS_SSL2_CIPHER(which)) {
1263 rv = ssl2_CipherPrefGetDefault(which, enabled);
1264 } else {
1265 rv = ssl3_CipherPrefGetDefault((ssl3CipherSuite)which, enabled);
1266 }
1267 return rv;
1268 }
1269
1270 SECStatus
1271 SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled)
1272 {
1273 SECStatus rv;
1274 sslSocket *ss = ssl_FindSocket(fd);
1275
1276 if (!ss) {
1277 SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefSet", SSL_GETPID(), fd));
1278 return SECFailure;
1279 }
1280 if (ssl_IsRemovedCipherSuite(which))
1281 return SECSuccess;
1282 if (enabled && ss->opt.noStepDown && SSL_IsExportCipherSuite(which)) {
1283 PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
1284 return SECFailure;
1285 }
1286 if (SSL_IS_SSL2_CIPHER(which)) {
1287 rv = ssl2_CipherPrefSet(ss, which, enabled);
1288 } else {
1289 rv = ssl3_CipherPrefSet(ss, (ssl3CipherSuite)which, enabled);
1290 }
1291 return rv;
1292 }
1293
1294 SECStatus
1295 SSL_CipherOrderSet(PRFileDesc *fd, const PRUint16 *ciphers, unsigned int len)
1296 {
1297 sslSocket *ss = ssl_FindSocket(fd);
1298
1299 if (!ss) {
1300 SSL_DBG(("%d: SSL[%d]: bad socket in CipherOrderSet", SSL_GETPID(),
1301 fd));
1302 return SECFailure;
1303 }
1304 return ssl3_CipherOrderSet(ss, ciphers, len);
1305 }
1306
1307 SECStatus
1308 SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 which, PRBool *enabled)
1309 {
1310 SECStatus rv;
1311 sslSocket *ss = ssl_FindSocket(fd);
1312
1313 if (!enabled) {
1314 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1315 return SECFailure;
1316 }
1317 if (!ss) {
1318 SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefGet", SSL_GETPID(), fd));
1319 *enabled = PR_FALSE;
1320 return SECFailure;
1321 }
1322 if (ssl_IsRemovedCipherSuite(which)) {
1323 *enabled = PR_FALSE;
1324 rv = SECSuccess;
1325 } else if (SSL_IS_SSL2_CIPHER(which)) {
1326 rv = ssl2_CipherPrefGet(ss, which, enabled);
1327 } else {
1328 rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled);
1329 }
1330 return rv;
1331 }
1332
1333 SECStatus
1334 NSS_SetDomesticPolicy(void)
1335 {
1336 SECStatus status = SECSuccess;
1337 const PRUint16 *cipher;
1338
1339 for (cipher = SSL_ImplementedCiphers; *cipher != 0; ++cipher) {
1340 status = SSL_SetPolicy(*cipher, SSL_ALLOWED);
1341 if (status != SECSuccess)
1342 break;
1343 }
1344 return status;
1345 }
1346
1347 SECStatus
1348 NSS_SetExportPolicy(void)
1349 {
1350 return NSS_SetDomesticPolicy();
1351 }
1352
1353 SECStatus
1354 NSS_SetFrancePolicy(void)
1355 {
1356 return NSS_SetDomesticPolicy();
1357 }
1358
1359 SECStatus
1360 SSL_GetChannelBinding(PRFileDesc *fd,
1361 SSLChannelBindingType binding_type,
1362 unsigned char *out,
1363 unsigned int *outLen,
1364 unsigned int outLenMax) {
1365 sslSocket *ss = ssl_FindSocket(fd);
1366
1367 if (!ss) {
1368 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetChannelBinding",
1369 SSL_GETPID(), fd));
1370 return SECFailure;
1371 }
1372
1373 if (binding_type != SSL_CHANNEL_BINDING_TLS_UNIQUE) {
1374 PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
1375 return SECFailure;
1376 }
1377
1378 return ssl3_GetTLSUniqueChannelBinding(ss, out, outLen, outLenMax);
1379 }
1380
1381
1382 /* LOCKS ??? XXX */
1383 static PRFileDesc *
1384 ssl_ImportFD(PRFileDesc *model, PRFileDesc *fd, SSLProtocolVariant variant)
1385 {
1386 sslSocket * ns = NULL;
1387 PRStatus rv;
1388 PRNetAddr addr;
1389 SECStatus status = ssl_Init();
1390
1391 if (status != SECSuccess) {
1392 return NULL;
1393 }
1394
1395 if (model == NULL) {
1396 /* Just create a default socket if we're given NULL for the model */
1397 ns = ssl_NewSocket((PRBool)(!ssl_defaults.noLocks), variant);
1398 } else {
1399 sslSocket * ss = ssl_FindSocket(model);
1400 if (ss == NULL || ss->protocolVariant != variant) {
1401 SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ImportFD",
1402 SSL_GETPID(), model));
1403 return NULL;
1404 }
1405 ns = ssl_DupSocket(ss);
1406 }
1407 if (ns == NULL)
1408 return NULL;
1409
1410 rv = ssl_PushIOLayer(ns, fd, PR_TOP_IO_LAYER);
1411 if (rv != PR_SUCCESS) {
1412 ssl_FreeSocket(ns);
1413 SET_ERROR_CODE
1414 return NULL;
1415 }
1416 ns = ssl_FindSocket(fd);
1417 PORT_Assert(ns);
1418 if (ns)
1419 ns->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ns, &addr));
1420 return fd;
1421 }
1422
1423 PRFileDesc *
1424 SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd)
1425 {
1426 return ssl_ImportFD(model, fd, ssl_variant_stream);
1427 }
1428
1429 PRFileDesc *
1430 DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd)
1431 {
1432 return ssl_ImportFD(model, fd, ssl_variant_datagram);
1433 }
1434
1435 SECStatus
1436 SSL_SetNextProtoCallback(PRFileDesc *fd, SSLNextProtoCallback callback,
1437 void *arg)
1438 {
1439 sslSocket *ss = ssl_FindSocket(fd);
1440
1441 if (!ss) {
1442 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoCallback", SSL_GETPID(),
1443 fd));
1444 return SECFailure;
1445 }
1446
1447 ssl_GetSSL3HandshakeLock(ss);
1448 ss->nextProtoCallback = callback;
1449 ss->nextProtoArg = arg;
1450 ssl_ReleaseSSL3HandshakeLock(ss);
1451
1452 return SECSuccess;
1453 }
1454
1455 /* ssl_NextProtoNegoCallback is set as an NPN callback for the case when
1456 * SSL_SetNextProtoNego is used.
