search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge Chromium + Blink git repositories
[chromium-blink-merge.git] / net / third_party / nss / ssl / sslsecur.c
blob00ab455b56cdba5a512ced839c81722b6e2a38d8
1 /*
2 * Various SSL functions.
3 *
4 * This Source Code Form is subject to the terms of the Mozilla Public
5 * License, v. 2.0. If a copy of the MPL was not distributed with this
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #include "cert.h"
8 #include "secitem.h"
9 #include "keyhi.h"
10 #include "ssl.h"
11 #include "sslimpl.h"
12 #include "sslproto.h"
13 #include "secoid.h" /* for SECOID_GetALgorithmTag */
14 #include "pk11func.h" /* for PK11_GenerateRandom */
15 #include "nss.h" /* for NSS_RegisterShutdown */
16 #include "prinit.h" /* for PR_CallOnceWithArg */
17
18 #define MAX_BLOCK_CYPHER_SIZE 32
19
20 #define TEST_FOR_FAILURE /* reminder */
21 #define SET_ERROR_CODE /* reminder */
22
23 /* Returns a SECStatus: SECSuccess or SECFailure, NOT SECWouldBlock.
24 *
25 * Currently, the list of functions called through ss->handshake is:
26 *
27 * In sslsocks.c:
28 * SocksGatherRecord
29 * SocksHandleReply
30 * SocksStartGather
31 *
32 * In sslcon.c:
33 * ssl_GatherRecord1stHandshake
34 * ssl2_HandleClientSessionKeyMessage
35 * ssl2_HandleMessage
36 * ssl2_HandleVerifyMessage
37 * ssl2_BeginClientHandshake
38 * ssl2_BeginServerHandshake
39 * ssl2_HandleClientHelloMessage
40 * ssl2_HandleServerHelloMessage
41 *
42 * The ss->handshake function returns SECWouldBlock under these conditions:
43 * 1. ssl_GatherRecord1stHandshake called ssl2_GatherData which read in
44 * the beginning of an SSL v3 hello message and returned SECWouldBlock
45 * to switch to SSL v3 handshake processing.
46 *
47 * 2. ssl2_HandleClientHelloMessage discovered version 3.0 in the incoming
48 * v2 client hello msg, and called ssl3_HandleV2ClientHello which
49 * returned SECWouldBlock.
50 *
51 * 3. SECWouldBlock was returned by one of the callback functions, via
52 * one of these paths:
53 * - ssl2_HandleMessage() -> ssl2_HandleRequestCertificate() ->
54 * ss->getClientAuthData()
55 *
56 * - ssl2_HandleServerHelloMessage() -> ss->handleBadCert()
57 *
58 * - ssl_GatherRecord1stHandshake() -> ssl3_GatherCompleteHandshake() ->
59 * ssl3_HandleRecord() -> ssl3_HandleHandshake() ->
60 * ssl3_HandleHandshakeMessage() -> ssl3_HandleCertificate() ->
61 * ss->handleBadCert()
62 *
63 * - ssl_GatherRecord1stHandshake() -> ssl3_GatherCompleteHandshake() ->
64 * ssl3_HandleRecord() -> ssl3_HandleHandshake() ->
65 * ssl3_HandleHandshakeMessage() -> ssl3_HandleCertificateRequest() ->
66 * ss->getClientAuthData()
67 *
68 * Called from: SSL_ForceHandshake (below),
69 * ssl_SecureRecv (below) and
70 * ssl_SecureSend (below)
71 * from: WaitForResponse in sslsocks.c
72 * ssl_SocksRecv in sslsocks.c
73 * ssl_SocksSend in sslsocks.c
74 *
75 * Caller must hold the (write) handshakeLock.
76 */
77 int
78 ssl_Do1stHandshake(sslSocket *ss)
79 {
80 int rv = SECSuccess;
81 int loopCount = 0;
82
83 do {
84 PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) );
85 PORT_Assert(ss->opt.noLocks || !ssl_HaveRecvBufLock(ss));
86 PORT_Assert(ss->opt.noLocks || !ssl_HaveXmitBufLock(ss));
87 PORT_Assert(ss->opt.noLocks || !ssl_HaveSSL3HandshakeLock(ss));
88
89 if (ss->handshake == 0) {
90 /* Previous handshake finished. Switch to next one */
91 ss->handshake = ss->nextHandshake;
92 ss->nextHandshake = 0;
93 }
94 if (ss->handshake == 0) {
95 /* Previous handshake finished. Switch to security handshake */
96 ss->handshake = ss->securityHandshake;
97 ss->securityHandshake = 0;
98 }
99 if (ss->handshake == 0) {
100 /* for v3 this is done in ssl3_FinishHandshake */
101 if (!ss->firstHsDone && ss->version < SSL_LIBRARY_VERSION_3_0) {
102 ssl_GetRecvBufLock(ss);
103 ss->gs.recordLen = 0;
104 ssl_FinishHandshake(ss);
105 ssl_ReleaseRecvBufLock(ss);
106 }
107 break;
108 }
109 rv = (*ss->handshake)(ss);
110 ++loopCount;
111 /* This code must continue to loop on SECWouldBlock,
112 * or any positive value. See XXX_1 comments.
113 */
114 } while (rv != SECFailure); /* was (rv >= 0); XXX_1 */
115
116 PORT_Assert(ss->opt.noLocks || !ssl_HaveRecvBufLock(ss));
117 PORT_Assert(ss->opt.noLocks || !ssl_HaveXmitBufLock(ss));
118 PORT_Assert(ss->opt.noLocks || !ssl_HaveSSL3HandshakeLock(ss));
119
120 if (rv == SECWouldBlock) {
121 PORT_SetError(PR_WOULD_BLOCK_ERROR);
122 rv = SECFailure;
123 }
124 return rv;
125 }
126
127 void
128 ssl_FinishHandshake(sslSocket *ss)
129 {
130 PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) );
131 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
132
133 SSL_TRC(3, ("%d: SSL[%d]: handshake is completed", SSL_GETPID(), ss->fd));
134
135 ss->firstHsDone = PR_TRUE;
136 ss->enoughFirstHsDone = PR_TRUE;
137 ss->gs.writeOffset = 0;
138 ss->gs.readOffset = 0;
139
140 if (ss->handshakeCallback) {
141 (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData);
142 }
143 }
144
145 /*
146 * Handshake function that blocks. Used to force a
147 * retry on a connection on the next read/write.
148 */
149 static SECStatus
150 ssl3_AlwaysBlock(sslSocket *ss)
151 {
152 PORT_SetError(PR_WOULD_BLOCK_ERROR); /* perhaps redundant. */
153 return SECWouldBlock;
154 }
155
156 /*
157 * set the initial handshake state machine to block
158 */
159 void
160 ssl3_SetAlwaysBlock(sslSocket *ss)
161 {
162 if (!ss->firstHsDone) {
163 ss->handshake = ssl3_AlwaysBlock;
164 ss->nextHandshake = 0;
165 }
166 }
167
168 static SECStatus
169 ssl_SetTimeout(PRFileDesc *fd, PRIntervalTime timeout)
170 {
171 sslSocket *ss;
172
173 ss = ssl_FindSocket(fd);
174 if (!ss) {
175 SSL_DBG(("%d: SSL[%d]: bad socket in SetTimeout", SSL_GETPID(), fd));
176 return SECFailure;
177 }
178 SSL_LOCK_READER(ss);
179 ss->rTimeout = timeout;
180 if (ss->opt.fdx) {
181 SSL_LOCK_WRITER(ss);
182 }
183 ss->wTimeout = timeout;
184 if (ss->opt.fdx) {
185 SSL_UNLOCK_WRITER(ss);
186 }
187 SSL_UNLOCK_READER(ss);
188 return SECSuccess;
189 }
190
191 /* Acquires and releases HandshakeLock.
