search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 1935611 - Fix libyuv/libpng link failed for loongarch64. r=glandium,tnikkel,ng
[gecko.git] / security / manager / ssl / nsNSSIOLayer.h
blob90b14cd666dc3df9efb39d1af8960a1baeace9ee
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2 *
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 #ifndef nsNSSIOLayer_h
8 #define nsNSSIOLayer_h
9
10 #include "mozilla/Assertions.h"
11 #include "mozilla/StaticPtr.h"
12 #include "mozilla/TimeStamp.h"
13 #include "mozilla/UniquePtr.h"
14 #include "nsCOMPtr.h"
15 #include "nsIObserver.h"
16 #include "nsIProxyInfo.h"
17 #include "nsITLSSocketControl.h"
18 #include "nsITlsHandshakeListener.h"
19 #include "nsNSSCertificate.h"
20 #include "nsTHashMap.h"
21 #include "nsTHashtable.h"
22 #include "sslt.h"
23
24 namespace mozilla {
25 class OriginAttributes;
26 } // namespace mozilla
27
28 const uint32_t kIPCClientCertsSlotTypeModern = 1;
29 const uint32_t kIPCClientCertsSlotTypeLegacy = 2;
30
31 using mozilla::OriginAttributes;
32
33 // Order matters for UpdateEchExtensioNStatus.
34 enum class EchExtensionStatus {
35 kNotPresent, // No ECH Extension was sent
36 kGREASE, // A GREASE ECH Extension was sent
37 kReal // A 'real' ECH Extension was sent
38 };
39
40 enum class PublicOrPrivate { Public, Private };
41
42 class nsSSLIOLayerHelpers : public nsIObserver {
43 public:
44 NS_DECL_THREADSAFE_ISUPPORTS
45 NS_DECL_NSIOBSERVER
46
47 explicit nsSSLIOLayerHelpers(PublicOrPrivate aPublicOrPrivate,
48 uint32_t aTlsFlags = 0);
49
50 static void GlobalInit();
51 static void GlobalCleanup();
52
53 nsresult Init();
54
55 static bool nsSSLIOLayerInitialized;
56 static PRDescIdentity nsSSLIOLayerIdentity;
57 static PRDescIdentity nsSSLPlaintextLayerIdentity;
58 static PRIOMethods nsSSLIOLayerMethods;
59 static PRIOMethods nsSSLPlaintextLayerMethods;
60
61 protected:
62 virtual ~nsSSLIOLayerHelpers();
63
64 private:
65 struct IntoleranceEntry {
66 uint16_t tolerant;
67 uint16_t intolerant;
68 PRErrorCode intoleranceReason;
69
70 void AssertInvariant() const {
71 MOZ_ASSERT(intolerant == 0 || tolerant < intolerant);
72 }
73 };
74 nsTHashMap<nsCStringHashKey, IntoleranceEntry> mTLSIntoleranceInfo;
75 // Sites that require insecure fallback to TLS 1.0, set by the pref
76 // security.tls.insecure_fallback_hosts, which is a comma-delimited
77 // list of domain names.
78 nsTHashtable<nsCStringHashKey> mInsecureFallbackSites;
79
80 public:
81 void rememberTolerantAtVersion(const nsACString& hostname, uint16_t port,
82 uint16_t tolerant);
83 bool fallbackLimitReached(const nsACString& hostname, uint16_t intolerant);
84 bool rememberIntolerantAtVersion(const nsACString& hostname, uint16_t port,
85 uint16_t intolerant, uint16_t minVersion,
86 PRErrorCode intoleranceReason);
87 void forgetIntolerance(const nsACString& hostname, uint16_t port);
88 void adjustForTLSIntolerance(const nsACString& hostname, uint16_t port,
89 /*in/out*/ SSLVersionRange& range);
90 PRErrorCode getIntoleranceReason(const nsACString& hostname, uint16_t port);
91
92 void clearStoredData();
93 void loadVersionFallbackLimit();
94 void setInsecureFallbackSites(const nsCString& str);
95 void initInsecureFallbackSites();
96 bool isPublic() const;
97 void removeInsecureFallbackSite(const nsACString& hostname, uint16_t port);
98 bool isInsecureFallbackSite(const nsACString& hostname);
99
100 uint16_t mVersionFallbackLimit;
101
102 private:
103 const PublicOrPrivate mPublicOrPrivate;
104
105 mozilla::Mutex mutex MOZ_UNANNOTATED;
106 uint32_t mTlsFlags;
107 };
108
109 namespace {
110 static mozilla::StaticRefPtr<nsSSLIOLayerHelpers> gPublicSSLIOLayerHelpers;
111 static mozilla::StaticRefPtr<nsSSLIOLayerHelpers> gPrivateSSLIOLayerHelpers;
112 } // namespace
113
114 already_AddRefed<nsSSLIOLayerHelpers> PublicSSLIOLayerHelpers();
115 already_AddRefed<nsSSLIOLayerHelpers> PrivateSSLIOLayerHelpers();
116
117 nsresult nsSSLIOLayerNewSocket(int32_t family, const char* host, int32_t port,
118 nsIProxyInfo* proxy,
119 const OriginAttributes& originAttributes,
120 PRFileDesc** fd,
121 nsITLSSocketControl** tlsSocketControl,
122 bool forSTARTTLS, uint32_t flags,
123 uint32_t tlsFlags);
124
125 nsresult nsSSLIOLayerAddToSocket(int32_t family, const char* host, int32_t port,
126 nsIProxyInfo* proxy,
127 const OriginAttributes& originAttributes,
128 PRFileDesc* fd,
129 nsITLSSocketControl** tlsSocketControl,
130 bool forSTARTTLS, uint32_t flags,
131 uint32_t tlsFlags);
132
133 SECStatus zlibCertificateDecode(const SECItem* input, unsigned char* output,
134 size_t outputLen, size_t* usedLen);
135
136 SECStatus brotliCertificateDecode(const SECItem* input, unsigned char* output,
137 size_t outputLen, size_t* usedLen);
138
139 SECStatus zstdCertificateDecode(const SECItem* input, unsigned char* output,
140 size_t outputLen, size_t* usedLen);
141
142 extern "C" {
143 using FindObjectsCallback = void (*)(uint8_t type, size_t id_len,
144 const uint8_t* id, size_t data_len,
145 const uint8_t* data, uint32_t slotType,
146 void* ctx);
147 void DoFindObjects(FindObjectsCallback cb, void* ctx);
148 using SignCallback = void (*)(size_t data_len, const uint8_t* data, void* ctx);
149 void DoSign(size_t cert_len, const uint8_t* cert, size_t data_len,
150 const uint8_t* data, size_t params_len, const uint8_t* params,
151 SignCallback cb, void* ctx);
152 }
153
154 #endif // nsNSSIOLayer_h