1457 */
1458 static SECStatus
1459 ssl_NextProtoNegoCallback(void *arg, PRFileDesc *fd,
1460 const unsigned char *protos, unsigned int protos_len,
1461 unsigned char *protoOut, unsigned int *protoOutLen,
1462 unsigned int protoMaxLen)
1463 {
1464 unsigned int i, j;
1465 const unsigned char *result;
1466 sslSocket *ss = ssl_FindSocket(fd);
1467
1468 if (!ss) {
1469 SSL_DBG(("%d: SSL[%d]: bad socket in ssl_NextProtoNegoCallback",
1470 SSL_GETPID(), fd));
1471 return SECFailure;
1472 }
1473
1474 if (protos_len == 0) {
1475 /* The server supports the extension, but doesn't have any protocols
1476 * configured. In this case we request our favoured protocol. */
1477 goto pick_first;
1478 }
1479
1480 /* For each protocol in server preference, see if we support it. */
1481 for (i = 0; i < protos_len; ) {
1482 for (j = 0; j < ss->opt.nextProtoNego.len; ) {
1483 if (protos[i] == ss->opt.nextProtoNego.data[j] &&
1484 PORT_Memcmp(&protos[i+1], &ss->opt.nextProtoNego.data[j+1],
1485 protos[i]) == 0) {
1486 /* We found a match. */
1487 ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NEGOTIATED;
1488 result = &protos[i];
1489 goto found;
1490 }
1491 j += 1 + (unsigned int)ss->opt.nextProtoNego.data[j];
1492 }
1493 i += 1 + (unsigned int)protos[i];
1494 }
1495
1496 pick_first:
1497 ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NO_OVERLAP;
1498 result = ss->opt.nextProtoNego.data;
1499
1500 found:
1501 if (protoMaxLen < result[0]) {
1502 PORT_SetError(SEC_ERROR_OUTPUT_LEN);
1503 return SECFailure;
1504 }
1505 memcpy(protoOut, result + 1, result[0]);
1506 *protoOutLen = result[0];
1507 return SECSuccess;
1508 }
1509
1510 SECStatus
1511 SSL_SetNextProtoNego(PRFileDesc *fd, const unsigned char *data,
1512 unsigned int length)
1513 {
1514 sslSocket *ss;
1515 SECStatus rv;
1516 SECItem dataItem = { siBuffer, (unsigned char *) data, length };
1517
1518 ss = ssl_FindSocket(fd);
1519 if (!ss) {
1520 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoNego",
1521 SSL_GETPID(), fd));
1522 return SECFailure;
1523 }
1524
1525 if (ssl3_ValidateNextProtoNego(data, length) != SECSuccess)
1526 return SECFailure;
1527
1528 ssl_GetSSL3HandshakeLock(ss);
1529 SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE);
1530 rv = SECITEM_CopyItem(NULL, &ss->opt.nextProtoNego, &dataItem);
1531 ssl_ReleaseSSL3HandshakeLock(ss);
1532
1533 if (rv != SECSuccess)
1534 return rv;
1535
1536 return SSL_SetNextProtoCallback(fd, ssl_NextProtoNegoCallback, NULL);
1537 }
1538
1539 SECStatus
1540 SSL_GetNextProto(PRFileDesc *fd, SSLNextProtoState *state, unsigned char *buf,
1541 unsigned int *bufLen, unsigned int bufLenMax)
1542 {
1543 sslSocket *ss = ssl_FindSocket(fd);
1544
1545 if (!ss) {
1546 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNextProto", SSL_GETPID(),
1547 fd));
1548 return SECFailure;
1549 }
1550
1551 if (!state || !buf || !bufLen) {
1552 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1553 return SECFailure;
1554 }
1555
1556 *state = ss->ssl3.nextProtoState;
1557
1558 if (ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NO_SUPPORT &&
1559 ss->ssl3.nextProto.data) {
1560 if (ss->ssl3.nextProto.len > bufLenMax) {
1561 PORT_SetError(SEC_ERROR_OUTPUT_LEN);
1562 return SECFailure;
1563 }
1564 PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len);
1565 *bufLen = ss->ssl3.nextProto.len;
1566 } else {
1567 *bufLen = 0;
1568 }
1569
1570 return SECSuccess;
1571 }
1572
1573 SECStatus SSL_SetSRTPCiphers(PRFileDesc *fd,
1574 const PRUint16 *ciphers,
1575 unsigned int numCiphers)
1576 {
1577 sslSocket *ss;
1578 unsigned int i;
1579
1580 ss = ssl_FindSocket(fd);
1581 if (!ss || !IS_DTLS(ss)) {
1582 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSRTPCiphers",
1583 SSL_GETPID(), fd));
1584 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1585 return SECFailure;
1586 }
1587
1588 if (numCiphers > MAX_DTLS_SRTP_CIPHER_SUITES) {
1589 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1590 return SECFailure;
1591 }
1592
1593 ss->ssl3.dtlsSRTPCipherCount = 0;
1594 for (i = 0; i < numCiphers; i++) {
1595 const PRUint16 *srtpCipher = srtpCiphers;
1596
1597 while (*srtpCipher) {
1598 if (ciphers[i] == *srtpCipher)
1599 break;
1600 srtpCipher++;
1601 }
1602 if (*srtpCipher) {
1603 ss->ssl3.dtlsSRTPCiphers[ss->ssl3.dtlsSRTPCipherCount++] =
1604 ciphers[i];
1605 } else {
1606 SSL_DBG(("%d: SSL[%d]: invalid or unimplemented SRTP cipher "
1607 "suite specified: 0x%04hx", SSL_GETPID(), fd,
1608 ciphers[i]));
1609 }
1610 }
1611
1612 if (ss->ssl3.dtlsSRTPCipherCount == 0) {
1613 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1614 return SECFailure;
1615 }
1616
1617 return SECSuccess;
1618 }
1619
1620 SECStatus
1621 SSL_GetSRTPCipher(PRFileDesc *fd, PRUint16 *cipher)
1622 {
1623 sslSocket * ss;
1624
1625 ss = ssl_FindSocket(fd);
1626 if (!ss) {
1627 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetSRTPCipher",
1628 SSL_GETPID(), fd));
1629 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1630 return SECFailure;
1631 }
1632
1633 if (!ss->ssl3.dtlsSRTPCipherSuite) {
1634 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1635 return SECFailure;
1636 }
1637
1638 *cipher = ss->ssl3.dtlsSRTPCipherSuite;
1639 return SECSuccess;
1640 }
1641
1642 PRFileDesc *
1643 SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
1644 {
1645 sslSocket * sm = NULL, *ss = NULL;
1646 int i;
1647 sslServerCerts * mc = NULL;
1648 sslServerCerts * sc = NULL;
1649
1650 if (model == NULL) {
1651 PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
1652 return NULL;
1653 }
1654 sm = ssl_FindSocket(model);
1655 if (sm == NULL) {
1656 SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ReconfigFD",
1657 SSL_GETPID(), model));
1658 return NULL;
1659 }
1660 ss = ssl_FindSocket(fd);
1661 PORT_Assert(ss);
1662 if (ss == NULL) {
1663 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1664 return NULL;
1665 }
1666
1667 ss->opt = sm->opt;
1668 ss->vrange = sm->vrange;
1669 PORT_Memcpy(ss->cipherSuites, sm->cipherSuites, sizeof sm->cipherSuites);
1670 PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, sm->ssl3.dtlsSRTPCiphers,
1671 sizeof(PRUint16) * sm->ssl3.dtlsSRTPCipherCount);
1672 ss->ssl3.dtlsSRTPCipherCount = sm->ssl3.dtlsSRTPCipherCount;
1673
1674 if (!ss->opt.useSecurity) {
1675 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1676 return NULL;
1677 }
1678 /* This int should be SSLKEAType, but CC on Irix complains,
1679 * during the for loop.
1680 */
1681 for (i=kt_null; i < kt_kea_size; i++) {
1682 mc = &(sm->serverCerts[i]);
1683 sc = &(ss->serverCerts[i]);
1684 if (mc->serverCert && mc->serverCertChain) {
1685 if (sc->serverCert) {
1686 CERT_DestroyCertificate(sc->serverCert);
1687 }
1688 sc->serverCert = CERT_DupCertificate(mc->serverCert);
1689 if (sc->serverCertChain) {
1690 CERT_DestroyCertificateList(sc->serverCertChain);
1691 }
1692 sc->serverCertChain = CERT_DupCertList(mc->serverCertChain);
1693 if (!sc->serverCertChain)
1694 goto loser;
1695 if (sm->certStatusArray[i]) {
1696 if (ss->certStatusArray[i]) {
1697 SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE);
1698 ss->certStatusArray[i] = NULL;
1699 }
1700 ss->certStatusArray[i] = SECITEM_DupArray(NULL, sm->certStatusArray[i]);
1701 if (!ss->certStatusArray[i])
1702 goto loser;
1703 }
1704 }
1705 if (mc->serverKeyPair) {
1706 if (sc->serverKeyPair) {
1707 ssl3_FreeKeyPair(sc->serverKeyPair);
1708 }
1709 sc->serverKeyPair = ssl3_GetKeyPairRef(mc->serverKeyPair);
1710 sc->serverKeyBits = mc->serverKeyBits;
1711 }
1712 }
1713 if (sm->stepDownKeyPair) {
1714 if (ss->stepDownKeyPair) {
1715 ssl3_FreeKeyPair(ss->stepDownKeyPair);
1716 }
1717 ss->stepDownKeyPair = ssl3_GetKeyPairRef(sm->stepDownKeyPair);
1718 }
1719 if (sm->ephemeralECDHKeyPair) {
1720 if (ss->ephemeralECDHKeyPair) {
1721 ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
1722 }
1723 ss->ephemeralECDHKeyPair =
1724 ssl3_GetKeyPairRef(sm->ephemeralECDHKeyPair);
1725 }
1726 /* copy trust anchor names */
1727 if (sm->ssl3.ca_list) {
1728 if (ss->ssl3.ca_list) {
1729 CERT_FreeDistNames(ss->ssl3.ca_list);
1730 }
1731 ss->ssl3.ca_list = CERT_DupDistNames(sm->ssl3.ca_list);
1732 if (!ss->ssl3.ca_list) {
1733 goto loser;
1734 }
1735 }
1736
1737 if (sm->authCertificate)
1738 ss->authCertificate = sm->authCertificate;
1739 if (sm->authCertificateArg)
1740 ss->authCertificateArg = sm->authCertificateArg;
1741 if (sm->getClientAuthData)
1742 ss->getClientAuthData = sm->getClientAuthData;
1743 if (sm->getClientAuthDataArg)
1744 ss->getClientAuthDataArg = sm->getClientAuthDataArg;
1745 #ifdef NSS_PLATFORM_CLIENT_AUTH
1746 if (sm->getPlatformClientAuthData)
1747 ss->getPlatformClientAuthData = sm->getPlatformClientAuthData;
1748 if (sm->getPlatformClientAuthDataArg)
1749 ss->getPlatformClientAuthDataArg = sm->getPlatformClientAuthDataArg;
1750 #endif
1751 if (sm->sniSocketConfig)
1752 ss->sniSocketConfig = sm->sniSocketConfig;
1753 if (sm->sniSocketConfigArg)
1754 ss->sniSocketConfigArg = sm->sniSocketConfigArg;
1755 if (sm->handleBadCert)
1756 ss->handleBadCert = sm->handleBadCert;
1757 if (sm->badCertArg)
1758 ss->badCertArg = sm->badCertArg;
1759 if (sm->handshakeCallback)
1760 ss->handshakeCallback = sm->handshakeCallback;
1761 if (sm->handshakeCallbackData)
1762 ss->handshakeCallbackData = sm->handshakeCallbackData;
1763 if (sm->pkcs11PinArg)
1764 ss->pkcs11PinArg = sm->pkcs11PinArg;
1765 if (sm->getChannelID)
1766 ss->getChannelID = sm->getChannelID;
1767 if (sm->getChannelIDArg)
1768 ss->getChannelIDArg = sm->getChannelIDArg;
1769 return fd;
1770 loser:
1771 return NULL;
1772 }
1773
1774 PRBool
1775 ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant,
1776 SSL3ProtocolVersion version)
1777 {
1778 switch (protocolVariant) {
1779 case ssl_variant_stream:
1780 return (version >= SSL_LIBRARY_VERSION_3_0 &&
1781 version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED);
1782 case ssl_variant_datagram:
1783 return (version >= SSL_LIBRARY_VERSION_TLS_1_1 &&
1784 version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED);
1785 default:
1786 /* Can't get here */
1787 PORT_Assert(PR_FALSE);
1788 return PR_FALSE;
1789 }
1790 }
1791
1792 /* Returns PR_TRUE if the given version range is valid and
1793 ** fully supported; otherwise, returns PR_FALSE.