192 */
193 SECStatus
194 SSL_ResetHandshake(PRFileDesc *s, PRBool asServer)
195 {
196 sslSocket *ss;
197 SECStatus status;
198 PRNetAddr addr;
199
200 ss = ssl_FindSocket(s);
201 if (!ss) {
202 SSL_DBG(("%d: SSL[%d]: bad socket in ResetHandshake", SSL_GETPID(), s));
203 return SECFailure;
204 }
205
206 /* Don't waste my time */
207 if (!ss->opt.useSecurity)
208 return SECSuccess;
209
210 SSL_LOCK_READER(ss);
211 SSL_LOCK_WRITER(ss);
212
213 /* Reset handshake state */
214 ssl_Get1stHandshakeLock(ss);
215
216 ss->firstHsDone = PR_FALSE;
217 ss->enoughFirstHsDone = PR_FALSE;
218 if ( asServer ) {
219 ss->handshake = ssl2_BeginServerHandshake;
220 ss->handshaking = sslHandshakingAsServer;
221 } else {
222 ss->handshake = ssl2_BeginClientHandshake;
223 ss->handshaking = sslHandshakingAsClient;
224 }
225 ss->nextHandshake = 0;
226 ss->securityHandshake = 0;
227
228 ssl_GetRecvBufLock(ss);
229 status = ssl_InitGather(&ss->gs);
230 ssl_ReleaseRecvBufLock(ss);
231
232 ssl_GetSSL3HandshakeLock(ss);
233 ss->ssl3.hs.canFalseStart = PR_FALSE;
234 ss->ssl3.hs.restartTarget = NULL;
235
236 /*
237 ** Blow away old security state and get a fresh setup.
238 */
239 ssl_GetXmitBufLock(ss);
240 ssl_ResetSecurityInfo(&ss->sec, PR_TRUE);
241 status = ssl_CreateSecurityInfo(ss);
242 ssl_ReleaseXmitBufLock(ss);
243
244 ssl_ReleaseSSL3HandshakeLock(ss);
245 ssl_Release1stHandshakeLock(ss);
246
247 if (!ss->TCPconnected)
248 ss->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ss, &addr));
249
250 SSL_UNLOCK_WRITER(ss);
251 SSL_UNLOCK_READER(ss);
252
253 return status;
254 }
255
256 /* For SSLv2, does nothing but return an error.
257 ** For SSLv3, flushes SID cache entry (if requested),
258 ** and then starts new client hello or hello request.
259 ** Acquires and releases HandshakeLock.
260 */
261 SECStatus
262 SSL_ReHandshake(PRFileDesc *fd, PRBool flushCache)
263 {
264 sslSocket *ss;
265 SECStatus rv;
266
267 ss = ssl_FindSocket(fd);
268 if (!ss) {
269 SSL_DBG(("%d: SSL[%d]: bad socket in RedoHandshake", SSL_GETPID(), fd));
270 return SECFailure;
271 }
272
273 if (!ss->opt.useSecurity)
274 return SECSuccess;
275
276 ssl_Get1stHandshakeLock(ss);
277
278 /* SSL v2 protocol does not support subsequent handshakes. */
279 if (ss->version < SSL_LIBRARY_VERSION_3_0) {
280 PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);
281 rv = SECFailure;
282 } else {
283 ssl_GetSSL3HandshakeLock(ss);
284 rv = ssl3_RedoHandshake(ss, flushCache); /* force full handshake. */
285 ssl_ReleaseSSL3HandshakeLock(ss);
286 }
287
288 ssl_Release1stHandshakeLock(ss);
289
290 return rv;
291 }
292
293 /*
294 ** Same as above, but with an I/O timeout.
295 */
296 SSL_IMPORT SECStatus SSL_ReHandshakeWithTimeout(PRFileDesc *fd,
297 PRBool flushCache,
298 PRIntervalTime timeout)
299 {
300 if (SECSuccess != ssl_SetTimeout(fd, timeout)) {
301 return SECFailure;
302 }
303 return SSL_ReHandshake(fd, flushCache);
304 }
305
306 SECStatus
307 SSL_RedoHandshake(PRFileDesc *fd)
308 {
309 return SSL_ReHandshake(fd, PR_TRUE);
310 }
311
312 /* Register an application callback to be called when SSL handshake completes.
313 ** Acquires and releases HandshakeLock.
314 */
315 SECStatus
316 SSL_HandshakeCallback(PRFileDesc *fd, SSLHandshakeCallback cb,
317 void *client_data)
318 {
319 sslSocket *ss;
320
321 ss = ssl_FindSocket(fd);
322 if (!ss) {
323 SSL_DBG(("%d: SSL[%d]: bad socket in HandshakeCallback",
324 SSL_GETPID(), fd));
325 return SECFailure;
326 }
327
328 if (!ss->opt.useSecurity) {
329 PORT_SetError(SEC_ERROR_INVALID_ARGS);
330 return SECFailure;
331 }
332
333 ssl_Get1stHandshakeLock(ss);
334 ssl_GetSSL3HandshakeLock(ss);
335
336 ss->handshakeCallback = cb;
337 ss->handshakeCallbackData = client_data;
338
339 ssl_ReleaseSSL3HandshakeLock(ss);
340 ssl_Release1stHandshakeLock(ss);
341
342 return SECSuccess;
343 }
344
345 /* Register an application callback to be called when false start may happen.
346 ** Acquires and releases HandshakeLock.
347 */
348 SECStatus
349 SSL_SetCanFalseStartCallback(PRFileDesc *fd, SSLCanFalseStartCallback cb,
350 void *arg)
351 {
352 sslSocket *ss;
353
354 ss = ssl_FindSocket(fd);
355 if (!ss) {
356 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetCanFalseStartCallback",
357 SSL_GETPID(), fd));
358 return SECFailure;
359 }
360
361 if (!ss->opt.useSecurity) {
362 PORT_SetError(SEC_ERROR_INVALID_ARGS);
363 return SECFailure;
364 }
365
366 ssl_Get1stHandshakeLock(ss);
367 ssl_GetSSL3HandshakeLock(ss);
368
369 ss->canFalseStartCallback = cb;
370 ss->canFalseStartCallbackData = arg;
371
372 ssl_ReleaseSSL3HandshakeLock(ss);
373 ssl_Release1stHandshakeLock(ss);
374
375 return SECSuccess;
376 }
377
378 SECStatus
379 SSL_RecommendedCanFalseStart(PRFileDesc *fd, PRBool *canFalseStart)
380 {
381 sslSocket *ss;
382
383 *canFalseStart = PR_FALSE;
384 ss = ssl_FindSocket(fd);
385 if (!ss) {
386 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_RecommendedCanFalseStart",
387 SSL_GETPID(), fd));
388 return SECFailure;
389 }
390
391 if (!ss->ssl3.initialized) {
392 PORT_SetError(SEC_ERROR_INVALID_ARGS);
393 return SECFailure;
394 }
395
396 if (ss->version < SSL_LIBRARY_VERSION_3_0) {
397 PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);
398 return SECFailure;
399 }
400
401 /* Require a forward-secret key exchange. */
402 *canFalseStart = ss->ssl3.hs.kea_def->kea == kea_dhe_dss ||
403 ss->ssl3.hs.kea_def->kea == kea_dhe_rsa ||
404 ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa ||
405 ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa;
406
407 return SECSuccess;
408 }
409
410 /* Try to make progress on an SSL handshake by attempting to read the
411 ** next handshake from the peer, and sending any responses.
412 ** For non-blocking sockets, returns PR_ERROR_WOULD_BLOCK if it cannot
413 ** read the next handshake from the underlying socket.
414 ** For SSLv2, returns when handshake is complete or fatal error occurs.
415 ** For SSLv3, returns when handshake is complete, or application data has
416 ** arrived that must be taken by application before handshake can continue,
417 ** or a fatal error occurs.
418 ** Application should use handshake completion callback to tell which.