1794 */
1795 static PRBool
1796 ssl3_VersionRangeIsValid(SSLProtocolVariant protocolVariant,
1797 const SSLVersionRange *vrange)
1798 {
1799 return vrange &&
1800 vrange->min <= vrange->max &&
1801 ssl3_VersionIsSupported(protocolVariant, vrange->min) &&
1802 ssl3_VersionIsSupported(protocolVariant, vrange->max);
1803 }
1804
1805 SECStatus
1806 SSL_VersionRangeGetSupported(SSLProtocolVariant protocolVariant,
1807 SSLVersionRange *vrange)
1808 {
1809 if (!vrange) {
1810 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1811 return SECFailure;
1812 }
1813
1814 switch (protocolVariant) {
1815 case ssl_variant_stream:
1816 vrange->min = SSL_LIBRARY_VERSION_3_0;
1817 vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED;
1818 break;
1819 case ssl_variant_datagram:
1820 vrange->min = SSL_LIBRARY_VERSION_TLS_1_1;
1821 vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED;
1822 break;
1823 default:
1824 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1825 return SECFailure;
1826 }
1827
1828 return SECSuccess;
1829 }
1830
1831 SECStatus
1832 SSL_VersionRangeGetDefault(SSLProtocolVariant protocolVariant,
1833 SSLVersionRange *vrange)
1834 {
1835 if ((protocolVariant != ssl_variant_stream &&
1836 protocolVariant != ssl_variant_datagram) || !vrange) {
1837 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1838 return SECFailure;
1839 }
1840
1841 *vrange = *VERSIONS_DEFAULTS(protocolVariant);
1842
1843 return SECSuccess;
1844 }
1845
1846 SECStatus
1847 SSL_VersionRangeSetDefault(SSLProtocolVariant protocolVariant,
1848 const SSLVersionRange *vrange)
1849 {
1850 if (!ssl3_VersionRangeIsValid(protocolVariant, vrange)) {
1851 PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
1852 return SECFailure;
1853 }
1854
1855 *VERSIONS_DEFAULTS(protocolVariant) = *vrange;
1856
1857 return SECSuccess;
1858 }
1859
1860 SECStatus
1861 SSL_VersionRangeGet(PRFileDesc *fd, SSLVersionRange *vrange)
1862 {
1863 sslSocket *ss = ssl_FindSocket(fd);
1864
1865 if (!ss) {
1866 SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeGet",
1867 SSL_GETPID(), fd));
1868 return SECFailure;
1869 }
1870
1871 if (!vrange) {
1872 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1873 return SECFailure;
1874 }
1875
1876 ssl_Get1stHandshakeLock(ss);
1877 ssl_GetSSL3HandshakeLock(ss);
1878
1879 *vrange = ss->vrange;
1880
1881 ssl_ReleaseSSL3HandshakeLock(ss);
1882 ssl_Release1stHandshakeLock(ss);
1883
1884 return SECSuccess;
1885 }
1886
1887 static PRCallOnceType checkTLS12TokenOnce;
1888 static PRBool tls12TokenExists;
1889
1890 static PRStatus
1891 ssl_CheckTLS12Token(void)
1892 {
1893 tls12TokenExists =
1894 PK11_TokenExists(CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256);
1895 return PR_SUCCESS;
1896 }
1897
1898 static PRBool
1899 ssl_TLS12TokenExists(void)
1900 {
1901 (void) PR_CallOnce(&checkTLS12TokenOnce, ssl_CheckTLS12Token);
1902 return tls12TokenExists;
1903 }
1904
1905 SECStatus
1906 SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange)
1907 {
1908 sslSocket *ss = ssl_FindSocket(fd);
1909
1910 if (!ss) {
1911 SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeSet",
1912 SSL_GETPID(), fd));
1913 return SECFailure;
1914 }
1915
1916 if (!ssl3_VersionRangeIsValid(ss->protocolVariant, vrange)) {
1917 PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
1918 return SECFailure;
1919 }
1920
1921 ssl_Get1stHandshakeLock(ss);
1922 ssl_GetSSL3HandshakeLock(ss);
1923
1924 ss->vrange = *vrange;
1925 /* If we don't have a sufficiently up-to-date softoken then we cannot do
1926 * TLS 1.2. */
1927 if (ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_2 &&
1928 !ssl_TLS12TokenExists()) {
1929 /* If the user requested a minimum version of 1.2, then we don't
1930 * silently downgrade. */
1931 if (ss->vrange.min >= SSL_LIBRARY_VERSION_TLS_1_2) {
1932 ssl_ReleaseSSL3HandshakeLock(ss);
1933 ssl_Release1stHandshakeLock(ss);
1934 PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
1935 return SECFailure;
1936 }
1937 ss->vrange.max = SSL_LIBRARY_VERSION_TLS_1_1;
1938 }
1939
1940 ssl_ReleaseSSL3HandshakeLock(ss);
1941 ssl_Release1stHandshakeLock(ss);
1942
1943 return SECSuccess;
1944 }
1945
1946 const SECItemArray *
1947 SSL_PeerStapledOCSPResponses(PRFileDesc *fd)
1948 {
1949 sslSocket *ss = ssl_FindSocket(fd);
1950
1951 if (!ss) {
1952 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_PeerStapledOCSPResponses",
1953 SSL_GETPID(), fd));
1954 return NULL;
1955 }
1956
1957 if (!ss->sec.ci.sid) {
1958 PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
1959 return NULL;
1960 }
1961
1962 return &ss->sec.ci.sid->peerCertStatus;
1963 }
1964
1965 const SECItem *
1966 SSL_PeerSignedCertTimestamps(PRFileDesc *fd)
1967 {
1968 sslSocket *ss = ssl_FindSocket(fd);
1969
1970 if (!ss) {
1971 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_PeerSignedCertTimestamps",
1972 SSL_GETPID(), fd));
1973 return NULL;
1974 }
1975
1976 if (!ss->sec.ci.sid) {
1977 PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
1978 return NULL;
1979 }
1980
1981 if (ss->sec.ci.sid->version < SSL_LIBRARY_VERSION_3_0) {
1982 PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);
1983 return NULL;
1984 }
1985 return &ss->sec.ci.sid->u.ssl3.signedCertTimestamps;
1986 }
1987
1988 SECStatus
1989 SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *handshake_resumed) {
1990 sslSocket *ss = ssl_FindSocket(fd);
1991
1992 if (!ss) {
1993 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_HandshakeResumedSession",
1994 SSL_GETPID(), fd));
1995 return SECFailure;
1996 }
1997
1998 *handshake_resumed = ss->ssl3.hs.isResuming;
1999 return SECSuccess;
2000 }
2001
2002 const SECItem *
2003 SSL_GetRequestedClientCertificateTypes(PRFileDesc *fd)
2004 {
2005 sslSocket *ss = ssl_FindSocket(fd);
2006
2007 if (!ss) {
2008 SSL_DBG(("%d: SSL[%d]: bad socket in "
2009 "SSL_GetRequestedClientCertificateTypes", SSL_GETPID(), fd));
2010 return NULL;
2011 }
2012
2013 return ss->requestedCertTypes;
2014 }
2015
2016 /************************************************************************/
2017 /* The following functions are the TOP LEVEL SSL functions.