419 */
420 SECStatus
421 SSL_ForceHandshake(PRFileDesc *fd)
422 {
423 sslSocket *ss;
424 SECStatus rv = SECFailure;
425
426 ss = ssl_FindSocket(fd);
427 if (!ss) {
428 SSL_DBG(("%d: SSL[%d]: bad socket in ForceHandshake",
429 SSL_GETPID(), fd));
430 return rv;
431 }
432
433 /* Don't waste my time */
434 if (!ss->opt.useSecurity)
435 return SECSuccess;
436
437 if (!ssl_SocketIsBlocking(ss)) {
438 ssl_GetXmitBufLock(ss);
439 if (ss->pendingBuf.len != 0) {
440 int sent = ssl_SendSavedWriteData(ss);
441 if ((sent < 0) && (PORT_GetError() != PR_WOULD_BLOCK_ERROR)) {
442 ssl_ReleaseXmitBufLock(ss);
443 return SECFailure;
444 }
445 }
446 ssl_ReleaseXmitBufLock(ss);
447 }
448
449 ssl_Get1stHandshakeLock(ss);
450
451 if (ss->version >= SSL_LIBRARY_VERSION_3_0) {
452 int gatherResult;
453
454 ssl_GetRecvBufLock(ss);
455 gatherResult = ssl3_GatherCompleteHandshake(ss, 0);
456 ssl_ReleaseRecvBufLock(ss);
457 if (gatherResult > 0) {
458 rv = SECSuccess;
459 } else if (gatherResult == 0) {
460 PORT_SetError(PR_END_OF_FILE_ERROR);
461 } else if (gatherResult == SECWouldBlock) {
462 PORT_SetError(PR_WOULD_BLOCK_ERROR);
463 }
464 } else if (!ss->firstHsDone) {
465 rv = ssl_Do1stHandshake(ss);
466 } else {
467 /* tried to force handshake on an SSL 2 socket that has
468 ** already completed the handshake. */
469 rv = SECSuccess; /* just pretend we did it. */
470 }
471
472 ssl_Release1stHandshakeLock(ss);
473
474 return rv;
475 }
476
477 /*
478 ** Same as above, but with an I/O timeout.
479 */
480 SSL_IMPORT SECStatus SSL_ForceHandshakeWithTimeout(PRFileDesc *fd,
481 PRIntervalTime timeout)
482 {
483 if (SECSuccess != ssl_SetTimeout(fd, timeout)) {
484 return SECFailure;
485 }
486 return SSL_ForceHandshake(fd);
487 }
488
489
490 /************************************************************************/
491
492 /*
493 ** Grow a buffer to hold newLen bytes of data.
494 ** Called for both recv buffers and xmit buffers.
495 ** Caller must hold xmitBufLock or recvBufLock, as appropriate.
496 */
497 SECStatus
498 sslBuffer_Grow(sslBuffer *b, unsigned int newLen)
499 {
500 newLen = PR_MAX(newLen, MAX_FRAGMENT_LENGTH + 2048);
501 if (newLen > b->space) {
502 unsigned char *newBuf;
503 if (b->buf) {
504 newBuf = (unsigned char *) PORT_Realloc(b->buf, newLen);
505 } else {
506 newBuf = (unsigned char *) PORT_Alloc(newLen);
507 }
508 if (!newBuf) {
509 return SECFailure;
510 }
511 SSL_TRC(10, ("%d: SSL: grow buffer from %d to %d",
512 SSL_GETPID(), b->space, newLen));
513 b->buf = newBuf;
514 b->space = newLen;
515 }
516 return SECSuccess;
517 }
518
519 SECStatus
520 sslBuffer_Append(sslBuffer *b, const void * data, unsigned int len)
521 {
522 unsigned int newLen = b->len + len;
523 SECStatus rv;
524
525 rv = sslBuffer_Grow(b, newLen);
526 if (rv != SECSuccess)
527 return rv;
528 PORT_Memcpy(b->buf + b->len, data, len);
529 b->len += len;
530 return SECSuccess;
531 }
532
533 /*
534 ** Save away write data that is trying to be written before the security
535 ** handshake has been completed. When the handshake is completed, we will
536 ** flush this data out.
537 ** Caller must hold xmitBufLock
538 */
539 SECStatus
540 ssl_SaveWriteData(sslSocket *ss, const void *data, unsigned int len)
541 {
542 SECStatus rv;
543
544 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) );
545 rv = sslBuffer_Append(&ss->pendingBuf, data, len);
546 SSL_TRC(5, ("%d: SSL[%d]: saving %u bytes of data (%u total saved so far)",
547 SSL_GETPID(), ss->fd, len, ss->pendingBuf.len));
548 return rv;
549 }
550
551 /*
552 ** Send saved write data. This will flush out data sent prior to a
553 ** complete security handshake. Hopefully there won't be too much of it.
554 ** Returns count of the bytes sent, NOT a SECStatus.
555 ** Caller must hold xmitBufLock
556 */
557 int
558 ssl_SendSavedWriteData(sslSocket *ss)
559 {
560 int rv = 0;
561
562 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) );
563 if (ss->pendingBuf.len != 0) {
564 SSL_TRC(5, ("%d: SSL[%d]: sending %d bytes of saved data",
565 SSL_GETPID(), ss->fd, ss->pendingBuf.len));
566 rv = ssl_DefSend(ss, ss->pendingBuf.buf, ss->pendingBuf.len, 0);
567 if (rv < 0) {
568 return rv;
569 }
570 ss->pendingBuf.len -= rv;
571 if (ss->pendingBuf.len > 0 && rv > 0) {
572 /* UGH !! This shifts the whole buffer down by copying it */
573 PORT_Memmove(ss->pendingBuf.buf, ss->pendingBuf.buf + rv,
574 ss->pendingBuf.len);
575 }
576 }
577 return rv;
578 }
579
580 /************************************************************************/
581
582 /*
583 ** Receive some application data on a socket. Reads SSL records from the input
584 ** stream, decrypts them and then copies them to the output buffer.
585 ** Called from ssl_SecureRecv() below.
586 **
587 ** Caller does NOT hold 1stHandshakeLock because that handshake is over.
588 ** Caller doesn't call this until initial handshake is complete.
589 ** For SSLv2, there is no subsequent handshake.
590 ** For SSLv3, the call to ssl3_GatherAppDataRecord may encounter handshake
591 ** messages from a subsequent handshake.
592 **
593 ** This code is similar to, and easily confused with,
594 ** ssl_GatherRecord1stHandshake() in sslcon.c
595 */
596 static int
597 DoRecv(sslSocket *ss, unsigned char *out, int len, int flags)
598 {
599 int rv;
600 int amount;
601 int available;
602
603 /* ssl3_GatherAppDataRecord may call ssl_FinishHandshake, which needs the
604 * 1stHandshakeLock. */
605 ssl_Get1stHandshakeLock(ss);
606 ssl_GetRecvBufLock(ss);
607
608 available = ss->gs.writeOffset - ss->gs.readOffset;
609 if (available == 0) {
610 /* Get some more data */
611 if (ss->version >= SSL_LIBRARY_VERSION_3_0) {
612 /* Wait for application data to arrive. */
613 rv = ssl3_GatherAppDataRecord(ss, 0);
614 } else {
615 /* See if we have a complete record */
616 rv = ssl2_GatherRecord(ss, 0);
617 }
618 if (rv <= 0) {
619 if (rv == 0) {
620 /* EOF */
621 SSL_TRC(10, ("%d: SSL[%d]: ssl_recv EOF",
622 SSL_GETPID(), ss->fd));
623 goto done;
624 }
625 if ((rv != SECWouldBlock) &&
626 (PR_GetError() != PR_WOULD_BLOCK_ERROR)) {
627 /* Some random error */
628 goto done;
629 }
630
631 /*
632 ** Gather record is blocked waiting for more record data to
633 ** arrive. Try to process what we have already received
634 */
635 } else {
636 /* Gather record has finished getting a complete record */
637 }
638
639 /* See if any clear data is now available */
640 available = ss->gs.writeOffset - ss->gs.readOffset;
641 if (available == 0) {
642 /*
643 ** No partial data is available. Force error code to
644 ** EWOULDBLOCK so that caller will try again later. Note
645 ** that the error code is probably EWOULDBLOCK already,
646 ** but if it isn't (for example, if we received a zero
647 ** length record) then this will force it to be correct.
648 */
649 PORT_SetError(PR_WOULD_BLOCK_ERROR);
650 rv = SECFailure;
651 goto done;
652 }
653 SSL_TRC(30, ("%d: SSL[%d]: partial data ready, available=%d",
654 SSL_GETPID(), ss->fd, available));
655 }
656
657 /* Dole out clear data to reader */
658 amount = PR_MIN(len, available);
659 PORT_Memcpy(out, ss->gs.buf.buf + ss->gs.readOffset, amount);
660 if (!(flags & PR_MSG_PEEK)) {
661 ss->gs.readOffset += amount;
662 }
663 PORT_Assert(ss->gs.readOffset <= ss->gs.writeOffset);
664 rv = amount;
665
666 SSL_TRC(30, ("%d: SSL[%d]: amount=%d available=%d",
667 SSL_GETPID(), ss->fd, amount, available));
668 PRINT_BUF(4, (ss, "DoRecv receiving plaintext:", out, amount));
669
670 done:
671 ssl_ReleaseRecvBufLock(ss);
672 ssl_Release1stHandshakeLock(ss);
673 return rv;
674 }
675
676 /************************************************************************/
677
678 /*
679 ** Return SSLKEAType derived from cert's Public Key algorithm info.
680 */
681 SSLKEAType
682 NSS_FindCertKEAType(CERTCertificate * cert)
683 {
684 SSLKEAType keaType = kt_null;
685 int tag;
686
687 if (!cert) goto loser;
688
689 tag = SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm));
690
691 switch (tag) {
692 case SEC_OID_X500_RSA_ENCRYPTION:
693 case SEC_OID_PKCS1_RSA_ENCRYPTION:
694 keaType = kt_rsa;
695 break;
696 case SEC_OID_X942_DIFFIE_HELMAN_KEY:
697 keaType = kt_dh;
698 break;
699 #ifndef NSS_DISABLE_ECC
700 case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
701 keaType = kt_ecdh;
702 break;
703 #endif /* NSS_DISABLE_ECC */
704 default:
705 keaType = kt_null;
706 }
707
708 loser:
709
710 return keaType;
711 }
712
713 static const PRCallOnceType pristineCallOnce;
714 static PRCallOnceType setupServerCAListOnce;
715
716 static SECStatus serverCAListShutdown(void* appData, void* nssData)
717 {
718 PORT_Assert(ssl3_server_ca_list);
719 if (ssl3_server_ca_list) {
720 CERT_FreeDistNames(ssl3_server_ca_list);
721 ssl3_server_ca_list = NULL;
722 }
723 setupServerCAListOnce = pristineCallOnce;
724 return SECSuccess;
725 }
726
727 static PRStatus serverCAListSetup(void *arg)
728 {
729 CERTCertDBHandle *dbHandle = (CERTCertDBHandle *)arg;
730 SECStatus rv = NSS_RegisterShutdown(serverCAListShutdown, NULL);
731 PORT_Assert(SECSuccess == rv);
732 if (SECSuccess == rv) {
733 ssl3_server_ca_list = CERT_GetSSLCACerts(dbHandle);
734 return PR_SUCCESS;
735 }
736 return PR_FAILURE;
737 }
738
739 SECStatus
740 ssl_ConfigSecureServer(sslSocket *ss, CERTCertificate *cert,
741 const CERTCertificateList *certChain,
742 ssl3KeyPair *keyPair, SSLKEAType kea)
743 {
744 CERTCertificateList *localCertChain = NULL;
745 sslServerCerts *sc = ss->serverCerts + kea;
746
747 /* load the server certificate */
748 if (sc->serverCert != NULL) {
749 CERT_DestroyCertificate(sc->serverCert);
750 sc->serverCert = NULL;
751 sc->serverKeyBits = 0;
752 }
753 /* load the server cert chain */
754 if (sc->serverCertChain != NULL) {
755 CERT_DestroyCertificateList(sc->serverCertChain);
756 sc->serverCertChain = NULL;
757 }
758 if (cert) {
759 sc->serverCert = CERT_DupCertificate(cert);
760 /* get the size of the cert's public key, and remember it */
761 sc->serverKeyBits = SECKEY_PublicKeyStrengthInBits(keyPair->pubKey);
762 if (!certChain) {
763 localCertChain =
764 CERT_CertChainFromCert(sc->serverCert, certUsageSSLServer,
765 PR_TRUE);
766 if (!localCertChain)
767 goto loser;
768 }
769 sc->serverCertChain = (certChain) ? CERT_DupCertList(certChain) :
770 localCertChain;
771 if (!sc->serverCertChain) {
772 goto loser;
773 }
774 localCertChain = NULL; /* consumed */
775 }
776
777 /* get keyPair */
778 if (sc->serverKeyPair != NULL) {
779 ssl3_FreeKeyPair(sc->serverKeyPair);
780 sc->serverKeyPair = NULL;
781 }
782 if (keyPair) {
783 SECKEY_CacheStaticFlags(keyPair->privKey);
784 sc->serverKeyPair = ssl3_GetKeyPairRef(keyPair);
785 }
786 if (kea == kt_rsa && cert && sc->serverKeyBits > 512 &&
787 !ss->opt.noStepDown && !ss->stepDownKeyPair) {
788 if (ssl3_CreateRSAStepDownKeys(ss) != SECSuccess) {
789 goto loser;
790 }
791 }
792 return SECSuccess;
793
794 loser:
795 if (localCertChain) {
796 CERT_DestroyCertificateList(localCertChain);
797 }
798 if (sc->serverCert != NULL) {
799 CERT_DestroyCertificate(sc->serverCert);
800 sc->serverCert = NULL;
801 }
802 if (sc->serverCertChain != NULL) {
803 CERT_DestroyCertificateList(sc->serverCertChain);
804 sc->serverCertChain = NULL;
805 }
806 if (sc->serverKeyPair != NULL) {
807 ssl3_FreeKeyPair(sc->serverKeyPair);
808 sc->serverKeyPair = NULL;
809 }
810 return SECFailure;
811 }
812
813 /* XXX need to protect the data that gets changed here.!! */
814
815 SECStatus
816 SSL_ConfigSecureServer(PRFileDesc *fd, CERTCertificate *cert,
817 SECKEYPrivateKey *key, SSL3KEAType kea)
818 {
819
820 return SSL_ConfigSecureServerWithCertChain(fd, cert, NULL, key, kea);
821 }
822
823 SECStatus
824 SSL_ConfigSecureServerWithCertChain(PRFileDesc *fd, CERTCertificate *cert,
825 const CERTCertificateList *certChainOpt,
826 SECKEYPrivateKey *key, SSL3KEAType kea)
827 {
828 sslSocket *ss;
829 SECKEYPublicKey *pubKey = NULL;
830 ssl3KeyPair *keyPair = NULL;
831 SECStatus rv = SECFailure;
832
833 ss = ssl_FindSocket(fd);
834 if (!ss) {
835 return SECFailure;
836 }
837
838 /* Both key and cert must have a value or be NULL */
839 /* Passing a value of NULL will turn off key exchange algorithms that were
840 * previously turned on */
841 if (!cert != !key) {
842 PORT_SetError(SEC_ERROR_INVALID_ARGS);
843 return SECFailure;
844 }
845
846 /* make sure the key exchange is recognized */
847 if ((kea >= kt_kea_size) || (kea < kt_null)) {
848 PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
849 return SECFailure;
850 }
851
852 if (kea != NSS_FindCertKEAType(cert)) {
853 PORT_SetError(SSL_ERROR_CERT_KEA_MISMATCH);
854 return SECFailure;
855 }
856
857 if (cert) {
858 /* get the size of the cert's public key, and remember it */
859 pubKey = CERT_ExtractPublicKey(cert);
860 if (!pubKey)
861 return SECFailure;
862 }
863
864 if (key) {
865 SECKEYPrivateKey * keyCopy = NULL;
866 CK_MECHANISM_TYPE keyMech = CKM_INVALID_MECHANISM;
867
868 if (key->pkcs11Slot) {
869 PK11SlotInfo * bestSlot;
870 bestSlot = PK11_ReferenceSlot(key->pkcs11Slot);
871 if (bestSlot) {
872 keyCopy = PK11_CopyTokenPrivKeyToSessionPrivKey(bestSlot, key);
873 PK11_FreeSlot(bestSlot);
874 }
875 }
876 if (keyCopy == NULL)
877 keyMech = PK11_MapSignKeyType(key->keyType);