2018 ** They all get called through the NSPRIOMethods table below.
2019 */
2020
2021 static PRFileDesc * PR_CALLBACK
2022 ssl_Accept(PRFileDesc *fd, PRNetAddr *sockaddr, PRIntervalTime timeout)
2023 {
2024 sslSocket *ss;
2025 sslSocket *ns = NULL;
2026 PRFileDesc *newfd = NULL;
2027 PRFileDesc *osfd;
2028 PRStatus status;
2029
2030 ss = ssl_GetPrivate(fd);
2031 if (!ss) {
2032 SSL_DBG(("%d: SSL[%d]: bad socket in accept", SSL_GETPID(), fd));
2033 return NULL;
2034 }
2035
2036 /* IF this is a listen socket, there shouldn't be any I/O going on */
2037 SSL_LOCK_READER(ss);
2038 SSL_LOCK_WRITER(ss);
2039 ssl_Get1stHandshakeLock(ss);
2040 ssl_GetSSL3HandshakeLock(ss);
2041
2042 ss->cTimeout = timeout;
2043
2044 osfd = ss->fd->lower;
2045
2046 /* First accept connection */
2047 newfd = osfd->methods->accept(osfd, sockaddr, timeout);
2048 if (newfd == NULL) {
2049 SSL_DBG(("%d: SSL[%d]: accept failed, errno=%d",
2050 SSL_GETPID(), ss->fd, PORT_GetError()));
2051 } else {
2052 /* Create ssl module */
2053 ns = ssl_DupSocket(ss);
2054 }
2055
2056 ssl_ReleaseSSL3HandshakeLock(ss);
2057 ssl_Release1stHandshakeLock(ss);
2058 SSL_UNLOCK_WRITER(ss);
2059 SSL_UNLOCK_READER(ss); /* ss isn't used below here. */
2060
2061 if (ns == NULL)
2062 goto loser;
2063
2064 /* push ssl module onto the new socket */
2065 status = ssl_PushIOLayer(ns, newfd, PR_TOP_IO_LAYER);
2066 if (status != PR_SUCCESS)
2067 goto loser;
2068
2069 /* Now start server connection handshake with client.
2070 ** Don't need locks here because nobody else has a reference to ns yet.
2071 */
2072 if ( ns->opt.useSecurity ) {
2073 if ( ns->opt.handshakeAsClient ) {
2074 ns->handshake = ssl2_BeginClientHandshake;
2075 ss->handshaking = sslHandshakingAsClient;
2076 } else {
2077 ns->handshake = ssl2_BeginServerHandshake;
2078 ss->handshaking = sslHandshakingAsServer;
2079 }
2080 }
2081 ns->TCPconnected = 1;
2082 return newfd;
2083
2084 loser:
2085 if (ns != NULL)
2086 ssl_FreeSocket(ns);
2087 if (newfd != NULL)
2088 PR_Close(newfd);
2089 return NULL;
2090 }
2091
2092 static PRStatus PR_CALLBACK
2093 ssl_Connect(PRFileDesc *fd, const PRNetAddr *sockaddr, PRIntervalTime timeout)
2094 {
2095 sslSocket *ss;
2096 PRStatus rv;
2097
2098 ss = ssl_GetPrivate(fd);
2099 if (!ss) {
2100 SSL_DBG(("%d: SSL[%d]: bad socket in connect", SSL_GETPID(), fd));
2101 return PR_FAILURE;
2102 }
2103
2104 /* IF this is a listen socket, there shouldn't be any I/O going on */
2105 SSL_LOCK_READER(ss);
2106 SSL_LOCK_WRITER(ss);
2107
2108 ss->cTimeout = timeout;
2109 rv = (PRStatus)(*ss->ops->connect)(ss, sockaddr);
2110
2111 SSL_UNLOCK_WRITER(ss);
2112 SSL_UNLOCK_READER(ss);
2113
2114 return rv;
2115 }
2116
2117 static PRStatus PR_CALLBACK
2118 ssl_Bind(PRFileDesc *fd, const PRNetAddr *addr)
2119 {
2120 sslSocket * ss = ssl_GetPrivate(fd);
2121 PRStatus rv;
2122
2123 if (!ss) {
2124 SSL_DBG(("%d: SSL[%d]: bad socket in bind", SSL_GETPID(), fd));
2125 return PR_FAILURE;
2126 }
2127 SSL_LOCK_READER(ss);
2128 SSL_LOCK_WRITER(ss);
2129
2130 rv = (PRStatus)(*ss->ops->bind)(ss, addr);
2131
2132 SSL_UNLOCK_WRITER(ss);
2133 SSL_UNLOCK_READER(ss);
2134 return rv;
2135 }
2136
2137 static PRStatus PR_CALLBACK
2138 ssl_Listen(PRFileDesc *fd, PRIntn backlog)
2139 {
2140 sslSocket * ss = ssl_GetPrivate(fd);
2141 PRStatus rv;
2142
2143 if (!ss) {
2144 SSL_DBG(("%d: SSL[%d]: bad socket in listen", SSL_GETPID(), fd));
2145 return PR_FAILURE;
2146 }
2147 SSL_LOCK_READER(ss);
2148 SSL_LOCK_WRITER(ss);
2149
2150 rv = (PRStatus)(*ss->ops->listen)(ss, backlog);
2151
2152 SSL_UNLOCK_WRITER(ss);
2153 SSL_UNLOCK_READER(ss);
2154 return rv;
2155 }
2156
2157 static PRStatus PR_CALLBACK
2158 ssl_Shutdown(PRFileDesc *fd, PRIntn how)
2159 {
2160 sslSocket * ss = ssl_GetPrivate(fd);
2161 PRStatus rv;
2162
2163 if (!ss) {
2164 SSL_DBG(("%d: SSL[%d]: bad socket in shutdown", SSL_GETPID(), fd));
2165 return PR_FAILURE;
2166 }
2167 if (how == PR_SHUTDOWN_RCV || how == PR_SHUTDOWN_BOTH) {
2168 SSL_LOCK_READER(ss);
2169 }
2170 if (how == PR_SHUTDOWN_SEND || how == PR_SHUTDOWN_BOTH) {
2171 SSL_LOCK_WRITER(ss);
2172 }
2173
2174 rv = (PRStatus)(*ss->ops->shutdown)(ss, how);
2175
2176 if (how == PR_SHUTDOWN_SEND || how == PR_SHUTDOWN_BOTH) {
2177 SSL_UNLOCK_WRITER(ss);
2178 }
2179 if (how == PR_SHUTDOWN_RCV || how == PR_SHUTDOWN_BOTH) {
2180 SSL_UNLOCK_READER(ss);
2181 }
2182 return rv;
2183 }
2184
2185 static PRStatus PR_CALLBACK
2186 ssl_Close(PRFileDesc *fd)
2187 {
2188 sslSocket *ss;
2189 PRStatus rv;
2190
2191 ss = ssl_GetPrivate(fd);
2192 if (!ss) {
2193 SSL_DBG(("%d: SSL[%d]: bad socket in close", SSL_GETPID(), fd));
2194 return PR_FAILURE;
2195 }
2196
2197 /* There must not be any I/O going on */
2198 SSL_LOCK_READER(ss);
2199 SSL_LOCK_WRITER(ss);
2200
2201 /* By the time this function returns,
2202 ** ss is an invalid pointer, and the locks to which it points have
2203 ** been unlocked and freed. So, this is the ONE PLACE in all of SSL
2204 ** where the LOCK calls and the corresponding UNLOCK calls are not in
2205 ** the same function scope. The unlock calls are in ssl_FreeSocket().