878 if (keyMech != CKM_INVALID_MECHANISM) {
879 PK11SlotInfo * bestSlot;
880 /* XXX Maybe should be bestSlotMultiple? */
881 bestSlot = PK11_GetBestSlot(keyMech, NULL /* wincx */);
882 if (bestSlot) {
883 keyCopy = PK11_CopyTokenPrivKeyToSessionPrivKey(bestSlot, key);
884 PK11_FreeSlot(bestSlot);
885 }
886 }
887 if (keyCopy == NULL)
888 keyCopy = SECKEY_CopyPrivateKey(key);
889 if (keyCopy == NULL)
890 goto loser;
891 keyPair = ssl3_NewKeyPair(keyCopy, pubKey);
892 if (keyPair == NULL) {
893 SECKEY_DestroyPrivateKey(keyCopy);
894 goto loser;
895 }
896 pubKey = NULL; /* adopted by serverKeyPair */
897 }
898 if (ssl_ConfigSecureServer(ss, cert, certChainOpt,
899 keyPair, kea) == SECFailure) {
900 goto loser;
901 }
902
903 /* Only do this once because it's global. */
904 if (PR_SUCCESS == PR_CallOnceWithArg(&setupServerCAListOnce,
905 &serverCAListSetup,
906 (void *)(ss->dbHandle))) {
907 rv = SECSuccess;
908 }
909
910 loser:
911 if (keyPair) {
912 ssl3_FreeKeyPair(keyPair);
913 }
914 if (pubKey) {
915 SECKEY_DestroyPublicKey(pubKey);
916 pubKey = NULL;
917 }
918 return rv;
919 }
920
921 /************************************************************************/
922
923 SECStatus
924 ssl_CreateSecurityInfo(sslSocket *ss)
925 {
926 SECStatus status;
927
928 /* initialize sslv2 socket to send data in the clear. */
929 ssl2_UseClearSendFunc(ss);
930
931 ss->sec.blockSize = 1;
932 ss->sec.blockShift = 0;
933
934 ssl_GetXmitBufLock(ss);
935 status = sslBuffer_Grow(&ss->sec.writeBuf, 4096);
936 ssl_ReleaseXmitBufLock(ss);
937
938 return status;
939 }
940
941 SECStatus
942 ssl_CopySecurityInfo(sslSocket *ss, sslSocket *os)
943 {
944 ss->sec.send = os->sec.send;
945 ss->sec.isServer = os->sec.isServer;
946 ss->sec.keyBits = os->sec.keyBits;
947 ss->sec.secretKeyBits = os->sec.secretKeyBits;
948
949 ss->sec.peerCert = CERT_DupCertificate(os->sec.peerCert);
950 if (os->sec.peerCert && !ss->sec.peerCert)
951 goto loser;
952
953 ss->sec.cache = os->sec.cache;
954 ss->sec.uncache = os->sec.uncache;
955
956 /* we don't dup the connection info. */
957
958 ss->sec.sendSequence = os->sec.sendSequence;
959 ss->sec.rcvSequence = os->sec.rcvSequence;
960
961 if (os->sec.hash && os->sec.hashcx) {
962 ss->sec.hash = os->sec.hash;
963 ss->sec.hashcx = os->sec.hash->clone(os->sec.hashcx);
964 if (os->sec.hashcx && !ss->sec.hashcx)
965 goto loser;
966 } else {
967 ss->sec.hash = NULL;
968 ss->sec.hashcx = NULL;
969 }
970
971 if (SECITEM_CopyItem(0, &ss->sec.sendSecret, &os->sec.sendSecret))
972 goto loser;
973 if (SECITEM_CopyItem(0, &ss->sec.rcvSecret, &os->sec.rcvSecret))
974 goto loser;
975
976 /* XXX following code is wrong if either cx != 0 */
977 PORT_Assert(os->sec.readcx == 0);
978 PORT_Assert(os->sec.writecx == 0);
979 ss->sec.readcx = os->sec.readcx;
980 ss->sec.writecx = os->sec.writecx;
981 ss->sec.destroy = 0;
982
983 ss->sec.enc = os->sec.enc;
984 ss->sec.dec = os->sec.dec;
985
986 ss->sec.blockShift = os->sec.blockShift;
987 ss->sec.blockSize = os->sec.blockSize;
988
989 return SECSuccess;
990
991 loser:
992 return SECFailure;
993 }
994
995 /* Reset sec back to its initial state.
996 ** Caller holds any relevant locks.
997 */
998 void
999 ssl_ResetSecurityInfo(sslSecurityInfo *sec, PRBool doMemset)
1000 {
1001 /* Destroy MAC */
1002 if (sec->hash && sec->hashcx) {
1003 (*sec->hash->destroy)(sec->hashcx, PR_TRUE);
1004 sec->hashcx = NULL;
1005 sec->hash = NULL;
1006 }
1007 SECITEM_ZfreeItem(&sec->sendSecret, PR_FALSE);
1008 SECITEM_ZfreeItem(&sec->rcvSecret, PR_FALSE);
1009
1010 /* Destroy ciphers */
1011 if (sec->destroy) {
1012 (*sec->destroy)(sec->readcx, PR_TRUE);
1013 (*sec->destroy)(sec->writecx, PR_TRUE);
1014 sec->readcx = NULL;
1015 sec->writecx = NULL;
1016 } else {
1017 PORT_Assert(sec->readcx == 0);
1018 PORT_Assert(sec->writecx == 0);
1019 }
1020 sec->readcx = 0;
1021 sec->writecx = 0;
1022
1023 if (sec->localCert) {
1024 CERT_DestroyCertificate(sec->localCert);
1025 sec->localCert = NULL;
1026 }
1027 if (sec->peerCert) {
1028 CERT_DestroyCertificate(sec->peerCert);
1029 sec->peerCert = NULL;
1030 }
1031 if (sec->peerKey) {
1032 SECKEY_DestroyPublicKey(sec->peerKey);
1033 sec->peerKey = NULL;
1034 }
1035
1036 /* cleanup the ci */
1037 if (sec->ci.sid != NULL) {
1038 ssl_FreeSID(sec->ci.sid);
1039 }
1040 PORT_ZFree(sec->ci.sendBuf.buf, sec->ci.sendBuf.space);
1041 if (doMemset) {
1042 memset(&sec->ci, 0, sizeof sec->ci);
1043 }
1044
1045 }
1046
1047 /*
1048 ** Called from SSL_ResetHandshake (above), and
1049 ** from ssl_FreeSocket in sslsock.c
1050 ** Caller should hold relevant locks (e.g. XmitBufLock)
1051 */
1052 void
1053 ssl_DestroySecurityInfo(sslSecurityInfo *sec)
1054 {
1055 ssl_ResetSecurityInfo(sec, PR_FALSE);
1056
1057 PORT_ZFree(sec->writeBuf.buf, sec->writeBuf.space);
1058 sec->writeBuf.buf = 0;
1059
1060 memset(sec, 0, sizeof *sec);
1061 }
1062
1063 /************************************************************************/
1064
1065 int
1066 ssl_SecureConnect(sslSocket *ss, const PRNetAddr *sa)
1067 {
1068 PRFileDesc *osfd = ss->fd->lower;
1069 int rv;
1070
1071 if ( ss->opt.handshakeAsServer ) {
1072 ss->securityHandshake = ssl2_BeginServerHandshake;
1073 ss->handshaking = sslHandshakingAsServer;
1074 } else {
1075 ss->securityHandshake = ssl2_BeginClientHandshake;
1076 ss->handshaking = sslHandshakingAsClient;
1077 }
1078
1079 /* connect to server */
1080 rv = osfd->methods->connect(osfd, sa, ss->cTimeout);
1081 if (rv == PR_SUCCESS) {
1082 ss->TCPconnected = 1;
1083 } else {
1084 int err = PR_GetError();
1085 SSL_DBG(("%d: SSL[%d]: connect failed, errno=%d",
1086 SSL_GETPID(), ss->fd, err));
1087 if (err == PR_IS_CONNECTED_ERROR) {
1088 ss->TCPconnected = 1;
1089 }
1090 }
1091
1092 SSL_TRC(5, ("%d: SSL[%d]: secure connect completed, rv == %d",
1093 SSL_GETPID(), ss->fd, rv));
1094 return rv;
1095 }
1096
1097 /*
1098 * The TLS 1.2 RFC 5246, Section 7.2.1 says:
1099 *
1100 * Unless some other fatal alert has been transmitted, each party is
1101 * required to send a close_notify alert before closing the write side
1102 * of the connection. The other party MUST respond with a close_notify
1103 * alert of its own and close down the connection immediately,
1104 * discarding any pending writes. It is not required for the initiator
1105 * of the close to wait for the responding close_notify alert before
1106 * closing the read side of the connection.