2206 */
2207 rv = (PRStatus)(*ss->ops->close)(ss);
2208
2209 return rv;
2210 }
2211
2212 static int PR_CALLBACK
2213 ssl_Recv(PRFileDesc *fd, void *buf, PRInt32 len, PRIntn flags,
2214 PRIntervalTime timeout)
2215 {
2216 sslSocket *ss;
2217 int rv;
2218
2219 ss = ssl_GetPrivate(fd);
2220 if (!ss) {
2221 SSL_DBG(("%d: SSL[%d]: bad socket in recv", SSL_GETPID(), fd));
2222 return SECFailure;
2223 }
2224 SSL_LOCK_READER(ss);
2225 ss->rTimeout = timeout;
2226 if (!ss->opt.fdx)
2227 ss->wTimeout = timeout;
2228 rv = (*ss->ops->recv)(ss, (unsigned char*)buf, len, flags);
2229 SSL_UNLOCK_READER(ss);
2230 return rv;
2231 }
2232
2233 static int PR_CALLBACK
2234 ssl_Send(PRFileDesc *fd, const void *buf, PRInt32 len, PRIntn flags,
2235 PRIntervalTime timeout)
2236 {
2237 sslSocket *ss;
2238 int rv;
2239
2240 ss = ssl_GetPrivate(fd);
2241 if (!ss) {
2242 SSL_DBG(("%d: SSL[%d]: bad socket in send", SSL_GETPID(), fd));
2243 return SECFailure;
2244 }
2245 SSL_LOCK_WRITER(ss);
2246 ss->wTimeout = timeout;
2247 if (!ss->opt.fdx)
2248 ss->rTimeout = timeout;
2249 rv = (*ss->ops->send)(ss, (const unsigned char*)buf, len, flags);
2250 SSL_UNLOCK_WRITER(ss);
2251 return rv;
2252 }
2253
2254 static int PR_CALLBACK
2255 ssl_Read(PRFileDesc *fd, void *buf, PRInt32 len)
2256 {
2257 sslSocket *ss;
2258 int rv;
2259
2260 ss = ssl_GetPrivate(fd);
2261 if (!ss) {
2262 SSL_DBG(("%d: SSL[%d]: bad socket in read", SSL_GETPID(), fd));
2263 return SECFailure;
2264 }
2265 SSL_LOCK_READER(ss);
2266 ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
2267 if (!ss->opt.fdx)
2268 ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
2269 rv = (*ss->ops->read)(ss, (unsigned char*)buf, len);
2270 SSL_UNLOCK_READER(ss);
2271 return rv;
2272 }
2273
2274 static int PR_CALLBACK
2275 ssl_Write(PRFileDesc *fd, const void *buf, PRInt32 len)
2276 {
2277 sslSocket *ss;
2278 int rv;
2279
2280 ss = ssl_GetPrivate(fd);
2281 if (!ss) {
2282 SSL_DBG(("%d: SSL[%d]: bad socket in write", SSL_GETPID(), fd));
2283 return SECFailure;
2284 }
2285 SSL_LOCK_WRITER(ss);
2286 ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
2287 if (!ss->opt.fdx)
2288 ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
2289 rv = (*ss->ops->write)(ss, (const unsigned char*)buf, len);
2290 SSL_UNLOCK_WRITER(ss);
2291 return rv;
2292 }
2293
2294 static PRStatus PR_CALLBACK
2295 ssl_GetPeerName(PRFileDesc *fd, PRNetAddr *addr)
2296 {
2297 sslSocket *ss;
2298
2299 ss = ssl_GetPrivate(fd);
2300 if (!ss) {
2301 SSL_DBG(("%d: SSL[%d]: bad socket in getpeername", SSL_GETPID(), fd));
2302 return PR_FAILURE;
2303 }
2304 return (PRStatus)(*ss->ops->getpeername)(ss, addr);
2305 }
2306
2307 /*
2308 */
2309 SECStatus
2310 ssl_GetPeerInfo(sslSocket *ss)
2311 {
2312 PRFileDesc * osfd;
2313 int rv;
2314 PRNetAddr sin;
2315
2316 osfd = ss->fd->lower;
2317
2318 PORT_Memset(&sin, 0, sizeof(sin));
2319 rv = osfd->methods->getpeername(osfd, &sin);
2320 if (rv < 0) {
2321 return SECFailure;
2322 }
2323 ss->TCPconnected = 1;
2324 if (sin.inet.family == PR_AF_INET) {
2325 PR_ConvertIPv4AddrToIPv6(sin.inet.ip, &ss->sec.ci.peer);
2326 ss->sec.ci.port = sin.inet.port;
2327 } else if (sin.ipv6.family == PR_AF_INET6) {
2328 ss->sec.ci.peer = sin.ipv6.ip;
2329 ss->sec.ci.port = sin.ipv6.port;
2330 } else {
2331 PORT_SetError(PR_ADDRESS_NOT_SUPPORTED_ERROR);
2332 return SECFailure;
2333 }
2334 return SECSuccess;
2335 }
2336
2337 static PRStatus PR_CALLBACK
2338 ssl_GetSockName(PRFileDesc *fd, PRNetAddr *name)
2339 {
2340 sslSocket *ss;
2341
2342 ss = ssl_GetPrivate(fd);
2343 if (!ss) {
2344 SSL_DBG(("%d: SSL[%d]: bad socket in getsockname", SSL_GETPID(), fd));
2345 return PR_FAILURE;
2346 }
2347 return (PRStatus)(*ss->ops->getsockname)(ss, name);
2348 }
2349
2350 SECStatus
2351 SSL_SetStapledOCSPResponses(PRFileDesc *fd, const SECItemArray *responses,
2352 SSLKEAType kea)
2353 {
2354 sslSocket *ss;
2355
2356 ss = ssl_FindSocket(fd);
2357 if (!ss) {
2358 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetStapledOCSPResponses",
2359 SSL_GETPID(), fd));
2360 return SECFailure;
2361 }
2362
2363 if ( kea <= 0 || kea >= kt_kea_size) {
2364 SSL_DBG(("%d: SSL[%d]: invalid key in SSL_SetStapledOCSPResponses",
2365 SSL_GETPID(), fd));
2366 return SECFailure;
2367 }
2368
2369 if (ss->certStatusArray[kea]) {
2370 SECITEM_FreeArray(ss->certStatusArray[kea], PR_TRUE);
2371 ss->certStatusArray[kea] = NULL;
2372 }
2373 if (responses) {
2374 ss->certStatusArray[kea] = SECITEM_DupArray(NULL, responses);
2375 }
2376 return (ss->certStatusArray[kea] || !responses) ? SECSuccess : SECFailure;
2377 }
2378
2379 SECStatus
2380 SSL_SetSockPeerID(PRFileDesc *fd, const char *peerID)
2381 {
2382 sslSocket *ss;
2383
2384 ss = ssl_FindSocket(fd);
2385 if (!ss) {
2386 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSockPeerID",
2387 SSL_GETPID(), fd));
2388 return SECFailure;
2389 }
2390
2391 if (ss->peerID) {
2392 PORT_Free(ss->peerID);
2393 ss->peerID = NULL;
2394 }
2395 if (peerID)
2396 ss->peerID = PORT_Strdup(peerID);
2397 return (ss->peerID || !peerID) ? SECSuccess : SECFailure;
2398 }
2399
2400 #define PR_POLL_RW (PR_POLL_WRITE | PR_POLL_READ)
2401
2402 static PRInt16 PR_CALLBACK
2403 ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags)
2404 {
2405 sslSocket *ss;
2406 PRInt16 new_flags = how_flags; /* should select on these flags. */
2407 PRNetAddr addr;
2408
2409 *p_out_flags = 0;
2410 ss = ssl_GetPrivate(fd);
2411 if (!ss) {
2412 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_Poll",
2413 SSL_GETPID(), fd));
2414 return 0; /* don't poll on this socket */
2415 }
2416
2417 if (ss->opt.useSecurity &&
2418 ss->handshaking != sslHandshakingUndetermined &&
2419 !ss->firstHsDone &&
2420 (how_flags & PR_POLL_RW)) {
2421 if (!ss->TCPconnected) {
2422 ss->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ss, &addr));
2423 }
2424 /* If it's not connected, then presumably the application is polling
2425 ** on read or write appropriately, so don't change it.
2426 */
2427 if (ss->TCPconnected) {
2428 if (!ss->handshakeBegun) {
2429 /* If the handshake has not begun, poll on read or write
2430 ** based on the local application's role in the handshake,
2431 ** not based on what the application requested.
2432 */
2433 new_flags &= ~PR_POLL_RW;
2434 if (ss->handshaking == sslHandshakingAsClient) {
2435 new_flags |= PR_POLL_WRITE;
2436 } else { /* handshaking as server */
2437 new_flags |= PR_POLL_READ;
2438 }
2439 } else
2440 /* First handshake is in progress */
2441 if (ss->lastWriteBlocked) {
2442 if (new_flags & PR_POLL_READ) {
2443 /* The caller is waiting for data to be received,
2444 ** but the initial handshake is blocked on write, or the
2445 ** client's first handshake record has not been written.
2446 ** The code should select on write, not read.
2447 */
2448 new_flags ^= PR_POLL_READ; /* don't select on read. */
2449 new_flags |= PR_POLL_WRITE; /* do select on write. */
2450 }
2451 } else if (new_flags & PR_POLL_WRITE) {
2452 /* The caller is trying to write, but the handshake is
2453 ** blocked waiting for data to read, and the first
2454 ** handshake has been sent. So do NOT to poll on write
2455 ** unless we did false start.
2456 */
2457 if (!(ss->version >= SSL_LIBRARY_VERSION_3_0 &&
2458 ss->ssl3.hs.canFalseStart)) {
2459 new_flags ^= PR_POLL_WRITE; /* don't select on write. */
2460 }
2461 new_flags |= PR_POLL_READ; /* do select on read. */
2462 }
2463 }
2464 } else if ((new_flags & PR_POLL_READ) && (SSL_DataPending(fd) > 0)) {
2465 *p_out_flags = PR_POLL_READ; /* it's ready already. */
2466 return new_flags;
2467 } else if ((ss->lastWriteBlocked) && (how_flags & PR_POLL_READ) &&
2468 (ss->pendingBuf.len != 0)) { /* write data waiting to be sent */
2469 new_flags |= PR_POLL_WRITE; /* also select on write. */
2470 }
2471
2472 if (ss->version >= SSL_LIBRARY_VERSION_3_0 &&
2473 ss->ssl3.hs.restartTarget != NULL) {
2474 /* Read and write will block until the asynchronous callback completes
2475 * (e.g. until SSL_AuthCertificateComplete is called), so don't tell
2476 * the caller to poll the socket unless there is pending write data.
2477 */
2478 if (ss->lastWriteBlocked && ss->pendingBuf.len != 0) {
2479 /* Ignore any newly-received data on the socket, but do wait for
2480 * the socket to become writable again. Here, it is OK for an error
2481 * to be detected, because our logic for sending pending write data
2482 * will allow us to report the error to the caller without the risk
2483 * of the application spinning.
2484 */
2485 new_flags &= (PR_POLL_WRITE | PR_POLL_EXCEPT);
2486 } else {
2487 /* Unfortunately, clearing new_flags will make it impossible for
2488 * the application to detect errors that it would otherwise be
2489 * able to detect with PR_POLL_EXCEPT, until the asynchronous
2490 * callback completes. However, we must clear all the flags to
2491 * prevent the application from spinning (alternating between
2492 * calling PR_Poll that would return PR_POLL_EXCEPT, and send/recv
2493 * which won't actually report the I/O error while we are waiting
2494 * for the asynchronous callback to complete).
2495 */
2496 new_flags = 0;
2497 }
2498 }
2499
2500 if (new_flags && (fd->lower->methods->poll != NULL)) {
2501 PRInt16 lower_out_flags = 0;
2502 PRInt16 lower_new_flags;
2503 lower_new_flags = fd->lower->methods->poll(fd->lower, new_flags,
2504 &lower_out_flags);
2505 if ((lower_new_flags & lower_out_flags) && (how_flags != new_flags)) {
2506 PRInt16 out_flags = lower_out_flags & ~PR_POLL_RW;
2507 if (lower_out_flags & PR_POLL_READ)
2508 out_flags |= PR_POLL_WRITE;
2509 if (lower_out_flags & PR_POLL_WRITE)
2510 out_flags |= PR_POLL_READ;
2511 *p_out_flags = out_flags;
2512 new_flags = how_flags;
2513 } else {
2514 *p_out_flags = lower_out_flags;
2515 new_flags = lower_new_flags;
2516 }
2517 }
2518
2519 return new_flags;
2520 }
2521
2522 static PRInt32 PR_CALLBACK
2523 ssl_TransmitFile(PRFileDesc *sd, PRFileDesc *fd,
2524 const void *headers, PRInt32 hlen,
2525 PRTransmitFileFlags flags, PRIntervalTime timeout)
2526 {
2527 PRSendFileData sfd;
2528
2529 sfd.fd = fd;
2530 sfd.file_offset = 0;
2531 sfd.file_nbytes = 0;
2532 sfd.header = headers;
2533 sfd.hlen = hlen;
2534 sfd.trailer = NULL;
2535 sfd.tlen = 0;
2536
2537 return sd->methods->sendfile(sd, &sfd, flags, timeout);
2538 }
2539
2540
2541 PRBool
2542 ssl_FdIsBlocking(PRFileDesc *fd)
2543 {
2544 PRSocketOptionData opt;
2545 PRStatus status;
2546
2547 opt.option = PR_SockOpt_Nonblocking;
2548 opt.value.non_blocking = PR_FALSE;
2549 status = PR_GetSocketOption(fd, &opt);
2550 if (status != PR_SUCCESS)
2551 return PR_FALSE;
2552 return (PRBool)!opt.value.non_blocking;
2553 }
2554
2555 PRBool
2556 ssl_SocketIsBlocking(sslSocket *ss)
2557 {
2558 return ssl_FdIsBlocking(ss->fd);
2559 }
2560
2561 PRInt32 sslFirstBufSize = 8 * 1024;
2562 PRInt32 sslCopyLimit = 1024;
2563
2564 static PRInt32 PR_CALLBACK
2565 ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors,
2566 PRIntervalTime timeout)
2567 {
2568 PRInt32 bufLen;
2569 PRInt32 left;
2570 PRInt32 rv;
2571 PRInt32 sent = 0;
2572 const PRInt32 first_len = sslFirstBufSize;
2573 const PRInt32 limit = sslCopyLimit;
2574 PRBool blocking;
2575 PRIOVec myIov = { 0, 0 };
2576 char buf[MAX_FRAGMENT_LENGTH];
2577
2578 if (vectors > PR_MAX_IOVECTOR_SIZE) {
2579 PORT_SetError(PR_BUFFER_OVERFLOW_ERROR);
2580 return -1;
2581 }
2582 blocking = ssl_FdIsBlocking(fd);
2583
2584 #define K16 sizeof(buf)
2585 #define KILL_VECTORS while (vectors && !iov->iov_len) { ++iov; --vectors; }
2586 #define GET_VECTOR do { myIov = *iov++; --vectors; KILL_VECTORS } while (0)
2587 #define HANDLE_ERR(rv, len) \
2588 if (rv != len) { \
2589 if (rv < 0) { \
2590 if (!blocking \
2591 && (PR_GetError() == PR_WOULD_BLOCK_ERROR) \
2592 && (sent > 0)) { \
2593 return sent; \
2594 } else { \
2595 return -1; \
2596 } \
2597 } \
2598 /* Only a nonblocking socket can have partial sends */ \
2599 PR_ASSERT(!blocking); \
2600 return sent + rv; \
2601 }
2602 #define SEND(bfr, len) \
2603 do { \
2604 rv = ssl_Send(fd, bfr, len, 0, timeout); \
2605 HANDLE_ERR(rv, len) \
2606 sent += len; \
2607 } while (0)
2608
2609 /* Make sure the first write is at least 8 KB, if possible. */
2610 KILL_VECTORS
2611 if (!vectors)
2612 return ssl_Send(fd, 0, 0, 0, timeout);
2613 GET_VECTOR;
2614 if (!vectors) {
2615 return ssl_Send(fd, myIov.iov_base, myIov.iov_len, 0, timeout);
2616 }
2617 if (myIov.iov_len < first_len) {
2618 PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len);
2619 bufLen = myIov.iov_len;
2620 left = first_len - bufLen;
2621 while (vectors && left) {
2622 int toCopy;
2623 GET_VECTOR;
2624 toCopy = PR_MIN(left, myIov.iov_len);
2625 PORT_Memcpy(buf + bufLen, myIov.iov_base, toCopy);
2626 bufLen += toCopy;
2627 left -= toCopy;
2628 myIov.iov_base += toCopy;
2629 myIov.iov_len -= toCopy;
2630 }
2631 SEND( buf, bufLen );
2632 }
2633
2634 while (vectors || myIov.iov_len) {
2635 PRInt32 addLen;
2636 if (!myIov.iov_len) {
2637 GET_VECTOR;
2638 }
2639 while (myIov.iov_len >= K16) {
2640 SEND(myIov.iov_base, K16);
2641 myIov.iov_base += K16;
2642 myIov.iov_len -= K16;
2643 }
2644 if (!myIov.iov_len)
2645 continue;
2646
2647 if (!vectors || myIov.iov_len > limit) {
2648 addLen = 0;
2649 } else if ((addLen = iov->iov_len % K16) + myIov.iov_len <= limit) {
2650 /* Addlen is already computed. */;
2651 } else if (vectors > 1 &&
2652 iov[1].iov_len % K16 + addLen + myIov.iov_len <= 2 * limit) {
2653 addLen = limit - myIov.iov_len;
2654 } else
2655 addLen = 0;
2656
2657 if (!addLen) {
2658 SEND( myIov.iov_base, myIov.iov_len );
2659 myIov.iov_len = 0;
2660 continue;
2661 }
2662 PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len);
2663 bufLen = myIov.iov_len;
2664 do {
2665 GET_VECTOR;
2666 PORT_Memcpy(buf + bufLen, myIov.iov_base, addLen);
2667 myIov.iov_base += addLen;
2668 myIov.iov_len -= addLen;
2669 bufLen += addLen;
2670
2671 left = PR_MIN( limit, K16 - bufLen);
2672 if (!vectors /* no more left */
2673 || myIov.iov_len > 0 /* we didn't use that one all up */
2674 || bufLen >= K16 /* it's full. */
2675 ) {
2676 addLen = 0;
2677 } else if ((addLen = iov->iov_len % K16) <= left) {
2678 /* Addlen is already computed. */;
2679 } else if (vectors > 1 &&
2680 iov[1].iov_len % K16 + addLen <= left + limit) {
2681 addLen = left;
2682 } else
2683 addLen = 0;
2684
2685 } while (addLen);
2686 SEND( buf, bufLen );
2687 }
2688 return sent;
2689 }
2690
2691 /*
2692 * These functions aren't implemented.