1107 *
1108 * The second sentence requires that we send a close_notify alert when we
1109 * have received a close_notify alert. In practice, all SSL implementations
1110 * close the socket immediately after sending a close_notify alert (which is
1111 * allowed by the third sentence), so responding with a close_notify alert
1112 * would result in a write failure with the ECONNRESET error. This is why
1113 * we don't respond with a close_notify alert.
1114 *
1115 * Also, in the unlikely event that the TCP pipe is full and the peer stops
1116 * reading, the SSL3_SendAlert call in ssl_SecureClose and ssl_SecureShutdown
1117 * may block indefinitely in blocking mode, and may fail (without retrying)
1118 * in non-blocking mode.
1119 */
1120
1121 int
1122 ssl_SecureClose(sslSocket *ss)
1123 {
1124 int rv;
1125
1126 if (ss->version >= SSL_LIBRARY_VERSION_3_0 &&
1127 !(ss->shutdownHow & ssl_SHUTDOWN_SEND) &&
1128 ss->firstHsDone &&
1129 !ss->recvdCloseNotify &&
1130 ss->ssl3.initialized) {
1131
1132 /* We don't want the final alert to be Nagle delayed. */
1133 if (!ss->delayDisabled) {
1134 ssl_EnableNagleDelay(ss, PR_FALSE);
1135 ss->delayDisabled = 1;
1136 }
1137
1138 (void) SSL3_SendAlert(ss, alert_warning, close_notify);
1139 }
1140 rv = ssl_DefClose(ss);
1141 return rv;
1142 }
1143
1144 /* Caller handles all locking */
1145 int
1146 ssl_SecureShutdown(sslSocket *ss, int nsprHow)
1147 {
1148 PRFileDesc *osfd = ss->fd->lower;
1149 int rv;
1150 PRIntn sslHow = nsprHow + 1;
1151
1152 if ((unsigned)nsprHow > PR_SHUTDOWN_BOTH) {
1153 PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
1154 return PR_FAILURE;
1155 }
1156
1157 if ((sslHow & ssl_SHUTDOWN_SEND) != 0 &&
1158 ss->version >= SSL_LIBRARY_VERSION_3_0 &&
1159 !(ss->shutdownHow & ssl_SHUTDOWN_SEND) &&
1160 ss->firstHsDone &&
1161 !ss->recvdCloseNotify &&
1162 ss->ssl3.initialized) {
1163
1164 (void) SSL3_SendAlert(ss, alert_warning, close_notify);
1165 }
1166
1167 rv = osfd->methods->shutdown(osfd, nsprHow);
1168
1169 ss->shutdownHow |= sslHow;
1170
1171 return rv;
1172 }
1173
1174 /************************************************************************/
1175
1176
1177 int
1178 ssl_SecureRecv(sslSocket *ss, unsigned char *buf, int len, int flags)
1179 {
1180 sslSecurityInfo *sec;
1181 int rv = 0;
1182
1183 sec = &ss->sec;
1184
1185 if (ss->shutdownHow & ssl_SHUTDOWN_RCV) {
1186 PORT_SetError(PR_SOCKET_SHUTDOWN_ERROR);
1187 return PR_FAILURE;
1188 }
1189 if (flags & ~PR_MSG_PEEK) {
1190 PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
1191 return PR_FAILURE;
1192 }
1193
1194 if (!ssl_SocketIsBlocking(ss) && !ss->opt.fdx) {
1195 ssl_GetXmitBufLock(ss);
1196 if (ss->pendingBuf.len != 0) {
1197 rv = ssl_SendSavedWriteData(ss);
1198 if ((rv < 0) && (PORT_GetError() != PR_WOULD_BLOCK_ERROR)) {
1199 ssl_ReleaseXmitBufLock(ss);
1200 return SECFailure;
1201 }
1202 }
1203 ssl_ReleaseXmitBufLock(ss);
1204 }
1205
1206 rv = 0;
1207 /* If any of these is non-zero, the initial handshake is not done. */
1208 if (!ss->firstHsDone) {
1209 ssl_Get1stHandshakeLock(ss);
1210 if (ss->handshake || ss->nextHandshake || ss->securityHandshake) {
1211 rv = ssl_Do1stHandshake(ss);
1212 }
1213 ssl_Release1stHandshakeLock(ss);
1214 }
1215 if (rv < 0) {
1216 return rv;
1217 }
1218
1219 if (len == 0) return 0;
1220
1221 rv = DoRecv(ss, (unsigned char*) buf, len, flags);
1222 SSL_TRC(2, ("%d: SSL[%d]: recving %d bytes securely (errno=%d)",
1223 SSL_GETPID(), ss->fd, rv, PORT_GetError()));
1224 return rv;
1225 }
1226
1227 int
1228 ssl_SecureRead(sslSocket *ss, unsigned char *buf, int len)
1229 {
1230 return ssl_SecureRecv(ss, buf, len, 0);
1231 }
1232
1233 /* Caller holds the SSL Socket's write lock. SSL_LOCK_WRITER(ss) */
1234 int
1235 ssl_SecureSend(sslSocket *ss, const unsigned char *buf, int len, int flags)
1236 {
1237 int rv = 0;
1238
1239 SSL_TRC(2, ("%d: SSL[%d]: SecureSend: sending %d bytes",
1240 SSL_GETPID(), ss->fd, len));
1241
1242 if (ss->shutdownHow & ssl_SHUTDOWN_SEND) {
1243 PORT_SetError(PR_SOCKET_SHUTDOWN_ERROR);
1244 rv = PR_FAILURE;
1245 goto done;
1246 }
1247 if (flags) {
1248 PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
1249 rv = PR_FAILURE;
1250 goto done;
1251 }
1252
1253 ssl_GetXmitBufLock(ss);
1254 if (ss->pendingBuf.len != 0) {
1255 PORT_Assert(ss->pendingBuf.len > 0);
1256 rv = ssl_SendSavedWriteData(ss);
1257 if (rv >= 0 && ss->pendingBuf.len != 0) {
1258 PORT_Assert(ss->pendingBuf.len > 0);
1259 PORT_SetError(PR_WOULD_BLOCK_ERROR);
1260 rv = SECFailure;
1261 }
1262 }
1263 ssl_ReleaseXmitBufLock(ss);
1264 if (rv < 0) {
1265 goto done;
1266 }
1267
1268 if (len > 0)
1269 ss->writerThread = PR_GetCurrentThread();
1270 /* If any of these is non-zero, the initial handshake is not done. */
1271 if (!ss->firstHsDone) {
1272 PRBool falseStart = PR_FALSE;
1273 ssl_Get1stHandshakeLock(ss);
1274 if (ss->opt.enableFalseStart &&
1275 ss->version >= SSL_LIBRARY_VERSION_3_0) {
1276 ssl_GetSSL3HandshakeLock(ss);
1277 falseStart = ss->ssl3.hs.canFalseStart;
1278 ssl_ReleaseSSL3HandshakeLock(ss);
1279 }
1280 if (!falseStart &&
1281 (ss->handshake || ss->nextHandshake || ss->securityHandshake)) {
1282 rv = ssl_Do1stHandshake(ss);
1283 }
1284 ssl_Release1stHandshakeLock(ss);
1285 }
1286 if (rv < 0) {
1287 ss->writerThread = NULL;
1288 goto done;
1289 }
1290
1291 /* Check for zero length writes after we do housekeeping so we make forward
1292 * progress.