2693 */
2694
2695 static PRInt32 PR_CALLBACK
2696 ssl_Available(PRFileDesc *fd)
2697 {
2698 PORT_Assert(0);
2699 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2700 return SECFailure;
2701 }
2702
2703 static PRInt64 PR_CALLBACK
2704 ssl_Available64(PRFileDesc *fd)
2705 {
2706 PRInt64 res;
2707
2708 PORT_Assert(0);
2709 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2710 LL_I2L(res, -1L);
2711 return res;
2712 }
2713
2714 static PRStatus PR_CALLBACK
2715 ssl_FSync(PRFileDesc *fd)
2716 {
2717 PORT_Assert(0);
2718 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2719 return PR_FAILURE;
2720 }
2721
2722 static PRInt32 PR_CALLBACK
2723 ssl_Seek(PRFileDesc *fd, PRInt32 offset, PRSeekWhence how) {
2724 PORT_Assert(0);
2725 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2726 return SECFailure;
2727 }
2728
2729 static PRInt64 PR_CALLBACK
2730 ssl_Seek64(PRFileDesc *fd, PRInt64 offset, PRSeekWhence how) {
2731 PRInt64 res;
2732
2733 PORT_Assert(0);
2734 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2735 LL_I2L(res, -1L);
2736 return res;
2737 }
2738
2739 static PRStatus PR_CALLBACK
2740 ssl_FileInfo(PRFileDesc *fd, PRFileInfo *info)
2741 {
2742 PORT_Assert(0);
2743 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2744 return PR_FAILURE;
2745 }
2746
2747 static PRStatus PR_CALLBACK
2748 ssl_FileInfo64(PRFileDesc *fd, PRFileInfo64 *info)
2749 {
2750 PORT_Assert(0);
2751 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2752 return PR_FAILURE;
2753 }
2754
2755 static PRInt32 PR_CALLBACK
2756 ssl_RecvFrom(PRFileDesc *fd, void *buf, PRInt32 amount, PRIntn flags,
2757 PRNetAddr *addr, PRIntervalTime timeout)
2758 {
2759 PORT_Assert(0);
2760 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2761 return SECFailure;
2762 }
2763
2764 static PRInt32 PR_CALLBACK
2765 ssl_SendTo(PRFileDesc *fd, const void *buf, PRInt32 amount, PRIntn flags,
2766 const PRNetAddr *addr, PRIntervalTime timeout)
2767 {
2768 PORT_Assert(0);
2769 PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
2770 return SECFailure;
2771 }
2772
2773 static const PRIOMethods ssl_methods = {
2774 PR_DESC_LAYERED,
2775 ssl_Close, /* close */
2776 ssl_Read, /* read */
2777 ssl_Write, /* write */
2778 ssl_Available, /* available */
2779 ssl_Available64, /* available64 */
2780 ssl_FSync, /* fsync */
2781 ssl_Seek, /* seek */
2782 ssl_Seek64, /* seek64 */
2783 ssl_FileInfo, /* fileInfo */
2784 ssl_FileInfo64, /* fileInfo64 */
2785 ssl_WriteV, /* writev */
2786 ssl_Connect, /* connect */
2787 ssl_Accept, /* accept */
2788 ssl_Bind, /* bind */
2789 ssl_Listen, /* listen */
2790 ssl_Shutdown, /* shutdown */
2791 ssl_Recv, /* recv */
2792 ssl_Send, /* send */
2793 ssl_RecvFrom, /* recvfrom */
2794 ssl_SendTo, /* sendto */
2795 ssl_Poll, /* poll */
2796 PR_EmulateAcceptRead, /* acceptread */
2797 ssl_TransmitFile, /* transmitfile */
2798 ssl_GetSockName, /* getsockname */
2799 ssl_GetPeerName, /* getpeername */
2800 NULL, /* getsockopt OBSOLETE */
2801 NULL, /* setsockopt OBSOLETE */
2802 NULL, /* getsocketoption */
2803 NULL, /* setsocketoption */
2804 PR_EmulateSendFile, /* Send a (partial) file with header/trailer*/
2805 NULL, /* reserved for future use */
2806 NULL, /* reserved for future use */
2807 NULL, /* reserved for future use */
2808 NULL, /* reserved for future use */
2809 NULL /* reserved for future use */
2810 };
2811
2812
2813 static PRIOMethods combined_methods;
2814
2815 static void
2816 ssl_SetupIOMethods(void)
2817 {
2818 PRIOMethods *new_methods = &combined_methods;
2819 const PRIOMethods *nspr_methods = PR_GetDefaultIOMethods();
2820 const PRIOMethods *my_methods = &ssl_methods;
2821
2822 *new_methods = *nspr_methods;
2823
2824 new_methods->file_type = my_methods->file_type;
2825 new_methods->close = my_methods->close;
2826 new_methods->read = my_methods->read;
2827 new_methods->write = my_methods->write;
2828 new_methods->available = my_methods->available;
2829 new_methods->available64 = my_methods->available64;
2830 new_methods->fsync = my_methods->fsync;
2831 new_methods->seek = my_methods->seek;
2832 new_methods->seek64 = my_methods->seek64;
2833 new_methods->fileInfo = my_methods->fileInfo;
2834 new_methods->fileInfo64 = my_methods->fileInfo64;
2835 new_methods->writev = my_methods->writev;
2836 new_methods->connect = my_methods->connect;
2837 new_methods->accept = my_methods->accept;
2838 new_methods->bind = my_methods->bind;
2839 new_methods->listen = my_methods->listen;
2840 new_methods->shutdown = my_methods->shutdown;
2841 new_methods->recv = my_methods->recv;
2842 new_methods->send = my_methods->send;
2843 new_methods->recvfrom = my_methods->recvfrom;
2844 new_methods->sendto = my_methods->sendto;
2845 new_methods->poll = my_methods->poll;
2846 new_methods->acceptread = my_methods->acceptread;
2847 new_methods->transmitfile = my_methods->transmitfile;
2848 new_methods->getsockname = my_methods->getsockname;
2849 new_methods->getpeername = my_methods->getpeername;
2850 /* new_methods->getsocketoption = my_methods->getsocketoption; */
2851 /* new_methods->setsocketoption = my_methods->setsocketoption; */
2852 new_methods->sendfile = my_methods->sendfile;
2853
2854 }
2855
2856 static PRCallOnceType initIoLayerOnce;
2857
2858 static PRStatus
2859 ssl_InitIOLayer(void)
2860 {
2861 ssl_layer_id = PR_GetUniqueIdentity("SSL");
2862 ssl_SetupIOMethods();
2863 ssl_inited = PR_TRUE;
2864 return PR_SUCCESS;
2865 }
2866
2867 static PRStatus
2868 ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack, PRDescIdentity id)
2869 {
2870 PRFileDesc *layer = NULL;
2871 PRStatus status;
2872
2873 if (!ssl_inited) {
2874 status = PR_CallOnce(&initIoLayerOnce, &ssl_InitIOLayer);
2875 if (status != PR_SUCCESS)
2876 goto loser;
2877 }
2878
2879 if (ns == NULL)
2880 goto loser;
2881
2882 layer = PR_CreateIOLayerStub(ssl_layer_id, &combined_methods);
2883 if (layer == NULL)
2884 goto loser;
2885 layer->secret = (PRFilePrivate *)ns;
2886
2887 /* Here, "stack" points to the PRFileDesc on the top of the stack.
2888 ** "layer" points to a new FD that is to be inserted into the stack.
2889 ** If layer is being pushed onto the top of the stack, then
2890 ** PR_PushIOLayer switches the contents of stack and layer, and then
2891 ** puts stack on top of layer, so that after it is done, the top of
2892 ** stack is the same "stack" as it was before, and layer is now the
2893 ** FD for the former top of stack.
2894 ** After this call, stack always points to the top PRFD on the stack.
2895 ** If this function fails, the contents of stack and layer are as
2896 ** they were before the call.