1293 */
1294 if (len == 0) {
1295 rv = 0;
1296 goto done;
1297 }
1298 PORT_Assert(buf != NULL);
1299 if (!buf) {
1300 PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
1301 rv = PR_FAILURE;
1302 goto done;
1303 }
1304
1305 if (!ss->firstHsDone) {
1306 PORT_Assert(ss->version >= SSL_LIBRARY_VERSION_3_0);
1307 #ifdef DEBUG
1308 ssl_GetSSL3HandshakeLock(ss);
1309 PORT_Assert(ss->ssl3.hs.canFalseStart);
1310 ssl_ReleaseSSL3HandshakeLock(ss);
1311 #endif
1312 SSL_TRC(3, ("%d: SSL[%d]: SecureSend: sending data due to false start",
1313 SSL_GETPID(), ss->fd));
1314 }
1315
1316 /* Send out the data using one of these functions:
1317 * ssl2_SendClear, ssl2_SendStream, ssl2_SendBlock,
1318 * ssl3_SendApplicationData
1319 */
1320 ssl_GetXmitBufLock(ss);
1321 rv = (*ss->sec.send)(ss, buf, len, flags);
1322 ssl_ReleaseXmitBufLock(ss);
1323 ss->writerThread = NULL;
1324 done:
1325 if (rv < 0) {
1326 SSL_TRC(2, ("%d: SSL[%d]: SecureSend: returning %d count, error %d",
1327 SSL_GETPID(), ss->fd, rv, PORT_GetError()));
1328 } else {
1329 SSL_TRC(2, ("%d: SSL[%d]: SecureSend: returning %d count",
1330 SSL_GETPID(), ss->fd, rv));
1331 }
1332 return rv;
1333 }
1334
1335 int
1336 ssl_SecureWrite(sslSocket *ss, const unsigned char *buf, int len)
1337 {
1338 return ssl_SecureSend(ss, buf, len, 0);
1339 }
1340
1341 SECStatus
1342 SSL_BadCertHook(PRFileDesc *fd, SSLBadCertHandler f, void *arg)
1343 {
1344 sslSocket *ss;
1345
1346 ss = ssl_FindSocket(fd);
1347 if (!ss) {
1348 SSL_DBG(("%d: SSL[%d]: bad socket in SSLBadCertHook",
1349 SSL_GETPID(), fd));
1350 return SECFailure;
1351 }
1352
1353 ss->handleBadCert = f;
1354 ss->badCertArg = arg;
1355
1356 return SECSuccess;
1357 }
1358
1359 /*
1360 * Allow the application to pass the url or hostname into the SSL library
1361 * so that we can do some checking on it. It will be used for the value in
1362 * SNI extension of client hello message.
1363 */
1364 SECStatus
1365 SSL_SetURL(PRFileDesc *fd, const char *url)
1366 {
1367 sslSocket * ss = ssl_FindSocket(fd);
1368 SECStatus rv = SECSuccess;
1369
1370 if (!ss) {
1371 SSL_DBG(("%d: SSL[%d]: bad socket in SSLSetURL",
1372 SSL_GETPID(), fd));
1373 return SECFailure;
1374 }
1375 ssl_Get1stHandshakeLock(ss);
1376 ssl_GetSSL3HandshakeLock(ss);
1377
1378 if ( ss->url ) {
1379 PORT_Free((void *)ss->url); /* CONST */
1380 }
1381
1382 ss->url = (const char *)PORT_Strdup(url);
1383 if ( ss->url == NULL ) {
1384 rv = SECFailure;
1385 }
1386
1387 ssl_ReleaseSSL3HandshakeLock(ss);
1388 ssl_Release1stHandshakeLock(ss);
1389
1390 return rv;
1391 }
1392
1393 /*
1394 * Allow the application to pass the set of trust anchors
1395 */
1396 SECStatus
1397 SSL_SetTrustAnchors(PRFileDesc *fd, CERTCertList *certList)
1398 {
1399 sslSocket * ss = ssl_FindSocket(fd);
1400 CERTDistNames *names = NULL;
1401
1402 if (!certList) {
1403 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1404 return SECFailure;
1405 }
1406 if (!ss) {
1407 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetTrustAnchors",
1408 SSL_GETPID(), fd));
1409 return SECFailure;
1410 }
1411
1412 names = CERT_DistNamesFromCertList(certList);
1413 if (names == NULL) {
1414 return SECFailure;
1415 }
1416 ssl_Get1stHandshakeLock(ss);
1417 ssl_GetSSL3HandshakeLock(ss);
1418 if (ss->ssl3.ca_list) {
1419 CERT_FreeDistNames(ss->ssl3.ca_list);
1420 }
1421 ss->ssl3.ca_list = names;
1422 ssl_ReleaseSSL3HandshakeLock(ss);
1423 ssl_Release1stHandshakeLock(ss);
1424
1425 return SECSuccess;
1426 }
1427
1428 /*
1429 ** Returns Negative number on error, zero or greater on success.
1430 ** Returns the amount of data immediately available to be read.