2897 */
2898 status = PR_PushIOLayer(stack, id, layer);
2899 if (status != PR_SUCCESS)
2900 goto loser;
2901
2902 ns->fd = (id == PR_TOP_IO_LAYER) ? stack : layer;
2903 return PR_SUCCESS;
2904
2905 loser:
2906 if (layer) {
2907 layer->dtor(layer); /* free layer */
2908 }
2909 return PR_FAILURE;
2910 }
2911
2912 /* if this fails, caller must destroy socket. */
2913 static SECStatus
2914 ssl_MakeLocks(sslSocket *ss)
2915 {
2916 ss->firstHandshakeLock = PZ_NewMonitor(nssILockSSL);
2917 if (!ss->firstHandshakeLock)
2918 goto loser;
2919 ss->ssl3HandshakeLock = PZ_NewMonitor(nssILockSSL);
2920 if (!ss->ssl3HandshakeLock)
2921 goto loser;
2922 ss->specLock = NSSRWLock_New(SSL_LOCK_RANK_SPEC, NULL);
2923 if (!ss->specLock)
2924 goto loser;
2925 ss->recvBufLock = PZ_NewMonitor(nssILockSSL);
2926 if (!ss->recvBufLock)
2927 goto loser;
2928 ss->xmitBufLock = PZ_NewMonitor(nssILockSSL);
2929 if (!ss->xmitBufLock)
2930 goto loser;
2931 ss->writerThread = NULL;
2932 if (ssl_lock_readers) {
2933 ss->recvLock = PZ_NewLock(nssILockSSL);
2934 if (!ss->recvLock)
2935 goto loser;
2936 ss->sendLock = PZ_NewLock(nssILockSSL);
2937 if (!ss->sendLock)
2938 goto loser;
2939 }
2940 return SECSuccess;
2941 loser:
2942 ssl_DestroyLocks(ss);
2943 return SECFailure;
2944 }
2945
2946 #if defined(XP_UNIX) || defined(XP_WIN32) || defined(XP_BEOS)
2947 #define NSS_HAVE_GETENV 1
2948 #endif
2949
2950 #define LOWER(x) (x | 0x20) /* cheap ToLower function ignores LOCALE */
2951
2952 static void
2953 ssl_SetDefaultsFromEnvironment(void)
2954 {
2955 #if defined( NSS_HAVE_GETENV )
2956 static int firsttime = 1;
2957
2958 if (firsttime) {
2959 char * ev;
2960 firsttime = 0;
2961 #ifdef DEBUG
2962 ev = getenv("SSLDEBUGFILE");
2963 if (ev && ev[0]) {
2964 ssl_trace_iob = fopen(ev, "w");
2965 }
2966 if (!ssl_trace_iob) {
2967 ssl_trace_iob = stderr;
2968 }
2969 #ifdef TRACE
2970 ev = getenv("SSLTRACE");
2971 if (ev && ev[0]) {
2972 ssl_trace = atoi(ev);
2973 SSL_TRACE(("SSL: tracing set to %d", ssl_trace));
2974 }
2975 #endif /* TRACE */
2976 ev = getenv("SSLDEBUG");
2977 if (ev && ev[0]) {
2978 ssl_debug = atoi(ev);
2979 SSL_TRACE(("SSL: debugging set to %d", ssl_debug));
2980 }
2981 #endif /* DEBUG */
2982 ev = getenv("SSLKEYLOGFILE");
2983 if (ev && ev[0]) {
2984 ssl_keylog_iob = fopen(ev, "a");
2985 if (!ssl_keylog_iob) {
2986 SSL_TRACE(("SSL: failed to open key log file"));
2987 } else {
2988 if (ftell(ssl_keylog_iob) == 0) {
2989 fputs("# SSL/TLS secrets log file, generated by NSS\n",
2990 ssl_keylog_iob);
2991 }
2992 SSL_TRACE(("SSL: logging SSL/TLS secrets to %s", ev));
2993 }
2994 }
2995 #ifndef NO_PKCS11_BYPASS
2996 ev = getenv("SSLBYPASS");
2997 if (ev && ev[0]) {
2998 ssl_defaults.bypassPKCS11 = (ev[0] == '1');
2999 SSL_TRACE(("SSL: bypass default set to %d", \
3000 ssl_defaults.bypassPKCS11));
3001 }
3002 #endif /* NO_PKCS11_BYPASS */
3003 ev = getenv("SSLFORCELOCKS");
3004 if (ev && ev[0] == '1') {
3005 ssl_force_locks = PR_TRUE;
3006 ssl_defaults.noLocks = 0;
3007 strcpy(lockStatus + LOCKSTATUS_OFFSET, "FORCED. ");
3008 SSL_TRACE(("SSL: force_locks set to %d", ssl_force_locks));
3009 }
3010 ev = getenv("NSS_SSL_ENABLE_RENEGOTIATION");
3011 if (ev) {
3012 if (ev[0] == '1' || LOWER(ev[0]) == 'u')
3013 ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_UNRESTRICTED;
3014 else if (ev[0] == '0' || LOWER(ev[0]) == 'n')
3015 ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_NEVER;
3016 else if (ev[0] == '2' || LOWER(ev[0]) == 'r')
3017 ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN;
3018 else if (ev[0] == '3' || LOWER(ev[0]) == 't')
3019 ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_TRANSITIONAL;
3020 SSL_TRACE(("SSL: enableRenegotiation set to %d",
3021 ssl_defaults.enableRenegotiation));
3022 }
3023 ev = getenv("NSS_SSL_REQUIRE_SAFE_NEGOTIATION");
3024 if (ev && ev[0] == '1') {
3025 ssl_defaults.requireSafeNegotiation = PR_TRUE;
3026 SSL_TRACE(("SSL: requireSafeNegotiation set to %d",
3027 PR_TRUE));
3028 }
3029 ev = getenv("NSS_SSL_CBC_RANDOM_IV");
3030 if (ev && ev[0] == '0') {
3031 ssl_defaults.cbcRandomIV = PR_FALSE;
3032 SSL_TRACE(("SSL: cbcRandomIV set to 0"));
3033 }
3034 }
3035 #endif /* NSS_HAVE_GETENV */
3036 }
3037
3038 /*
3039 ** Create a newsocket structure for a file descriptor.
3040 */
3041 static sslSocket *
3042 ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
3043 {
3044 sslSocket *ss;
3045
3046 ssl_SetDefaultsFromEnvironment();
3047
3048 if (ssl_force_locks)
3049 makeLocks = PR_TRUE;
3050
3051 /* Make a new socket and get it ready */
3052 ss = (sslSocket*) PORT_ZAlloc(sizeof(sslSocket));
3053 if (ss) {
3054 /* This should be of type SSLKEAType, but CC on IRIX
3055 * complains during the for loop.
3056 */
3057 int i;
3058 SECStatus status;
3059
3060 ss->opt = ssl_defaults;
3061 ss->opt.useSocks = PR_FALSE;
3062 ss->opt.noLocks = !makeLocks;
3063 ss->vrange = *VERSIONS_DEFAULTS(protocolVariant);
3064 ss->protocolVariant = protocolVariant;
3065
3066 ss->peerID = NULL;
3067 ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
3068 ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
3069 ss->cTimeout = PR_INTERVAL_NO_TIMEOUT;
3070 ss->cipherSpecs = NULL;
3071 ss->sizeCipherSpecs = 0; /* produced lazily */
3072 ss->preferredCipher = NULL;
3073 ss->url = NULL;
3074
3075 for (i=kt_null; i < kt_kea_size; i++) {
3076 sslServerCerts * sc = ss->serverCerts + i;
3077 sc->serverCert = NULL;
3078 sc->serverCertChain = NULL;
3079 sc->serverKeyPair = NULL;
3080 sc->serverKeyBits = 0;
3081 ss->certStatusArray[i] = NULL;
3082 }
3083 ss->requestedCertTypes = NULL;
3084 ss->stepDownKeyPair = NULL;
3085 ss->dbHandle = CERT_GetDefaultCertDB();
3086
3087 /* Provide default implementation of hooks */
3088 ss->authCertificate = SSL_AuthCertificate;
3089 ss->authCertificateArg = (void *)ss->dbHandle;
3090 ss->sniSocketConfig = NULL;
3091 ss->sniSocketConfigArg = NULL;
3092 ss->getClientAuthData = NULL;
3093 #ifdef NSS_PLATFORM_CLIENT_AUTH
3094 ss->getPlatformClientAuthData = NULL;
3095 ss->getPlatformClientAuthDataArg = NULL;
3096 #endif /* NSS_PLATFORM_CLIENT_AUTH */
3097 ss->handleBadCert = NULL;
3098 ss->badCertArg = NULL;
3099 ss->pkcs11PinArg = NULL;
3100 ss->ephemeralECDHKeyPair = NULL;
3101 ss->getChannelID = NULL;
3102 ss->getChannelIDArg = NULL;
3103
3104 ssl_ChooseOps(ss);
3105 ssl2_InitSocketPolicy(ss);
3106 ssl3_InitSocketPolicy(ss);
3107 PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight);
3108
3109 if (makeLocks) {
3110 status = ssl_MakeLocks(ss);
3111 if (status != SECSuccess)
3112 goto loser;
3113 }
3114 status = ssl_CreateSecurityInfo(ss);
3115 if (status != SECSuccess)
3116 goto loser;
3117 status = ssl_InitGather(&ss->gs);
3118 if (status != SECSuccess) {
3119 loser:
3120 ssl_DestroySocketContents(ss);
3121 ssl_DestroyLocks(ss);
3122 PORT_Free(ss);
3123 ss = NULL;
3124 }
3125 }
3126 return ss;
3127 }
3128