1431 */
1432 int
1433 SSL_DataPending(PRFileDesc *fd)
1434 {
1435 sslSocket *ss;
1436 int rv = 0;
1437
1438 ss = ssl_FindSocket(fd);
1439
1440 if (ss && ss->opt.useSecurity) {
1441 ssl_GetRecvBufLock(ss);
1442 rv = ss->gs.writeOffset - ss->gs.readOffset;
1443 ssl_ReleaseRecvBufLock(ss);
1444 }
1445
1446 return rv;
1447 }
1448
1449 SECStatus
1450 SSL_InvalidateSession(PRFileDesc *fd)
1451 {
1452 sslSocket * ss = ssl_FindSocket(fd);
1453 SECStatus rv = SECFailure;
1454
1455 if (ss) {
1456 ssl_Get1stHandshakeLock(ss);
1457 ssl_GetSSL3HandshakeLock(ss);
1458
1459 if (ss->sec.ci.sid && ss->sec.uncache) {
1460 ss->sec.uncache(ss->sec.ci.sid);
1461 rv = SECSuccess;
1462 }
1463
1464 ssl_ReleaseSSL3HandshakeLock(ss);
1465 ssl_Release1stHandshakeLock(ss);
1466 }
1467 return rv;
1468 }
1469
1470 static void
1471 ssl3_CacheSessionUnlocked(sslSocket *ss)
1472 {
1473 PORT_Assert(!ss->sec.isServer);
1474
1475 if (ss->ssl3.hs.cacheSID) {
1476 ss->sec.cache(ss->sec.ci.sid);
1477 ss->ssl3.hs.cacheSID = PR_FALSE;
1478 }
1479 }
1480
1481 SECStatus
1482 SSL_CacheSession(PRFileDesc *fd)
1483 {
1484 sslSocket * ss = ssl_FindSocket(fd);
1485 SECStatus rv = SECFailure;
1486
1487 if (ss) {
1488 ssl_Get1stHandshakeLock(ss);
1489 ssl_GetSSL3HandshakeLock(ss);
1490
1491 ssl3_CacheSessionUnlocked(ss);
1492 rv = SECSuccess;
1493
1494 ssl_ReleaseSSL3HandshakeLock(ss);
1495 ssl_Release1stHandshakeLock(ss);
1496 }
1497 return rv;
1498 }
1499
1500 SECStatus
1501 SSL_CacheSessionUnlocked(PRFileDesc *fd)
1502 {
1503 sslSocket * ss = ssl_FindSocket(fd);
1504 SECStatus rv = SECFailure;
1505
1506 if (ss) {
1507 ssl3_CacheSessionUnlocked(ss);
1508 rv = SECSuccess;
1509 }
1510 return rv;
1511 }
1512
1513 SECItem *
1514 SSL_GetSessionID(PRFileDesc *fd)
1515 {
1516 sslSocket * ss;
1517 SECItem * item = NULL;
1518
1519 ss = ssl_FindSocket(fd);
1520 if (ss) {
1521 ssl_Get1stHandshakeLock(ss);
1522 ssl_GetSSL3HandshakeLock(ss);
1523
1524 if (ss->opt.useSecurity && ss->firstHsDone && ss->sec.ci.sid) {
1525 item = (SECItem *)PORT_Alloc(sizeof(SECItem));
1526 if (item) {
1527 sslSessionID * sid = ss->sec.ci.sid;
1528 if (sid->version < SSL_LIBRARY_VERSION_3_0) {
1529 item->len = SSL2_SESSIONID_BYTES;
1530 item->data = (unsigned char*)PORT_Alloc(item->len);
1531 PORT_Memcpy(item->data, sid->u.ssl2.sessionID, item->len);
1532 } else {
1533 item->len = sid->u.ssl3.sessionIDLength;
1534 item->data = (unsigned char*)PORT_Alloc(item->len);
1535 PORT_Memcpy(item->data, sid->u.ssl3.sessionID, item->len);
1536 }
1537 }
1538 }
1539
1540 ssl_ReleaseSSL3HandshakeLock(ss);
1541 ssl_Release1stHandshakeLock(ss);
1542 }
1543 return item;
1544 }
1545
1546 SECStatus
1547 SSL_CertDBHandleSet(PRFileDesc *fd, CERTCertDBHandle *dbHandle)
1548 {
1549 sslSocket * ss;
1550
1551 ss = ssl_FindSocket(fd);
1552 if (!ss)
1553 return SECFailure;
1554 if (!dbHandle) {
1555 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1556 return SECFailure;
1557 }
1558 ss->dbHandle = dbHandle;
1559 return SECSuccess;
1560 }
1561
1562 /*
1563 * attempt to restart the handshake after asynchronously handling
1564 * a request for the client's certificate.
1565 *
1566 * inputs:
1567 * cert Client cert chosen by application.
1568 * Note: ssl takes this reference, and does not bump the
1569 * reference count. The caller should drop its reference
1570 * without calling CERT_DestroyCertificate after calling this
1571 * function.
1572 *
1573 * key Private key associated with cert. This function takes
1574 * ownership of the private key, so the caller should drop its
1575 * reference without destroying the private key after this
1576 * function returns.
1577 *
1578 * certChain Chain of signers for cert.
1579 * Note: ssl takes this reference, and does not copy the chain.
1580 * The caller should drop its reference without destroying the
1581 * chain. SSL will free the chain when it is done with it.
1582 *
1583 * Return value: XXX
1584 *
1585 * XXX This code only works on the initial handshake on a connection, XXX
1586 * It does not work on a subsequent handshake (redo).
1587 */
1588 SECStatus
1589 SSL_RestartHandshakeAfterCertReq(PRFileDesc * fd,
1590 CERTCertificate * cert,
1591 SECKEYPrivateKey * key,
1592 CERTCertificateList *certChain)
1593 {
1594 sslSocket * ss = ssl_FindSocket(fd);
1595 SECStatus ret;
1596
1597 if (!ss) {
1598 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_RestartHandshakeAfterCertReq",
1599 SSL_GETPID(), fd));
1600 if (cert) {
1601 CERT_DestroyCertificate(cert);
1602 }
1603 if (key) {
1604 SECKEY_DestroyPrivateKey(key);
1605 }
1606 if (certChain) {
1607 CERT_DestroyCertificateList(certChain);
1608 }
1609 return SECFailure;
1610 }
1611
1612 ssl_Get1stHandshakeLock(ss); /************************************/
1613
1614 if (ss->version >= SSL_LIBRARY_VERSION_3_0) {
1615 ret = ssl3_RestartHandshakeAfterCertReq(ss, cert, key, certChain);
1616 } else {
1617 if (certChain != NULL) {
1618 CERT_DestroyCertificateList(certChain);
1619 }
1620 PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);
1621 ret = SECFailure;
1622 }
1623
1624 ssl_Release1stHandshakeLock(ss); /************************************/
1625 return ret;
1626 }
1627
1628 SECStatus
1629 SSL_RestartHandshakeAfterChannelIDReq(PRFileDesc * fd,
1630 SECKEYPublicKey * channelIDPub,
1631 SECKEYPrivateKey *channelID)
1632 {
1633 sslSocket * ss = ssl_FindSocket(fd);
1634 SECStatus ret;
1635
1636 if (!ss) {
1637 SSL_DBG(("%d: SSL[%d]: bad socket in"
1638 " SSL_RestartHandshakeAfterChannelIDReq",
1639 SSL_GETPID(), fd));
1640 goto loser;
1641 }
1642
1643
1644 ssl_Get1stHandshakeLock(ss);
1645
1646 if (ss->version < SSL_LIBRARY_VERSION_3_0) {
1647 PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);
1648 ssl_Release1stHandshakeLock(ss);
1649 goto loser;
1650 }
1651
1652 ret = ssl3_RestartHandshakeAfterChannelIDReq(ss, channelIDPub,
1653 channelID);
1654 ssl_Release1stHandshakeLock(ss);
1655
1656 return ret;
1657
1658 loser:
1659 SECKEY_DestroyPublicKey(channelIDPub);
1660 SECKEY_DestroyPrivateKey(channelID);
1661 return SECFailure;
1662 }
1663
1664 /* DO NOT USE. This function was exported in ssl.def with the wrong signature;
1665 * this implementation exists to maintain link-time compatibility.
1666 */
1667 int
1668 SSL_RestartHandshakeAfterServerCert(sslSocket * ss)
1669 {
1670 PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
1671 return -1;
1672 }
1673
1674 /* See documentation in ssl.h */
1675 SECStatus
1676 SSL_AuthCertificateComplete(PRFileDesc *fd, PRErrorCode error)
1677 {
1678 SECStatus rv;
1679 sslSocket *ss = ssl_FindSocket(fd);
1680
1681 if (!ss) {
1682 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_AuthCertificateComplete",
1683 SSL_GETPID(), fd));
1684 return SECFailure;
1685 }
1686
1687 ssl_Get1stHandshakeLock(ss);
1688
1689 if (!ss->ssl3.initialized) {
1690 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1691 rv = SECFailure;
1692 } else if (ss->version < SSL_LIBRARY_VERSION_3_0) {
1693 PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);
1694 rv = SECFailure;
1695 } else {
1696 rv = ssl3_AuthCertificateComplete(ss, error);
1697 }
1698
1699 ssl_Release1stHandshakeLock(ss);
1700
1701 return rv;
1702 }
1703
1704 /* For more info see ssl.h */
1705 SECStatus
1706 SSL_SNISocketConfigHook(PRFileDesc *fd, SSLSNISocketConfig func,
1707 void *arg)
1708 {
1709 sslSocket *ss;
1710
1711 ss = ssl_FindSocket(fd);
1712 if (!ss) {
1713 SSL_DBG(("%d: SSL[%d]: bad socket in SNISocketConfigHook",
1714 SSL_GETPID(), fd));
1715 return SECFailure;
1716 }
1717
1718 ss->sniSocketConfig = func;
1719 ss->sniSocketConfigArg = arg;
1720 return SECSuccess;
1721 }